boscorelli - Fotolia
For companies considering enterprise cloud storage services, it's important to examine the market's biggest players and find out what each one has to offer. It's equally important to consider which services employees already use and like.
Consumer cloud storage and file-sharing services are more prevalent today than ever. Four of the most popular services are Dropbox, Google Drive, Box and Microsoft OneDrive, and those vendors also offer versions that boast enterprise-level security and administration in an effort to appease IT concerns.
It's up to IT decision makers to determine which of these services, if any, their company should adopt. Take a look at what each of these consumer cloud services has to offer and find out the specifics of their enterprise packages.
Boasting more than 300 million users worldwide, Dropbox has long stood at the head of the consumer cloud storage line, providing a service that's simple to use and available across a wide range of devices.
In addition to implementing two-step verification for all levels of service, Dropbox uses 256-bit AES encryption to store data at rest and 128-bit AES encryption or higher to protect data in transit. The service also uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to pass data between the client and the Dropbox processing servers, as well as between the processing servers and storage servers. Dropbox manages the generation, exchange and storage of all encryption keys.
Rather than maintaining its own infrastructure, Dropbox uses managed service providers to take care of physical, operational and environmental security controls. Even so, Dropbox stores customer files in encrypted blocks, and the file metadata is housed separately from the files. The Dropbox storage and service infrastructure also undergoes regular SSAE 16 SOC audits, which generate SOC 2 Type II reports that Dropbox reviews at least once a year. These reports are available upon request.
Dropbox for Business further augments security by providing remote-wipe capabilities should a device be lost or stolen, or if an employee leaves the company. The service lets users access their work and personal accounts on the same device, but keeps the two separate. In addition, administrators can reset passwords, control sharing, transfer accounts, add and remove users, and track logins, devices and locations.
Dropbox for Business also lets administrators view and revoke third-party app access to user accounts, unlink devices, enforce two-factor authentication and password strength, and enable or block users from accessing the work or personal account's features. Plus, administrators can generate user-activity reports and access Dropbox support via phone or email. Dropbox for Business has single sign-on (SSO) and Active Directory integration, as well as a set of APIs for application developers.
|Editions||Dropbox; Dropbox Pro; Dropbox for Business|
|Pricing||free (basic); $99/year (Pro); $15/user/month, 5-user minimum (Business)|
|Storage||2 GB (basic); 1 TB (Pro); unlimited (Business)|
|File size||no limit when uploaded via desktop or mobile apps; 10 GB limit via browser|
|Versioning||30-day history (basic and Pro); $3.99/month extended history (Pro); unlimited history (Business)|
|Platforms||Windows, Mac OS X, Linux, iOS, Android, BlackBerry, Kindle Fire|
Not only has Google implemented two-factor authentication in Drive, but the service also uses the SSL and TLS protocols to encrypt all uploaded files and for data transferred between data centers. In addition, Google encrypts data at rest, although -- like Dropbox -- the company maintains control over the encryption keys.
One advantage that Google has over providers such as Dropbox is that the company manages its own distributed data centers. Only authorized Google employees have access to the data centers, which comply with the SAS 70, SSAE 16 and ISAE 3402 Type II standards. Google has an acceptable level of logical and physical security, as well as controls for maintaining privacy and meeting minimum management and availability requirements. Google also adheres to FISMA and HIPAA standards, plus Safe Harbor privacy principles.
Google Drive for Work provides the tools companies need to manage users, set sharing permissions, audit usage and generate reports. Administrators can track user activities such as moving, deleting or sharing files within or outside of the organization. In addition, Google plans to make an auditing API available to developers soon.
Google Drive for Work comes with 24/7 support by phone, chat or email, and it includes Google Vault, a service that lets administrators search across all of their Drive content and export data for e-discovery and compliance. Administrators can use Google's mobile device management features to secure devices and control behavior, such as which employees can install the desktop sync client.
|Editions||Google Drive; Google Drive for Work|
|Pricing||Free-$299/month (basic); $10/user/month (Work)|
|Storage||15 GB-30 TB (basic); unlimited (Work)|
|File size||5 TB|
|Platforms||Windows, Mac OS X, iOS, Android|
Box has 25 million users, so it isn't as popular as the other services, but it is the only one of the top four that was built from the ground up with the enterprise in mind. In addition to supporting two-factor authentication, Box uses multi-layered 256-bit AES encryption to protect data at rest and in motion, employing the SSL and TLS protocols to protect transmitted information.
Although Box controls encryption keys, they are stored in different locations and rotated routinely. In addition, Box is currently working on a process that allows customers to maintain their own keys, a feature that could prove to be an important consideration for many enterprise customers.
Like Dropbox, Box uses managed service providers to maintain its infrastructure. But Box's servers are monitored by closed-circuit video and require biometric authentication for entry. The data centers also comply with the same various standards as the other services, such as SSAE 16 Type II (SOC 1 and SOC 2), EU Model Clauses, HIPAA, HITECH, ISO 27001 and Safe Harbor privacy principles.
Because of Box's early foray into the enterprise cloud storage market, administrators have long had a comprehensive set of tools for controlling Box implementations within their organizations. They can configure settings such as password strength and resets, number of allowed failed login attempts, session duration and two-factor authentication. In addition, Box supports a more granular authentication model than many services: It provides seven permission levels that govern how users can access, preview, edit and share files.
Box administrators can also take advantage of the comprehensive reporting, logging and auditing capabilities built into the service to flag risky behavior and track user activity, and to send alerts of file access and setting changes. Not surprisingly, available features are determined by subscription level, with the Enterprise edition offering the most services. But both the Business and Enterprise editions provide SSO and Active Directory integration as well as integration with mobile device management products such as MobileIron and Good Technology.
|Editions||Personal; Starter; Business; Enterprise|
|Pricing||Free-$10/month (Personal); $5/user/month (Starter); $15/user/month (Business); $35/user/month (Enterprise)|
|Storage||10-100 GB (Personal); 100 GB (Starter); unlimited (Business and Enterprise)|
|File size||250 MB–5 GB (Personal); 2 GB (Starter); 5 GB (Business and Enterprise)|
|Versioning||none (Personal); last 25 versions (Starter); last 50 versions (Business); last 100 versions (Enterprise)|
|Platforms||Windows, Mac OS X, iOS, Android, BlackBerry, Windows Phone|
Companies committed to the Microsoft ecosystem might seriously consider OneDrive for its seamless integration with the ubiquitous Office products and services. OneDrive is also being built into Office 2015 and Windows 9.
OneDrive has two-factor authentication. With SSL and TLS, it encrypts data at rest and in transit between the client app and Microsoft's servers. OneDrive uses perfect forward secrecy when sending and receiving data, which means a different, random encryption key is generated for each connection. Unfortunately, Microsoft maintains control over all encryption keys.
Microsoft follows a service-level security model with safeguards at the physical, logical and data layers. The company maintains its own geographically dispersed data centers, and the internal data center network is segregated from the external network. In addition, Microsoft maintains role separation so personnel with physical access to the data cannot read it, and the data is normally hosted in the regions where the customers reside. For example, the primary data centers for North American customers are in the U.S.
Microsoft data centers adhere to the same standards as Dropbox and Google Drive, such as ISO 27001, EU Model Clauses, SSAE 16, FISMA, HIPAA and more. Microsoft also claims that customers own and control all their own data and that privacy controls are enabled by default so that users retain the rights to that data. That said, it's always a good idea to check the fine print.
Microsoft's enterprise cloud storage service, OneDrive for Business, supports file sharing inside and outside an organization, and it enables real-time collaboration on OneDrive documents. OneDrive for Business supports SSO and Active Directory integration and provides granular control over operations such as external sharing, offline sync and file access. Administrators can also generate built-in reports or create custom reports.
|Editions||OneDrive; OneDrive for Business|
|Pricing||Free-$100/year (basic); $2.50/user/month, plus 20¢/GB over base storage (Business)|
|Storage||7-200 GB (basic); 25 GB (soon 1 TB)-unlimited (Business)|
|File size||2 GB|
|Versioning||last 25 versions|
|Platforms||Windows, Xbox, Mac OS X, iOS, Android, Windows Phone|
Although there are many more enterprise cloud storage and file sharing tools available, it's a good idea to look at the enterprise versions of the most popular consumer options. One reason cloud services made their way into employees' workflows in the first place is that workers use the tools in their personal lives and like them enough to bring them to work. Companies considering deploying an enterprise-grade cloud service to users should choose one that workers are used to and enjoy working in. Otherwise employees will find ways to use the services they want, even if they're unsanctioned.