IDC 1401

I D C T E C H N O L O G Y S P O T L I G H T

The Benef i ts o f Uni f ied Endpoint Data Management in Embrac ing BYOD October 2012 Adapted from Worldwide Storage in the Cloud 2011–2015 Forecast: The Expanding Role of Public Cloud Storage Services by Laura DuBois, Richard Villars, and Brad Nisbet, IDC #232115

Sponsored by Druva

The "bring your own device" (BYOD) trend, which is part of the consumerization of IT phenomenon, is having a significant impact on enterprise organizations as end users access critical corporate data on their personal devices and increasingly use consumer-grade Web applications for work-related tasks. Critical data is being jeopardized because it is often not being backed up on endpoint devices such as laptops and smartphones. As these trends continue, regaining control of corporate assets, especially those that consist of proprietary data, is becoming a major concern for IT organizations. IT needs to ensure that all these endpoint devices are being regularly and consistently backed up by providing solutions that are easy to use and unobtrusive and, as such, do not compromise the end-user experience. Still emerging unified approaches to endpoint data management can address many of the challenges that IT departments now face with respect to controlling and securing consumer-driven applications and devices. File sharing and collaboration is another key area that can benefit from unified data management. This Technology Spotlight examines the role that Druva's core product offering, inSync, plays in this emerging market.

Introduction The BYOD trend, which is part of the consumerization of IT phenomenon, is having a significant impact on enterprise organizations as end users access critical corporate data on their personal devices and increasingly use consumer-grade Web applications for work-related tasks. Both trends create a range of challenges for IT departments, involving core issues such as data and device security, data and system-level protection and recovery, and centralized control and activation of corporate policies for how data on multiple devices is managed.

The BYOD phenomenon involves the proliferation of employee-owned endpoints such as laptops, smartphones, and tablets. However, another important aspect of the consumerization of IT relates to the increased use of cloud file sharing and sync services for collaborative purposes. As rich as these resources can be, in many cases, workers access these consumer-grade Web applications and services in a way that puts them outside the full control of centralized corporate IT administrators and policies.

These trends are generally making it difficult for IT to fulfill one of their most important responsibilities: keeping enterprise data secure. Given the profound impact these trends are having on IT resources in today's enterprises, a number of challenges have surfaced for IT managers. Critical corporate data residing on a wide variety of end-user devices must be securely protected in a simple-to-administer, nonintrusive manner. The recovery of systems and data must be as transparent as possible. In addition, any sensitive corporate data that resides on these endpoints must be protected against compromise or loss in the event that devices are misplaced or misused.

While collaborative sharing has great value, employees who need to share corporate files as a means of collaborating with both internal and external stakeholders must be given the tools to do so

©2012 IDC 2

in a secure manner. This needs to be done with security set by corporate IT while centralized policies for sharing permissions, access controls, and the like can be pushed out to corporate users. Further, these tools must be as easy to use as the consumer-grade solutions that are popular with end users. IT needs to have visibility into sensitive corporate data that resides on endpoints (such as the ability to conduct a federated search across all endpoints accessing corporate data) as well as visibility into sharing activities within the firm or with external collaborators.

Trends in Secure Endpoint Data Management It's no secret that enterprise employees are becoming increasingly mobile. An IDC study states that the world mobile worker population will reach 1.3 billion by 2015. The growth of smartphones and tablets has been phenomenal because these devices provide access to a stunning array of new applications. Mobile workers are increasingly dependent on their mobile devices to enhance productivity, improve efficiency, and engage in better collaboration. With smart devices, the consumer market, not the enterprise, is dictating the pace of new technology innovation. Employees now carry personal devices that are more sophisticated and user-friendly than those provided by their employers. Recognizing this reality, many IT departments are looking at ways to allow employees to have a greater say about the technologies they use in the workplace.

Smartphones and tablet computers used by employees generally fall into two categories:

Corporate liable: Devices are purchased, owned, and managed by the organization and distributed to a select group of employees.

Individual liable: Employees own the device and pay for their own data plans but use the device for business purposes and to connect to corporate applications.

A key trend in the enterprise is the rise of the individual-liable device. IDC predicts that individual-liable devices will grow to 60% of all mobile devices used in business by 2014. However, this scenario changes the way organizations need to think about security management and policy and how organizations should manage these devices when connected to the enterprise network.

As complex as this picture is becoming, the BYOD phenomenon offers significant benefits for businesses in terms of lowering cost, increasing agility, and driving employee productivity and flexibility. Tablet computing also is a part of this picture. Tablets are transforming enterprise mobility as a result of their strong user interfaces (UIs) and increased content capabilities. In fact, 52% of firms have already provisioned tablet PCs to some of their employees. As these trends continue, a three-device play is emerging involving laptops, smartphones, and tablets, all of which are likely to remain in the enterprise for the foreseeable future. As the use of mobile devices becomes pervasive in the enterprise, there will be an increased need to ensure the integrity and safety of company information by establishing workable policies and procedures.

Another key trend in the consumerization of IT relates to the expanded use of consumer-grade Web applications, procured by the business user individually but used for work-related functions. These applications typically include file sharing, sync, and collaboration capabilities. While this trend enhances collaborative capability, as is the case with BYOD, many enterprises are losing centralized control over corporate data in terms of visibility, security, and data protection.

Third-party consumer-grade solutions have created an untenable situation and multiple security holes for today's enterprises. Regaining control of corporate assets, especially those that consist of proprietary data, is quickly becoming a major concern for IT organizations. Enterprise IT managers have long been charged with protecting data from loss or theft, but using backup and data loss prevention (DLP) technologies as individual elements provides only a cross section of the protection capabilities needed. Further, many companies have not employed any DLP tools for endpoint devices.

©2012 IDC 3

In general, critical data is being jeopardized by the fact that it is often not being backed up on endpoint devices such as laptops and smartphones. Employees often keep important corporate data on these devices but rarely take the actions necessary to back it up. In addition, in many enterprises, there is no backup solution in place for laptop data. IT needs to ensure that all these endpoint devices are being regularly and consistently backed up by providing solutions that are easy to use and unobtrusive and, as such, do not compromise the end-user experience. As a result of these key trends, IT management is now faced with some major challenges and is struggling to control endpoint data from both technological and policy perspectives.

The Benefits of a Unified Approach to Endpoint Data Management Still emerging unified approaches to endpoint data management can address many of the challenges that IT departments now face with respect to controlling and securing consumer-driven applications and devices. In today's environment, to ensure security, DLP, mobile device management (MDM), and backup for mobile devices, enterprises are required to deploy as many as four or five different solutions.

A unified approach centralizes these functions for IT, which serves to reduce costs and training time required as well as increase control and compliance. In addition, end users benefit from increased productivity through the use of a single client (less time for learning, higher rates of adoption and usage). Solutions that offer common deduplication across backup and file sharing systems have the potential to deliver significant savings in storage and bandwidth.

IDC research indicates that the BYOD trend driven by the consumerization of IT will continue. IT departments need to recognize and accommodate this reality. They can do this by finding ways to accommodate end users' needs while providing optimized and secure data management. Unified endpoint data management can prevent data loss with respect to remote BYOD devices such as smartphones and tablets by providing both backup capabilities and remote file management for security purposes.

File sharing and collaboration is another key area that can benefit from unified data management. This capability endows users with the ability to create peer-to-peer file sharing, allowing locally stored files and folders to be easily yet securely shared. A file sharing system can also allow users to share files with external parties by granting them temporary access to files with links that automatically expire. Approaches that allow end users to easily file share and collaborate can achieve the win/win of both increasing productivity for end users and meeting IT's requirements for optimized data management. A single client experience across all endpoint data empowers end users. These capabilities, when applied to secure data management, can translate into hard cost savings in five areas:

End-user productivity benefits

IT productivity benefits

Prevention of data loss events

Savings in storage and bandwidth

Increased IT control and visibility

Considering Druva for Unified Endpoint Data Management Druva is a start-up company with offices in the United States, India, and the United Kingdom specializing in enterprise endpoint data management. The company currently has over 1,400 customers. The company's core product offering is inSync, an enterprise solution that offers a full suite of endpoint protection capabilities, including backup, secure file sharing and collaboration, DLP, and analytics.

©2012 IDC 4

Using this product, organizations can back up endpoints — including laptops, smartphones, and tablets — to a single server (on-premise or cloud), which can also be securely accessed from any mobile device or browser. inSync also provides integrated DLP with advanced data encryption for data residing on endpoints. Additional DLP security features include inSync geotracking and remote data delete. In addition, inSync offers secure file sharing across endpoints as well as rich analytics that provides IT with visibility and ediscovery enablement tools.

inSync offers flexible deployment options for small businesses and enterprises. Customers can choose between an on-premise deployment and a cloud deployment based on their business needs and preferences. inSync Cloud is offered as software as a service (SaaS) and is both SAS 70 and ISAE 3000 certified.

To simplify IT policy management, IT organizations can set up profiles for multiple users in defined groups. Administrators can then associate these profiles — including specific policies, permissions, and operational settings that apply across backup, DLP, and file sharing — with groups of users. End users can be enabled to modify settings and have control over some key features, such as when to initiate or pause backup.

inSync's global, client-side deduplication technology is application aware and saves only a single copy of files across backup and file sharing. By understanding the disk structure of commonly used file formats, inSync performs deduplication at the object level, ensuring complete duplicate reduction for Microsoft Outlook, Office documents, and PDFs. Server-side HyperCache technology reduces disk I/O significantly and allows inSync's deduplication to scale to thousands of users. SSD optimization further improves backup throughput. Common deduplication across backup and file sharing provides storage and bandwidth savings. inSync can back up a complete image of a system, and the capability to limit the backup to only essential system settings will soon be available.

inSync's WAN optimization engine queries the available network for noise and latency and then chooses the optimal packet size for data transfer and spawns multiple threads on the same network socket to best use available bandwidth. When a backup is interrupted, inSync ensures that the backup is automatically resumed when a network connection is available. Backup processes are nonintrusive to end users with carefully controlled and adjustable amounts of bandwidth and CPU resources. The administrator controls the amount of bandwidth used by specifying the bandwidth to be consumed by backups. The product is designed to work well in wide-area networks.

inSync has the capability to back up smartphones and tablets based on BYOD default policies that have been set by the IT department. A major recent enhancement is inSync Share, which integrates advanced file sharing and collaboration functionality with backup and DLP capabilities. This module gives enterprise administrators control of important endpoint data, without hindering the end user's ability to collaborate and share with colleagues, customers, and other authorized parties. inSync Share integrates with an end user's device of choice and works on multiple client device platforms, including Microsoft Windows, Mac, Linux, iOS (iPhones and iPads), and Android. IT gains visibility into sharing activities across the organization, which it does not have when consumer-based freeware is used.

Advanced file sharing capabilities can be centrally managed by IT administrators via a unified Web console that provides policies to preserve security. This ensures that proprietary data is not accidentally exposed to nonauthorized individuals. Policies can be created to address how users can share files. Advanced reporting offers support for file auditing as well as user activity reporting, a critical capability in compliance-oriented environments.

Security features include data security and access control. For cloud environments, they also include network security and third-party audits of policies and procedures. Encryption in transit and in store secures data end to end. If a mobile device is misplaced, IT administrators can track it with an accuracy of 10 meters and remotely wipe data from it. inSync comes with advanced data analytics

©2012 IDC 5

that gives IT a tool to analyze and identify usage trends, conduct federated searches across all endpoints in the enterprise, and set up real-time alerts to proactively counter potential issues. With this capability, users can:

Analyze composition of files across all endpoints to understand current and future trends

Filter, process, and search for files or folders across all endpoints

Generate advanced reports providing detailed information on users, devices, files, restore points, date modified, and size

Challenges

Druva's value proposition is multifunctional in nature and is enhanced through Druva's unification of capabilities that span discrete functions. Because the company is leading the charge to combine different IT functions that straddle the areas of data protection, security, storage, and collaboration, it needs to make sure that its capabilities are well understood by each IT department function and in the aggregate at the CIO level.

Conclusion The consumerization of IT creates a range of challenges for IT departments. This trend subsumes the BYOD phenomenon that involves a proliferation of employee-owned endpoints such as laptops, smartphones, and tablets that are used to access critical corporate data. It also brings into the enterprise increased use of consumer-grade file sharing applications that reside outside the full control of IT administrators. In addition, enterprises without endpoint backup solutions jeopardize critical data that resides on their endpoint devices.

There is a strong and growing need for solutions to address the previously mentioned challenges. These solutions should ideally both enhance employee productivity and deliver increased IT control, visibility, and compliance. inSync is designed to address these challenges by providing a nonintrusive, automated backup, easy file sharing and collaboration, anytime data access from any mobile device, one-click restores, and a single client experience across all of these functions. The objective is to deliver IT benefits by increased data security and control, IT visibility into sharing activities, prevention of critical data loss, and unified policy management across all applications.

Druva's ultimate goal is to create an environment where endpoint data is fully managed yet freely accessible. To the extent that Druva can address the challenges described in this document, IDC believes that the company is strongly positioned for success in the emerging endpoint data protection and collaboration market.

A B O U T T H I S P U B L I C A T I O N

This publication was produced by IDC Go-to-Market Services. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Go-to-Market Services makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee.

C O P Y R I G H T A N D R E S T R I C T I O N S

Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the GMS information line at 508-988-7610 or gms@idc.com. Translation and/or localization of this document requires an additional license from IDC.

For more information on IDC, visit www.idc.com. For more information on IDC GMS, visit www.idc.com/gms.

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com