Perception vs. Reality
While reviewing the Egnyte product roadmap with our team last week, we spent significant time discussing security-related enhancements. We add a number of security enhancements to almost every product release and I was curious to find out which of our existing security features our customers actually use.Egnyte provides an Advanced Authentication option that enables organizations to set password policies such as password rotation, allow "n" number of login attempts before locking an account, two-step login, etc. Interestingly, account administrators ask for some of these features, such as two-step authentication, but appear to rarely enforce usage. In fact, just 1 in 20 people who deploy Advanced Authentication actually deploy two-step login verification! As we dug deep into usage analysis, what became obvious is that customers ask for an increasingly advanced set of security features and controls but rarely deploy most of them.I think the reason is simple – end users want fast and easy access to their files and any control that forces them to make a few extra clicks (such as two-step verification) gets in the way. It boils down to simplicity vs. complexity - the latter comes naturally with more controls. Striking a balance between the two is the challenge.Interestingly, one of the often-used capabilities in Egnyte is the ability to run a real-time audit of all login and file access information. Rather than impose upfront controls, which can create friction with users around ease of use, IT administrators take comfort in knowing they have a constant view of what each user is doing – when they login, how many failed attempts, which file they touched and from what access method (mobile, vs. desktop sync, etc.), how many public links have been created by an individual user (if they are allowed to do so) and so on.As Egnyte moves into working in more regulated industries such as Pharmaceuticals, Oil & Gas and Financial Services, the need for us to add advanced security features continually expands. When I was in New York recently, I met with representatives of one of the world’s largest financial services firm and they asked if we support biometrics for login verification across all access methods, including mobile. This engagement could result in a deployment of up to 350,000 seats and without this capability they could be hesitant to deploy Egnyte. And while this is understandable, the firm is still running on SharePoint 2007 and I wonder how well their existing solution is capable of satisfying this request.Last week we announced some really cool stuff related to mobile device (including your laptop) controls, which go far beyond remote wipe. I’ll be curious to see how many businesses leverage these new capabilities. Read more about the new features here.