ORLANDO – IT shops that are especially security-conscious can breathe a little easier now that Citrix ShareFile allows for third-party DLP integration within ShareFile data zones.
Citrix introduced new security and user-facing features for its enterprise file sync and share (EFSS) product here at its annual Synergy conference.
EFSS is all about a balance between ease of use for end users and the level of security measures that IT needs, said Rohan Vora, product manager for ShareFile Enterprise, in a session here.
"It creates a tug of war between IT and end users," he said.
In December, Citrix released Restricted StorageZones, which provide a highly secure data zone for specific employees behind a firewall – where Citrix has no visibility into file metadata and does not own the encryption key.
However, a Restricted StorageZone means that not only is the information hidden from Citrix, but also from any third party outside of the permitted in-house employees. That’s a problem for organizations that want to be able to share secure information in StorageZones with partners or contractors.
"We hear from the security officers that we work with that we needed to limit the rules of sharing based on the content in the files," said Jay Tomlin, principal product manager for ShareFile Enterprise. "That's a roadmap item for us – to allow for Restricted StorageZones but also allow third-party partners not in your Active Directory to have that encryption key."
Another issue with StorageZones was IT shops with a different on-premises security provider had to manage two sets of data loss prevention (DLP) policies for ShareFile data.
How DLP integration works
Now, Citrix has partnered with Symantec and other security vendors to add vendor-agnostic DLP technology to ShareFile. DLP is key to protect sensitive corporate data.
"Without integration with DLP, ShareFile is of no use to companies in the finance or healthcare industries," said Rajesh Bhatia, an IT architect for an insurance company, who plans to upgrade ShareFile for the new DLP integration.
With the new integration, DLP partners that support the ICAP protocol can use ShareFile APIs to build their own DLP feature offering to integrate with Citrix. The DLP suite will run a scan on documents stored in an organization's on-premises StorageZone. Based on the results of the scan, IT can then classify files according to what's in them and apply different rules and sharing limitations for users who access them.
Hector Cortez, an architect at global logistics company Neovia, said his organization adopted ShareFile to ease user access from disparate locations while maintaining security – an especially difficult task since they handle 2,856 users across 5 continents, using 5.5 TB of data.
"Our vision was to streamline storage on endpoint devices," he said. "We rely on accessing our files without the dependency of a local location."
Neovia will take advantage of the DLP integration because many of its clients' data in the cloud is very sensitive, especially the financial companies, Cortez said.
"They have different auditing requirements, and the DLP will satisfy a lot of those," he said.
The automated DLP scanning process is a nice feature for IT shops that want to quickly determine which data can or should be shared.
"It does all the DLP checks itself," Bhatia said. "We don't have to change any processes."
Citrix also added a few new features for end users. ShareFile can now move seamlessly between four screens, so users can create a document on their PC, share it on a phone, add notes on another device and present the document on a tablet or even a wearable. In June, ShareFile will integrate with Office Online, which allows you to edit an Office document from any Web browser without exiting ShareFile – whereas previously users could only preview documents on the Web.
"That’s a big win," Cortez said.
The company introduced ShareFile Platinum Edition available next month which removes any storage limitations for shared and edited content.
Alyssa Wood is managing editor for TechTarget’s End-User Computing Media Group. Email her at firstname.lastname@example.org.