Published: 03 Nov 2017
Mobile computing is the norm. With organizations of all sizes embracing BYOD programs, employees are accessing corporate data from mobile devices at an ever-increasing rate. From IT's point of view, it's imperative this data remains secure and is handled in ways that are compliant with all applicable regulations.
Employees typically access corporate data from a variety of devices -- laptops, smartphones, tablets, etc. -- and often resort to using consumer-grade sync-and-share services to synchronize corporate data among those devices. But that puts the data at risk and has IT managers wondering whether their organization should provide secure file sync and share.
Synchronizing corporate data through a consumer-grade sync-and-share service puts that data at risk in several ways. A mobile device, along with all the data on it, can be lost or stolen. Similarly, a device-level malware infection can corrupt the data itself. Organizations that wish to provide employees with a safe alternative to consumer-grade sync-and-share services have several options.
One such option is to use a secure file sync-and-share service designed for the enterprise. Such services are similar to consumer-grade sync and share, but with enhancements to ensure security and compliance. A second option is to deploy your own on-premises, enterprise sync-and-share service. This approach is similar to any other enterprise sync-and-share service, except the software runs in an organization's data center rather than in the cloud. A third option is a hybrid setup that combines the best aspects of on-premises and cloud-based sync and share.
Enterprise cloud file sync and share
Cloud-based enterprise file sync and share is commonly referred to as simply enterprise file sync and share, or EFSS. Like consumer-oriented sync-and-share services, EFSS services use a device-level client component to synchronize the contents of designated folders to a cloud-based server.
The security and compliance features included vary from one vendor to the next, but there are some features you should look for.
Encryption is a must. Ideally, you should encrypt data both at rest and in flight. Enterprise secure file sync and share commonly encrypts data in flight using Secure Sockets Layer or Transport Layer Security encryption. Rather than simply storing synchronized files directly in a device's file system as a consumer-grade service might, products in the EFSS market usually enforce file system encryption for synchronized data or store data in an encrypted "vault" on the device.
A good EFSS product also should support multifactor authentication and integrate with the Microsoft Active Directory or Lightweight Directory Access Protocol.
Consumer sync-and-share accounts and ransomware
Although organizations usually forbid employees from placing company data onto unauthorized file sync-and-share sites in an effort to prevent data leakage, such sites can pose another type of threat. Consumer-grade sync-and-share sites can let a malware or a ransomware infection spread faster than it otherwise might. Ironically, some employees have reported using sync-and-share accounts in an effort to prevent ransomware-related data loss.
Consumer-grade sync-and-share services generally let users choose which folders they wish to synchronize. Files placed into these folders are synchronized to the cloud and to any other devices configured to use the synchronization account. However, not only newly created files are synchronized. If a user modifies an existing file, those modifications are also synchronized. Herein lies the problem.
EFSS security must also be transparent to the end user and nonintrusive. Employees will only adopt EFSS if it's as capable and easy to use as the far-less-secure consumer-grade offerings. This means that the user interface is intuitive and that users can choose the data they want to synchronize to their device. Some EFSS products let employees form small workgroups in which data can be synchronized across multiple users' devices to facilitate collaboration.
As important as it is for employees to feel unrestricted, the IT department must be able to maintain tight control over the synchronization software. IT must be able to define policies stipulating who is and isn't allowed to synchronize data. Some offerings, such as Syncplicity and CTERA, let IT prevent specific folders from being synchronized or put controls on devices containing corporate data. For example, an administrator could restrict some types of devices from being used and require all other devices to be password-protected. Some EFSS products, such as Egnyte, even provide remote wipe capabilities that can remove all corporate assets from a lost or stolen device.
Finally, be sure to check if the vendor whose EFSS product you're considering is compliant with any regulations that apply to your organization. For example, some enterprise sync-and-share vendors advertise that their services are compliant with the Health Insurance Portability and Accountability Act or regulations from the Financial Industry Regulatory Authority.
Integrated on-premises EFSS
An enterprise can host secure file sync and share on-premises, in its own data center, using products from companies such as Acellion, Intralinks and Varonis. This approach can provide the same benefits, capabilities and security features as a cloud EFSS. Some organizations may already have applications, such as Microsoft SharePoint, that have integrated file sync-and-share capabilities, and they don't have to invest in a dedicated EFSS application.
In the case of SharePoint, although it's primarily a collaborative portal, administrators can enable sync-and-share capabilities for SharePoint document libraries. That lets employees synchronize a document library folder to their devices and work with its contents without having to go through the SharePoint Web interface. Employees can even access synchronized files while working offline.
Hybrid enterprise file sync and share
As its name implies, hybrid EFSS relies on a combination of on-premises and cloud-based assets. It's worth noting that while some hybrid EFSS offerings are designed to allow users to sync files or folders to their mobile devices, many are intended for other primary goals.
Some hybrid EFSS products address challenges. These include latency and access to data residing in multiple locations, such as in an organization's data center, branch offices and the cloud. Hybrid EFSS offerings commonly replicate data between the cloud and on-premises servers or appliances, creating multiple copies of files that help ensure business continuity.
This technology also allows you to place data near the endpoints that will actually use the data, regardless of where the primary copy of the data resides. For example, an organization may synchronize a portion of its data to appliances residing in branch offices, letting branch office employees access the data without the latency that normally involved with accessing data from a remote location.
Hybrid products in the EFSS market include Axway's Syncplicity, Citrix's ShareFile, eFolder and Egnyte.
Mobility and security
The need for secure file sync and share isn't going away any time soon. In fact, it's likely to grow as an increasingly mobile workforce demands access to data while working both online and offline. Consumer-grade services will provide your employees with this access, but also could undermine your organization's security efforts and cause compliance problems.
Rather than trusting employees not to place company data into file sync-and-share repositories, it's better to implement an enterprise product that gives them the mobility they require, while maintaining your organization's security and compliance.
Vendors in the EFSS market that you should know
What to look for in various file sync-and-share options
Enterprise file sync and share trumps consumer-grade products