This content is part of the Essential Guide: Cloud storage 2013: Nirvanix dies, others bloom
News Stay informed about the latest enterprise technology news and product updates.

File-sharing security concerns cause cloud services to adapt

File-sharing security features are popping up following IT backlash over rogue services, but there is still work to be done.

First, online file sharing caught on big with end users and took IT by surprise.

Next came the backlash, in which IT struck back against the unsanctioned services.

Now the vendors who sell the services are answering by adding enterprise management and security features.

File-sync and file-share products from vendors such as Dropbox, YouSendIt and SugarSync have become convenient tools for employees to load data across multiple mobile devices and share it with co-workers.

Online file sharing grew from a bring your own device (BYOD) movement into a legitimate technology segment, with more than 60 vendors offering consumer-grade sync and sharing products. Workers have adopted these services at such a pace without IT supervision that it has caused companies -- including IBM -- to ban them.

With no centralized management or security, these products can be a nightmare for IT administrators.

"It's scary to IT because the products are not ready for the enterprise," said Christine Taylor, an analyst with Taneja Group.

There have been several file-sharing security glitches, including one where every Dropbox password could be used to access any account for several hours. Marc Staimer, president of Dragon Slayer Consulting, said the biggest problem for IT is lack of control over these consumer products.

"IT has no control over security or access," Staimer said. "There are dozens of these services out there and most are free. For IT to maintain control, they have to get users not to use the public service because they are bypassing security."

Two trends are under way to make file sharing more enterprise-friendly. One is the entrance of enterprise storage vendors to the market. The second trend is the addition of management and security to the services that started out aimed at consumers.

EMC and NetApp entered enterprise file sharing through acquisitions.

Since buying Syncplicity last year, EMC has integrated the file-sharing capabilities with its Atmos, Isilon and VNX storage systems while adding controls for IT admins.

NetApp in May launched NetApp Connect based on its acquisition of ionGrid. NetApp Connect lets users securely access data stored on NetApp storage systems through endpoint devices.

Unlike EMC and NetApp, Hitachi Data Systems (HDS) built its own file-sharing capabilities. HDS in May added HCP Anywhere file sharing to the Hitachi Content Platform object-based cloud archiving system.

Online file pioneers such as Egnyte and Dropbox added a range of file-sharing security and IT centralized management capabilities. These include AES-56 encryption, native remote wipe, integration with Microsoft Active Directory, identity certificate features, the ability to audit files and a two-stage user authentication capability.

Dropbox integrated Microsoft Active Directory and single sign-on to its Dropbox for Business, while also redesigning its console to give administrators deeper visibility into users' data usage and activity. Now IT can monitor what devices are linked to the service and set sharing policies for third-party applications and Web sessions. It also changed the name of the service from Dropbox for Teams to Dropbox for Business in a not-so-subtle hint of its target audience.

Egnyte added a defined encryption policy for tablets and phones so that administrators can control file access on operating systems such as Android, which allows open file management. It also added a native remote wipe capability so if a mobile device is lost, IT managers can automatically delete any data on that device. Their product has a two-stage authentication process so users have to provide both a password and a unique code when an application is used on a mobile phone.

To move into the enterprise, sync-and-share companies have to make sure IT has control of the company's data.

"These vendors can do well at small companies. But the enterprise is a whole different ball game," Taneja Group's Taylor said. "That is why they are trying to add security. Dropbox, in particular, believed that because so many users used them, they would force companies to adopt them. That didn't happen. Instead, IT got pissed."

There is still work to be done. Even features such as remote wipe and changing passwords do not ensure security.

"If you fire an employee or an employee leaves, you can change the password to change ownership of the data, but just because you changed ownership does not mean you are safe," Staimer said. "You don't know who that employee has shared the data with."

Doug Caldwell, CEO of engineering consulting firm Exp, said the use of rogue online file-sharing products was a problem for his 3,500-employee company. "Enough of a problem that it's something we didn't want to get out of control," he said. "We had people trying to do it, but we blocked it from access to the Windows computers."

To take control, Exp started using Microsoft Windows 365 with SkyDrive Pro, which ties mobile file sharing to Active Directory.

"It gives IT controls over online file sharing," Caldwell said. "We can disable public file sharing [and control] how configurations are done on a 365 administrator console."

Dig Deeper on Unstructured data storage

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.