Enterprise sync and share services
- 05 January, 2015 09:14
The advent of the cloud has created many new businesses opportunities as well as opportunities for business -- with connectivity to the internet, cloud allows a business to have its data accessible to employees and clients at all times, on any device, in any location.
Indeed, whether they like it or not, many employers will find cloud storage services are already being used by employees to share business data, and the in absence of a company mandated service or policy, are likely to use whatever products they use on a personal level. Which is inherently a security risk, as there's no guarantee of the security of the information being stored there, even if it's only temporary.
Which is one reason we've seen the rise of enterprise focused cloud storage and collaboration services. These promise not only increased security for your business data, but also provide tools to help employees work together with business data, both within the organisation and outside of it with clients. The juggling act is to use the cloud for increased productivity without sacrificing security by having your business assets 'out there' in the great depths of the often unsecured internet.
Many services will sell themselves not only on their collaborative and secure features, but also how they can modernise your current systems -- replacing, for example, local shared storage on the network or remote FTP servers. And these are valid points to consider: with the cost of maintaining and securing your data shifted to a cloud service, it's possible to save money doing this in-house, as long as you trust the service provider.
Another advantage is the ability to scale storage with demands. A locally hosted solution, aside from the need to be managed in terms of backup and reliability, will also ultimately have ceiling on available storage. Cloud solutions at the enterprise level will often (but not always) offer unlimited storage, and the responsibility for backup and security of that data is also moved to the provider. Again this can be a cost saving that can add up over time, but it also brings with it a new set of risks, from availability to security should the service be hacked -- and as we've seen time and again throughout the year with high-profile breaches, no service can is foolproof.
So be sure to investigate the advantages a cloud storage, sync and sharing can bring to your business before diving in. There is of course no free lunch, and security is always a trade off between accessibility, reliability, and cost.
To that end there are [i]lots[/i] of cloud storage services out there, so here's our take on some of the more popular and less well-known services that might pique your interest.
Box is one of the more well-known cloud storage services with a strong focus on the enterprise. The interface is clean and refined, as you might expect, but it's what's below the surface that make Box worth checking out.
For administrators there are extensive features to manage the permissions of files and folders, as well as track who accesses files and when. A central console provides for adding and deleting users, allocating storage, setting up single sign-on via Active Directory/LDAP, and an excellent at-a-glance view called the Content Manager of all company documents to see what is being shared and by whom.
Security comes in the form of encrypted transmissions and 256-bit AES for data at rest, with encryption keys stored at a separate location to the data. Password strength policies can also be enforced, as well optional two-factor authentication. For remote access, such as from mobile devices, session length can also be set as policy as can remote logout and pass-code locks, helping to ensure lost/stolen devices don't give access to Box files through employee accounts.
Detailed reporting and auditing allows monitoring employee use of Box, tracking user activity, and stats for accesses to shared files and folders. Alerts can also be set, for example to flag possible suspicious activity like mass-downloading of documents.
On the user side there are a range of collaborative features, too. Files can be automatically flagged for review when uploaded, and then automatically moved to another folder when approved, to help streamline office processes. Alternatively, folders can be set to upload only so documents can be written to Box without read-access to the folder (useful, perhaps, for accounts).
Multiple access to the same file is handled, and backed up with version control, so a document can be rolled back to an earlier version if necessary. Users can also set scheduled file deletion and expiry times for shared links, helping to ensure shared documents are temporary.
Box naturally works directly through a browser as well as having clients for iOS, Android, Windows Phone and Blackberry. Box Sync provides for integrating Box directly on the desktop, making moving files to and from Box a drag-and-drop affair. From here files can be shared privately within a group in a shared folder, or outside the group with links. Direct access is also added through integration with Outlook, Office and Google Docs to share files easily within these applications.
Finally, Box integrates with popular MDM services like MobileIron and Good Technology giving administrators the ability to enforce secure policy with the Box app on mobile devices, along with remote logout and off-line access controls. Other features include an extensible API to write apps to interface with Box, and Box View to convert Office and PDF documents to display cleanly on web and mobile apps, and without the need to download the file.
In addition to the Personal service, Box provides number of tiers. The Starter package supports collaboration for up to 10 users with 100GB of storage for $6 per user a month. The Business package ups this to unlimited storage and no user cap as well as basic mobile security controls for $17 per user a month, while the Enterprise level expands this to include auditing, fine-grained security controls, custom branding, and the all-encompassing Content Manager console.
Accellion's popular kiteworks suite has a strong focus on employee collaboration, using what it calls a real-time activity-based work flow as the main interface. Here, employees can assign and accept tasks, view and track comments and notifications, and monitor file and folder activity, all of which can be related to uploaded files synced among individuals and groups.
A file view shows at-a-glance the resources a user has shared, as well as who is working on what file and what the changes have been. Like some of the other products we've looked at here, multiple data sources can also be aggregated and shared under a single folder. Typically this will consist of Windows-based file shares but can also include content stored in SharePoint and content management platforms such as OpenText and Documentum.
Like ownCloud or Citrix FileShare, third-party cloud sync and storage platforms including Dropbox, Google Drive or Box can also be integrated. Content flowing to and from the sources is naturally encrypted, with backup file versioning, and all with full tracking available to administrators to help monitor activity and ensure adherence to security policy.
Employees can invite other employees or external clients to access their shared data and grant them levels of control as a Manager, Collaborator, Viewer or Downloader. This makes it easy to setup levels of responsibility within groups, as well as provide limited but secure access to external parties as required.
Kiteworks aims for a seamless experience between desktop and mobile and to that end a consistent user interface is maintained weather using a mobile app or the browser interface. Files can be directly edited from storage sources within Kiteworks as long as they are Office based, an in-app messaging tool allows communication with other employees, and a 'Move Tray' provides for easily organising files between sources and for sharing multiple files with clients through email or secure links. This is something we haven't seen in other products and is a nice touch to help employees manage the files they're currently working on without the need to keep track of what files reside where.
In addition to web access kiteworks provides native clients for Windows and MacOS X, iOS and Android apps, and optional apps for popular content management suites. A developer-friendly API is also provided to help develop custom apps to interface with kiteworks, and even includes a forward-thinking SDK for Google Glass.
Pricing starts at $75 a month for teams up to 15 users, or $15 per user per month for companies up to 500 users, along with 1TB storage in the cloud. For larger companies and enterprise, pricing scales along with unlimited users and storage and more advanced features. These include the SharePoint integration, two-factor authentication, third-party cloud-storage provider plugins, and Active Directory/LDAP support. Additionally, beyond its own cloud services, for enterprise Accellion can deploy Kiteworks in a locally hosted or private cloud configuration for increased control and security.
Citrix's hat in the arena is Sharefile, and offers all the expected bells and whistles when it comes to file sync and collaborative sharing. This includes making it easy for employees to share data with direct integration to the Windows desktop and Microsoft Outlook support, and being able to directly edit Office documents on mobile devices.
To bring flexibility in where data is kept, Sharefile sports what it calls StorageZones which allow IT to use local CIFS-based (Windows networking) shares, off-site cloud services such as Amazons S3 and including those managed by Citrix, or a mixture of the two. Authentication still happens with Citrix's servers during logins, which is different to Spideroak or ownCloud where this can be managed locally.
The exception is if using the new Restricted StorageZone feature of the latest version, where as long as a locally managed StorageZone is being used administrators can optionally keep encryption keys within the enterprise.
One useful feature -- especially given the propensity for employees to use cloud storage services they're familiar with as we covered in the introduction -- are Connectors. These allow users to access data on their personal cloud services like Dropbox or Google Drive through Sharefile itself, while giving administrators control over which services are used and to what extent. This way IT can ensure compliance to have company-related data to moved from personal cloud service accounts to Sharefile if necessary, or define permissible cloud storage services that for example a client may use.
As you'd expect with Citrix there are extensive reporting features including the ability to track user activity, remotely lock or wipe data on mobile devices should they go missing, and set expiration dates on shared files. All transfers are encrypted with 256-bit TLS or SSL as is, of course, data at rest with AES 256-bit. Daily backups and in-built anti-virus are also included as part of the service, as is customised company branding if desired.
Platform wise, beyond Windows desktop integration, Sharefile can be accessed anywhere with a browser, though iOS and Android native apps are also available. Users can sync files across all their devices, share files or folders individually or among teams, and set permissions all while on the go. If you're already running with a Citrix Xen virtualisation solution, Sharefile is also designed to integrate with the virtualised desktops with Xendesktop, remote application delivery with Xenapp, and MDM management using Xenmobile.
In terms of cost Citrix differs in that bandwidth counts towards storage limits, though this assumes use of Citrix's StorageZones. Small businesses can go with the Professional or Corporate packages which start at a minimum 10 and 20 users respectively at up to US$100 a month for 20GB. For larger companies and the Enterprise feature set pricing depends on scale, as well as if Citrix-managed or locally managed StorageZones are used, and if annual or perpetual license models are selected.
Spideroak much like other cloud storage services started as a personal service and grew into an enterprise offering. One of its key selling points is that, unlike some of the other services available, encryption keys are not stored with the service. Spideroak calls this its 'Zero Knowledge' policy and it effectively means that only you have the keys to the kingdom. If your keys are lost, you lose your data, as not even Spideroak can recover it.
This has obvious advantages in the sense that, while it's tempting to entrust your business data to a cloud, ultimately you rely on the service provider to ensure your data is safe -- be it from from hackers, cloud service employees abusing their privileges, or more obtuse threats like the government of the country where the servers reside demanding access.
On the collaborative side, beyond allowing users to sync and share files across devices, Spideroak has 'Sharerooms'. This allows users or administrators to create shared folders that draw on multiple locations across different devices or storage mediums, and making this singular share available to others -- be it internal Spideroak users or external clients -- via a web interface with a login for the Shareroom. This makes it easy to set up, for example, Sharerooms for different departments such as marketing or sales, in addition to employees having their own private shares. As keys are never stored with Spideroak, and while editing files on shared resources is easy to do, keep in mind the Spideroak client will first download and then decrypt the file for editing, which may make working on very large files while on the road problematic (decent internet access not with standing). As always, security is a dance of trade-offs.
A dedicated administration console provides an overview of all shared data in the organisation, as well as enabling tasks such as adding or removing users and groups, manage group shares, view reports, and monitor user activity. File versioning is supported, and taking advantage of its roots as a cloud storage backup service endpoint devices and even key directories on local machines (including the desktop) can be backed up to the cloud.
Sitting somewhere between ownCloud and typical cloud sync and share services, Spideroak can be used traditionally as a cloud service at the enterprise level, or optionally installed within your network, giving you full control over not only access and permissions for data, but how and where the data itself is stored.
Windows, MacOS X, and Linux are directly supported through desktop applications as well as apps for iOS and Android.
Plans for Business begin with a minimum of 10 users, and Enterprise a minimum of 100 users. Regardless the cost is $5 per user per month with unlimited storage, endpoint devices, and versioned files. Aside from the minimum user requirement, the Enterprise version differs from Business in its support for Active Directory and LDAP.
What would a round-up be without an open-source solution? ownCloud is unique among the products we look at here in that you don't rely on or trust a third-party to manage your data in the cloud: instead, ownCloud lets you make your own. In other words, ownCloud lets you become your own cloud service provider for your business, with full control over where and how the data is stored.
And when it comes to storage, you're not limited by just what's on your network. ownCloud can amalgamate multiple storage sources into one shared cloud that appears as a single service to users. Sources are divided into primary and secondary sources, and can consist of everything from local network drives, SAN, NAS, virtual or direct-attached storage to FTP servers, SharePoint, managed services like Amazon S3, and even other cloud storage services like Dropbox. Windows home directories can also be directly integrated, utilising attributes from Active Directory/LDAP.
One excellent feature this allows is to allocate, for example, sensitive business data locally where you have full control of the servers, while using secondary sources like cloud storage for less critical data, and managed through a single interface.
The structure can also be extended to include multiple ownCloud instances, for example having offices in two different countries using their own locally managed ownCloud, while still allowing the two clouds to share data together, and by extension with employees at each location.
Collaboratively folders can be shared among groups, password protected files and expiration times can be set, and an application plugin allows shared editing of files, though it's limited to those based on the Open Document Format. Social collaboration software Jive is also directly supported, extending its teamwork tools with ownCloud's share and sync abilities.
Other features including custom company-branding, reporting and auditing including activity logs and file tracking, Active Directory and LDAP support, and an API to make it easier to write apps. Indeed, there is an ownCloud app store equivalent with hundreds of ready-made plugins to extend its functionality.
Like other services we look at here, ownCloud has apps for iOS and Android, as well as desktop clients for Windows, MacOS X, and Linux allowing files to be shared and accessed across a variety of platforms. Given its more malleable open source nature, you're free to build your own extensions or customisations. Typically, the standard GPL license with open source software requires that you also make your changes open source (you are, after all, building on the work of others for free) however the
Enterprise edition uses its own license from ownCloud that doesn't require this stipulation. In terms of pricing the Community edition is free but lacks many of the features of the Enterprise version, including SQL server support, Jive integration, logging and reporting, and more flexible storage sources like support for Amazon S3. And, of course, installation and on-going 24/7 support. The Enterprise edition is sold as an annual subscription for a minimum of 50 users.