Managing and protecting all enterprise data

lassedesignen - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

In-house EFSS protects companies from data loss

With more employees conducting their work remotely, consumer file sync-and-share use could be exposing corporate data. In-house EFSS could help combat this.

Remote workers and mobile devices are a fact of life, as the employees in many companies work as much from home and on the road as they do in a traditional office setting. This requires technology to synchronize files between their various devices and a central repository, often involving a public cloud. Collaboration between workers within and outside the organization is also supported by these file sync-and-share systems.

In many companies, the employees have gotten ahead of IT in recognizing the need for this capability, prompting the use of products like Dropbox at work. Consumers were the initial market for most of these sync-and-share products and they're readily available for little to no cost. But, these user-initiated products can leave corporate data unprotected, unsecure and uncontrolled. This "shadow IT" problem has forced companies to find suitable file-sharing products, also called enterprise file sync-and-share (EFSS).

Enterprise file sync-and-share options

Enterprise file sync-and-share options fall into two groups. The first, "all-cloud" products, store shared data in the public cloud exclusively. Products in the second group offer the ability to store some or all of a company's data in their own data center -- or private cloud -- as well as in a public cloud. This article will focus on the second group, products that provide the 'in-house' aspect that many companies are interested in. Forrester, Gartner and Ovum reports on EFSS companies were used to compile the examples of available products below.

All-cloud EFSS

For companies that don't have the overriding security or compliance requirements, all-cloud applications are a popular way to deliver enterprise-level file sync-and-share. These products are essentially software-as-a-service (SaaS) implementations of pure-play EFSS products. They're similar to consumer services like Dropbox with enhanced feature sets, better security and enhanced IT control. These services actually occupy several leadership positions in EFSS reports from Forrester, Gartner and others. In fact, Box is in the top category on two reports, Forrester 2013 and Ovum 2014. Other all-cloud EFSS products include Dropbox Enterprise, Hightail (formerly YouSendIt), WatchDox and Google.

EFSS products first must address employees' needs for file sharing and collaboration. After all, if the software isn't acceptable to employees, they won't give up their Dropbox accounts at work. For employees, EFSS provides the ability to easily access, edit and share files and folders with people in the company and outside of it, and enable users to restore previous file versions themselves.

These products also must improve security and control over corporate data. To satisfy IT, most EFSS products include business-grade access controls (single sign-on, Active Directory integration, etc.) and policy-based management of users, devices and sharing. Most optimize WAN bandwidth and include some features for protecting data such as encryption (for data in transit and/or data at rest) and remote lock or wipe of devices and user accounts.

Most have support for the major endpoint devices, including iOS, Android, Windows and OSX platforms. While EFSS products generally include similar feature sets, interoperability with existing applications, such as office productivity tools and document management, as well as in-house applications, can be a differentiator.

EFSS extensions

EFSS "extensions" are file sync-and-share products that are sold as an add-on to another product -- in many cases, backup software. This is a marketing strategy, of course, but it makes sense from a technology standpoint as well, since these vendors have significant cloud-based infrastructures and established connections to their customers' datacenters.

In the backup space, Acronis and Druva offer file sync-and-share as an addition to their endpoint backup products and IBM offers Connections, as an extension for its social software products.

CTERA originally came to market as a hybrid backup product that used an on-site appliance to store data and manage its transfer to the cloud. In the past few years, they have added file sync-and-share as part of a larger package of IT services that are associated with the cloud. Acronis and CTERA products are detailed below, because they represent different extension approaches. Acronis is a traditional backup software product that added file sync-and-share, while CTERA is a cloud-based offering.

Acronis Access. Acronis offers a full suite of on-site and cloud-based data protection products including server and endpoint backup and DR. Acronis Access is the company's EFSS application, now in its seventh version, that's available in an SMB edition (up to 100 users) and an enterprise edition called Access Advanced. Unlike its backup products, Access is a 100% on-premises program using a file server, NAS, SharePoint or other existing storage infrastructure, not the public cloud. The Acronis Access application runs on a Windows server and provides full security and control for IT in companies that don't want any data stored outside of the company's firewall. It integrates with many mobile device management (MDM) products and allows users to securely access and edit MS Office documents from any device.

CTERA EFSS. CTERA provides a secure cloud data services platform that enables companies to deploy EFSS along with backup and other IT services. CTERA EFSS can store data in-house, on existing NAS or object storage, such as OpenStack Swift or EMC ECS, or in a hosted cloud infrastructure, such as Amazon AWS, IBM SoftLayer and others. CTERA Portal software manages the entire infrastructure, deployed as a physical or virtual appliance in the corporate datacenter.

For remote or branch offices, CTERA's Cloud Storage Gateway is an on-site physical or virtual appliance that connects to CTERA Portal and provides up to 32 TB of centrally managed storage capacity (raw) for local file sharing and as a platform for other IT services such as data protection and disaster recovery.

CTERA is popular with managed service providers because it gives them a remotely managed, turnkey offering for more than just file sync-and-share that's attractive to their customer bases, from SMBs to the enterprise. It also provides a white-label option and the flexibility to be deployed completely in the cloud or as a gateway appliance.

Pure-play EFSS

The other alternative is to use a dedicated "pure-play" EFSS product. These products offer a combination of on-site and cloud-based infrastructures to store shared files and are typically aimed at the largest companies.

Their appeal is usually based on an enterprise's need for security. They have to keep some data on-site because it's just too valuable or because they need to meet industry regulations or national data governance laws. Examples are Accellion kiteworks, Citrix ShareFile, Egnyte Enterprise File Sharing, EMC Syncplicity, HDS HCP and Nasuni global fileshare. Egynte and EMC offer the kinds of features and functionality typical of enterprise-class, in-house file sync-and-share software, and are detailed below.

Egnyte. Egnyte combines on-premises storage with public or private cloud storage to create three deployment options for its EFSS customers. Its Cloud File Server is a cloud-only service that's similar in functionality to consumer file sync-and-share products. Storage Sync is a hybrid cloud product that stores files on-site, on storage arrays from a variety of vendors, as well as storage directly attached to VMware or Hyper-V hypervisors. These files are synced with the Cloud File Server to enable sharing with remote and mobile users.

In the enterprise market, companies often need to keep at least some of their data on-site, prompting them to look at applications that can store data 'in house' -- behind the firewall.

The third option, Storage Connect, provides mobile access to locally stored files without those files or their associated metadata passing through the cloud. It's deployed as a virtual appliance that connects to existing file storage platforms. Egnyte separates the file sync-and-share architecture into a data plane and a control plane, creating a global namespace that spans storage locations and allowing companies to use all three Egnyte EFSS options across their environment.

Syncplicity. Syncplicity, acquired by EMC in 2012, creates a hybrid cloud platform using on-premises storage and the public cloud. It integrates with EMC's ViPR, VNX and Isilon, as well as third-party storage products through NFS. Syncplicity may be less 'storage agnostic' than other EFSS products because it is a division of EMC. Syncplicity also integrates with EMC's Documentum via APIs.

Syncplicity includes a cloud-based 'orchestration layer' to control the sync process and StorageVaults to control where data is actually stored, in on-site physical storage systems or in the public cloud. Syncplicity allows any folder to be included in the sync process, not limiting users to a specific sync folder, as Dropbox and others do. Syncplicity also efficiently manages the transfer of large files over slow or intermittent wireless connections.

Choosing an EFSS product

The file sync-and-share market has matured over the past couple of years. And large companies are recognizing the importance of file sync-and-share, pushing EFSS into the IT mainstream. In the enterprise market, companies often need to keep at least some of their data on-site, prompting them to look at applications that can store data 'in house' -- behind the firewall. For these companies, scale may be the primary differentiator.

Pure-play EFSS products offer the most flexibility and more options for IT to control data placement, in-house and in the cloud. They also support larger enterprise implementations than EFSS extensions. These products also provide an alternative for companies with thousands of users.

For midmarket and smaller companies, the extension products may be a better fit. They're typically easier to implement than pure-play applications, especially if sold by an existing MSP or channel partner, and are generally less expensive at this scale. They can also simplify the delivery of IT services and can work well for companies with multiple branches or remote offices.

As mentioned earlier, most of these products have similar functionality around security, control and usability, at a baseline level. That said, there are some differentiating features and these can change with each new software release. However, since security and control are primary drivers for EFSS usage, those features are more than 'bells and whistles' and should be well understood before choosing a product.

About the author: 
Eric Slack is an analyst at Storage Switzerland, an IT analyst firm focused on storage and virtualization.

Article 3 of 8

Next Steps

Picking an EFSS provider

EFSS a secure alternative to consumer-based file sharing

Dig Deeper on Data storage strategy

Get More Storage

Access to all of our back issues View All