Download the authoritative guide: Enterprise Data Storage 2018: Optimizing Your Storage Infrastructure
A True EFC Solution: The Five Factors
Consumer-grade file collaboration vendors usually start with low-cost and free solutions to build their customer base. Then they attempt to ride their business user coattails into the enterprise while simultaneously developing slightly more robust products. They are correct that the enterprise is where the real money is; they are wrong in believing that providing a cool free product for business users will result in large-scale enterprise adoption.
A ready-for-the-enterprise file collaboration product must contain five factors that define EFC: scalability, control, security, usability and compliance. Enterprise scalability is not just supporting a small remote workgroup in an enterprise; it is using the cloud to achieve high performance distributed file-sharing for thousands of users, devices, and tens of thousands of files. Control is centralized IT management using policies to efficiently manage file collaboration across the enterprise. Security is encryption, data protection and user access control. Usability is that all-important quality of simplicity for both end-users and for IT. Finally, compliance refers to monitoring, tracking and auditing file usage for compliance and governance. Let’s take a more detailed look at each factor.
A key part of scalability is the cloud, which enables large-scale distributed file-sharing without the expense and complexity of VPNs or FTP. Cloud architecture differs between EFC vendors and is a major defining difference between several of them. Note that although most of the vendors offer a public cloud option, many of them can deploy to a private cloud. This level of flexibility is important to the enterprise, where cloud might be acceptable for backup and other copied data sets but is unacceptable for active data.
It is not hard to understand the reasons for the success of consumer file-sharing products like Dropbox. Free is a big part of it, of course, but so are simplicity and usability. When IT deploys an enterprise file-sharing product for company employees, it needs to be simple to use and share even with layers of policies, admin, encryption and audits behind it. Usability also extends to user file-sharing; users need a simple and effective way to issue invitations and permissions to other users as well as being able to easily access their files on multiple devices.
Application integration is another major consideration for EFC. Users jump onto their mobile app stores at will. Replacing this ease of use with a complex login routine to approved corporate applications will quickly stymie user willingness to devote their personal device to the business cause. EFC usability drives towards easily adopted and upgradable corporate application suites including familiar interfaces to widely used applications, such as MS Outlook and Office.
Users aren’t the only ones that need simplicity; managing file collaboration needs to be straightforward for IT. Administrators are motivated to close BYOD security holes, but they do not need to replace one serious management issue with an equally difficult file collaboration management interface. The more usable the management interface, the better the choice will be for IT.
EFC is by definition about files and devices rather than team interaction, so it must be able to protect file versions across devices and user files. Enterprise-scale enters into this ability since hundreds of people may potentially be using the same set of unstructured files. File synchronization is the basic required feature as files are shared between user devices, and potentially between multiple users. Versioning is necessary to provide simultaneous collaboration between users.
EFC vendors offer file syncing and control across mobile devices, including a central management console for admins. This lets IT set and enforce security policies, implement user and role-based access control, and audit device and user network access. Cloud security, access, authentication and encryption are all concerns for IT departments that are looking at enterprise file collaboration on a large scale. IT needs consoles that allow them to provide effective file and access oversight and control, while users need a platform that supports a wide variety of devices.
Factor: IT Control
Centralized control is a primary distinction between consumer and EFC products. Without central controls, users will do an end-run around IT in a phenomenon called shadow IT. Some consumer products have added rudimentary management capabilities but not on the scale of features that enterprise requires. At the very least user access control should support LDAP, and many collaboration products actively use MS Active Directory (AD) for access control. IT will be able to set permission and access control on shared data. Collaboration products that share files from their original storage locations can use existing network permissions for approved users, but products that store shared files in a separate repository will need to set permission access on folders and/or individual files.
IT will need to institute backup and archive for the file locations, whether the files are stored behind the firewall or on a public cloud. The collaboration console may or may not provide data protection functionality; collaboration products from a data protection vendor will provide backup while pure play collaboration vendors generally will not. In either case the shared file storage must be subject to backup and archive as needed.
The management console should give IT the ability to set policies around security, information management and data retention requirements. IT also needs audit trails and activity logs for governance, including versioning records if the collaboration product provides file versioning for shared editing. This is the single largest issue with consumer grade file-sharing in the enterprise: the inability to protect files from accidental sharing, planned intrusion and non-compliance. The ability to safeguard files is critical in highly regulated industries like finance, healthcare, government and others. Consumer grade file-sharing products simply do not provide acceptable security levels.
File collaboration is an enterprise-wide initiative. It is related to but not synonymous with Mobile Device Management (MDM), Mobile Application Management (MAM), or Mobile File Management (MFM).
- MDM is the process of controlling the spate of mobile edge devices that are overrunning the corporation. When we talk about managing BYOD for security, this is usually what we mean. MDM features include locking, wiping and policies to manage applications and data downloaded to client devices.
- MAM enables IT to provide corporate oversight and control its own applications running on mobile devices. IT generally provides a password-protected application suite for authorized users and devices. They also retain tools such as encryption, locking and wiping, as well as policies that affect only the encapsulated applications and data.
- MFM is the domain of securing and controlling file data accessed by mobile devices. Enterprise file collaboration is not identical to mobile file access but is deeply connected to it because of mobile file sharing issues.