For enterprise file sync-and-share, security is king

IT should rest easy about where their data lives in the consumerization age, but there's no one-size-fits-all approach to reaching that peace of mind.

The thought of data ending up in the wrong hands can keep IT admins awake at night.

When it comes to enterprise file sync-and-share options, IT can take many different approaches to secure access on all devices.

Security should be top of mind when considering an enterprise file sync-and-share platform, said James Gordon, first VP of IT and operations at Needham Bank in its namesake city in Massachusetts.

"[Security] is the end-all, be-all," he said. "When the IT admin doesn't have the apps that people perceive they need to do their job efficiently on their device, you've created this yin-yang symbol of give and take, or fighting back."

Vendors small and large offer products for data collaboration, sharing and storage both through cloud and on-premises installations. Enterprises can also secure third-party apps through an enterprise mobility management (EMM) platform. Here's how three companies take each of these individual approaches.

On-premises and encryption security

U.S. companies now have a secure enterprise file sync-and-share option previously only available across the Atlantic.

Two years ago, Berger Group, a financial advisory organization with companies based in Italy and Switzerland, began to look for a secure way to store, transfer and edit confidential documents between its two companies and third parties like clients and legal counsel.

Berger Group researched data loss prevention vendors but found implementation and maintenance would require additional staff and changes to its infrastructure it couldn't afford, said Claudio Ciapetti, Berger Group's controller and IT operations manager.

[Security] is the end-all, be-all.
James Gordonfirst vice president of IT, Needham Bank

Eventually the company found Boole Server, an enterprise file sync-and-share vendor based in Milan, Italy, with an on-premises product that provides encryption for data in transit, at rest, within applications and even when in use. In addition to 256-bit Advanced Encryption Standard, Boole Server uses a proprietary algorithm that applies a 2048-bit random encryption key to each file.

Enterprises hold the encryption keys for Boole Server, unlike some cloud-based enterprise file sync-and-share competitors such as Dropbox and Amazon Zocalo.

With Boole Server, Berger Group maintains ownership of its files even when accessed outside the company and sets restrictions on actions like copying, pasting and printing.

"We set it up to make sure a third party can connect with our server to look at documentation and make amendments, but still leave the document in our server," Ciapetti said.

Boole Server recently launched its product offerings in the U.S. after previously only being available in Europe. Boole Server is available in three versions: Small to Medium Business (SMB), Corporate and Enterprise. Storage space is capped at 1 TB for SMB and unlimited for Corporate and Enterprise. Enterprise customers receive an unlimited number of guest and user profiles per license while Corporate is capped at 1,000 and SMB at 150. Boole Server is available as a onetime purchase starting at $10,000 for SMB and Corporate and $25,000 for Enterprise, which includes two server licenses.

Securing highly regulated industries

Security is even more important in highly regulated industries, and one enterprise file sync-and-share company builds its products specifically for those industries.

Comfort Care Services Ltd., based in Slough, England, provides support for adults with mental health and learning disabilities to help them integrate back into communities after leaving hospital care. As recently as three years ago there were 15 corporate-issued laptops in the whole company and most other business was conducted on paper, said Gee Bafhtiar, director of IT operations at Comfort Care Services.

"It's cumbersome and takes an amazing amount of time to get data from one place to another," Bafhtiar said.

Comfort Care Services began its technological turnaround by implementing desktop virtualization from Terminal Service Plus, but still needed a quicker and more secure option for document editing, sharing and collaborating with external users.

When a patient sought to join Comfort Care Services, it previously took upward of a month to complete paperwork that involved sending medical records and support plans back and forth between the patient, Comfort Care Services and government commissioning bodies. While the company continues to use Terminal Service Plus, only internal users access the system.

The company considered Box and Citrix for enterprise file sync-and-share but found neither offered the granular control for auditing capabilities Comfort Care Services required, Bafhtiar said. Enter Workshare, which focuses on secure collaboration products and applications for highly regulated industries such as legal, government, finance and healthcare. The London-based company also allows customers to hold encryption keys.

Comfort Care Services uses Workshare Connect, a cloud application providing collaboration and file sharing among employees and outside parties with permitted access. It found Workshare Connect afforded more of the granular controls around access to specific internal and external users and tracking changes to documents it could not find with other platforms, Bafhtiar said.

At first, Comfort Care Services couldn't conduct remote wipes of files in Workshare if a device was lost or stolen or if an employee left the company. Workshare later added that capability.

"There's always a compromise that needs to be made but we found that we had to do a lot less compromising with Workshare," Bafhtiar said.

Through Workshare, Comfort Care Services can release an individual document to anybody it chooses by inviting them in and giving them access to that document for a limited amount of time. The company can see what changes are made and who made them for security and auditability.

Comfort Care Services has simplified documentation processing and cut the approval time for new patients in half. Employees can use Web and mobile versions of the Workshare app on laptops and mobile devices to securely edit and share documents.

Workshare is available in four formats that range from $30 to $175 per user per year. The formats include Protect for metadata removal and policies, Compare for document version management, Connect for secure file collaboration and Workshare Pro 8, which combines the other three formats into one platform.

EMM platforms secure cloud apps, repositories

Yet another option for IT is using file sync-and-share options directly from EMM platforms. Some of these include Citrix's ShareFile, AirWatch by VMware's Secure Content Locker, Good Technology's Secure Mobility Solution and MobileIron's Docs@Work.

MobileIron recently updated Docs@Work to allow companies to connect with cloud services including Box, Dropbox, Microsoft Office 365 and SharePoint Online. Users can search, download and save documents across all of those different services directly within the Docs@Work browser. From there, documents can be edited both locally on the device and remotely through the browser.

Secure Content Locker and ShareFile, by comparison, allow companies to integrate with content repositories for file access. ShareFile uses Personal Cloud Connectors to access Box, Dropbox, Google Drive and OneDrive accounts and allows users to edit files stored in content repositories like SharePoint and EMC Documentum.

MobileIron wants to ensure a consistent user experience across platforms with the update, said Needham Bank's Gordon, whose bank uses Docs@Work along with the rest of MobileIron's EMM platform.

Docs@Work helps Needham Bank employees securely access files within SharePoint on their iOS, Android and Windows Phone devices. It allows Gordon's IT department to keep track of which users access files and logs the access time.

"You're authenticating not only the user but the device, because the users are already enrolled with MobileIron certificates," Gordon said.

The connection of Docs@Work with these cloud applications is the first part of an overall security content and collaboration platform that MobileIron currently has in development and would like to roll out to customers within the next year. This includes file-level encryption for files located in those cloud platforms, the company said.

Docs@Work is not available as a standalone product and can only be purchased as part of the Gold and Platinum bundles of MobileIron's EMM platform. AirWatch Secure Content Locker and ShareFile, by comparison, are available standalone. There is no additional cost for existing MobileIron customers, and list pricing for the bundles starts at $4 per device per month.

Dig Deeper on Enterprise mobile security



Find more PRO+ content and other member only offers, here.

Related Discussions

Jake O'Donnell asks:

What's the best method for your organization for enterprise file sync-and-share?

0  Responses So Far

Join the Discussion



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: