In the past few years file syncing and sharing solutions exploded in our daily lives. Snapping photos, uploading and sharing with friends, saving files to online cloud services and sharing with colleagues and many similar uses became a part of our daily lives. Enterprises could only offer limited options for file sharing: some insisted on using FTP, some utilized Public Folders on Exchange services, some allowed only one or two select cloud services. Then came the tech-savvy users who did not listen to corporate IT solutions and brought their own file sharing services. And they did it without IT department’s approval. IT, as in many cases, stuck between ease of use, efficiency and security, compliance, governance issues.
Although this is not a picture IT departments want to be – but they almost always found themselves – in, this is manageable. All we need to do, as the IT professionals, is to analyze the situation, define the needs and select the most appropriate solution(s). Here is how.
Our first step is to analyze the current situation. Why are our users using non-approved file sync solutions? This question will help us understand the pain points. Then we will ask what type of files are being synced and shared. This will help us understand our business requirements. A file syncing solution that is more efficient in syncing and sharing small files may not be the optimum solution for sharing large files, such as raw video files. Analyzing the current situation is not hard, all we need to do is to talk to our users and ask them how they are getting their work done. What kind of files they are creating, editing and sharing? What tools are they using? How much time do they wait to upload their files? Are they happy with their current file sync service, both for internal and external use – i.e., customers, vendors, other business partners? What additional features would they need to get their jobs done faster/more efficient? Are they using different operating systems? What mobility challenges are they facing with their file sync services? Answers to these questions will help us analyze the current situation thoroughly.
Then we will look at what we have. As the IT department, what tools are we offering our users? What is the feature set of our offering and how does this set compare to our users’ requirements? Answers to these questions is our gap analysis. You may be surprised to see that the employees using USB sticks to carry data from one workstation to another and then uploading from there, or saving them to their mobile phones so that they can access them while they are working remotely, or emailing them back and forth in every minor change. These analyses will further let us understand what are we aware of and how we can/cannot (possibly cannot) manage them effectively. We will conclude our gap analysis with our cost assessment. The use of these tools require servers, storage, bandwidth, removable drives, VPNs, power, cooling, backup etc. They do not come without a price, it’s just that these costs are hidden somewhere and absorbed in daily operations.
Next, we will design our new file sync and sharing solution. How will the solution support our users, our workflows? Are there any security holes – obvious or hidden? What is the amount of time we will spend supporting these solutions? Would we consider a hypothetically perfect file sync service that has no mobile support? What if it doesn’t have encryption? In today’s world it is perfectly rational to go with a cloud service, given that the legal, governance and compliance requirements allow.
We should never forget about the usability. The easiest one to use will be fastest with adaption, which will, in turn, provide a shorter return on investment. The other scenario, which comes with a less usable solution will mean low adaption and will result in fueling the use of alternate file sync services. That further means that the IT is not in control of data. The net result is the business data scattered across devices and services and nobody knows where it is. And plus, do not forget to consider the employees who leave the company.
File syncing and sharing means that the control of data shifts from the corporate employees to the service provider in case of a cloud-based file sync solution. That brings us to our first two questions in evaluating our service provider: are they secure and are they reliable? We should not forget that once we choose our provider, it will have -somehow- access to our data. In order to evaluate these, the vendor should demonstrate us that it takes security as serious as we do and it has established security and privacy solutions. From the data center security to compliance certification we need to be sure of our service provider.
The next step is the IT requirements. Here is my criteria in evaluating vendors:
- How does the vendor manage identity and access? Does it integrate with our existing infrastructure – such as Active Directory, LDAP etc.? Does it support single sign on?
- Does the solution allow creating groups? This is essential for teams, especially in geographically dispersed teams.
- Does the solution allow defining permissions for admins as well as groups? This is important for us, the admins to see which data can be shared with outside parties and whether that particular data can be shared or not.
- Does the vendor provide logs? Logs are important for us to track who accesses which corporate data and how. If we have a detailed log analysis tool in your infrastructure, we have to check if the vendor integrates with our tool.
- Does the vendor allow device and session management? Users will access data from a myriad of devices – from laptop computers to mobile devices and even from smart TVs. We have to check if your vendor allows blocking devices in terms of a threat and blocking sessions in cases of suspicious activity or for support purposes. Plus, we need to check if the solution supports remote wipe in case of a data breach, if not, does it allow our mobile device management application – such as System Center Configuration Manager – to wipe devices.
- Does the vendor allow third-party application access and/or provide APIs? This is important for two reasons: first, in terms of security, the application should access the data using user credentials, it should not access them, and, second, such access options provide flexibility (integration with existing infrastructure – such as saving ERP data directly to share folders. We can ask our development team to develop applications for our company’s specific needs.
Once we go through this list, we will pretty much be sure that we have selected the right solution for our company. The solution may not be the most shiny, most known or most used solution. If, for example, we are already using Office 365, OneDrive covers almost all of these items, meaning that we can go on with what we have, just by developing our policies.
What do you think? Are you managing file syncing and sharing in your organization? If yes, how? What are your takes? Let us know in the comments!
- Featured image: www.dig.do