Osterman Research

The Bring Your Own Device (BYOD) trend is consuming lots of digital ink on blogs, IT managers are wrestling with the problems created by it, and a growing number of vendors are addressing the issue with innovative new solutions. But when we talk about the “Device” in BYOD, what do we really mean? I contend that BYOD should really be BYODA:  Bring Your Own Devices and Applications (remember, you saw it here first!).

The problems with BYOD in a device-only context are several:

• IT must spend more of its already scarce time to manage employee-owned devices like iPhones, iPads, Android smartphones, Android tablets, etc., in addition to the devices they supply to employees. This consumes an increasing amount of staff time in IT departments that are already resource- and budget constrained.
• More strategically, employee-owned devices that access corporate applications, download email, store attachments and the like are mini-repositories of sensitive and confidential information that can create a variety of compliance problems. For example, a lost device that cannot be remotely wiped (not all companies have yet implemented this capability) can create enormous data breach notification problems, not to mention the potential exposure of intellectual property.
• Even for devices that are not lost, imagine going through an e-discovery, regulatory audit or similar exercise in which you have to identify, search and extract data from potentially thousands of devices that are spread around the globe.
• When employees leave your company, you have to ensure that a) sensitive or confidential corporate data has been returned to the company along with the device itself and b) that copies are not stored in repositories outside of IT’s control.

How are these problems any different for an organization when users download Dropbox, share company files via Hotmail to get around file-size limits in the corporate email system, or post information to Twitter or Facebook? Fundamentally, the problems are the same for devices as they are for applications: IT must spend time managing/blocking/creating policies about these applications if they want to exercise any sort of control over the content stored or sent using them, they face compliance issues when data is stored in personal cloud repositories, they face the same kinds of search and extraction problems when going through e-discovery or regulatory audits, and they have no assurance that corporate content is not still somewhere in the cloud after an employee leaves.

In short, the BYOD problem is not really a device-focused issue, it’s part of a larger governance issue that encompasses both devices and potentially thousands of different (mostly cloud) applications.

I had dinner last night with people from Symform (about whom I blogged late last year) and some of their prospects. Symform is a Seattle-based company that has applied what is, in essence, the Skype model to data storage in an attempt to dramatically drive down the cost of cloud-based storage. Rather than build out a traditional data center, Symform customers provide all of their storage themselves on a quid pro quo basis. Here’s how the system works:

• Content is uploaded to the cloud from your environment and segmented into 64-megabyte chunks that are protected using 256-bit AES encryption.
• Each of these 64-megabyte chunks is then divided into one-megabyte segments.
• For each group of 64 one-megabyte segments, 32 one-megabyte parity fragments are added using a RAID 96 algorithm.
• These 96 one-megabyte fragments are then distributed randomly across the base of Symform customers worldwide (although most are currently in Europe and North America, with a handful throughout the rest of the world).

When a Symform user downloads content from the cloud, it is gathered from these disparate sources and assembled into the content that has been requested. The 32 parity segments for each block of 64 one-megabyte segments add 50% to the overall storage load, but makes the system highly redundant when local storage is corrupted, customers’ storage systems are turned off or otherwise unavailable, etc. Any 64 of the 96 blocks of data are all that is needed to restore each segment of data.

One of the key advantages of the Symform approach is its extremely low cost: the first 200 gigabytes of storage is offered at no charge, while unlimited storage costs $3.50 per user per month. The only “string attached” is that customers provide as much storage locally as they receive, since their local storage is essentially part of someone else’s cloud. However, Symform also offers an option for those who do not want to contribute local storage.

In addition to offering cloud-based storage at low cost, Symform has also developed interesting solutions to some of the problems associated with cloud storage. For example, their “Turbo Seeding” technology allows IT solution providers to upload customer data to the cloud more securely than when drives filled with customer data are shipped to the cloud provider for the initial data upload. Their “Hot Standby” copies data to the cloud and to another local or remote device for instant access in the event the primary data storage is destroyed or otherwise taken off-line, thereby speeding data restoration.

Another advantage of the Symform approach is its extremely high level of security. Because the data uploaded to the distributed cloud of storage providers is essentially shredded into bits of data, they are useless to anyone who might intercept and decrypt them. Practically speaking, this renders various national requirements to store data only in certain geographies moot—whether all regulators around the world will be enlightened enough to accept this might be another matter.

Symform’s approach is clearly innovative and provides a unique and distributed cloud experience as opposed to one based on remote data centers. They are definitely worth a look.