Security, control persist as file sync-and-share challenges

New business demands have sync-and-share vendors adding access policies so admins can regain control over data.

In the days before universal connectivity, file-sync features provided an easy way for users to synchronize files and folders to their laptops and then work with them offline. The next time the user connected to the network, any updates made by them would be synchronized automatically. That sounds simple, doesn't it?

This type of file-synchronization technology has been in existence seemingly forever. Microsoft first introduced it in Windows 95 in the form of the Windows Briefcase. Today, sync-and-share options abound -- from big players to small -- and they all aim to provide users with flexibility and IT managers with some degree of control. But the tension between usability and security in file sync-and-share offerings is a real challenge for today's IT administrators.

The same workers who want to access SharePoint from their tablet, work on their iPhone on a train, and travel through several postal codes or countries carrying corporate data are also making data less secure. We've all read publicized accounts of corporate data gone missing when an employee leaves a laptop on a train or in a taxi, but what's worse is that hackers are working purposefully to steal that information.

There are other reasons why legacy file-synchronization techniques need to give way to today's dynamic sync-and-share market. For starters, the days of a single, universally accepted operating system are over. Obviously, any solution for providing users with access to file data when away from the office must work on a variety of platforms and devices.

Then there are new business demands. A global workplace offering remote offices and work-at-home options demands improved collaboration tools.

Modern file-sharing and synchronization solutions focus heavily on security and tend to be policy driven, which allows administrators to control the methods with which data can be accessed. For instance, an admin might choose to allow remote file access, but not offline file access.

However, these products typically let policies be used for purposes beyond merely allowing or disallowing access. IT managers looking at these products should evaluate the level of control they have over policies; some products allow admins to put a number of different granular controls in place for both remote access and file synchronization. These might include quotas, mandatory encryption, information rights management policies or even device-specific restrictions.

Another important feature found in some file-synchronization applications is granular remote wipe. Remote wipe features let an admin (or in some cases even a user) initiate a wipe operation against a lost or stolen device. Some vendors have built granularity into the remote wipe feature so an admin can remove corporate data from a user's device without removing the user's personal data and apps in the process.

Modern file sync-and-share solutions

When it comes to third-party file-synchronization solutions, every vendor offers a unique feature set. However, there are some features that are especially helpful and can be found in a variety of different products.

While some features are familiar to most IT users, there are some surprises. Encryption, for example, is one feature that most IT decision makers know to look out for. Even if the user's device is not configured to automatically encrypt file data, the file-sharing software may store offline file data within a secure "vault" to prevent unauthorized access to the data.

But a lesser known and very useful feature that exists in some modern file-synchronization solutions is content ownership policies. Imagine, for example, that a user synchronizes a file to their laptop so they can work while offline. While the user is offline, other users in the office also modify the file. The file has now been simultaneously updated by two different users. How can this conflict be resolved? Ownership policies can allow a specific user's updates to take precedence in situations in which an update merge proves to be impossible.

Content pushing is another feature that exists within some file-synchronization solutions. The basic concept behind this feature is quite simple. Rather than waiting for a user to come into the office and manually synchronize his or her files, an automatic synchronization is attempted any time the user connects to the Internet.

This type of feature offers two main benefits. First, a user's file updates are copied to the organization's file storage (or cloud storage) on a more frequent basis. This allows the data to be better protected than it would be if it resided solely on the user's device.

The other advantage to this technique is that it increases the odds that everyone is working from the most recent version of a document. If a user in the office modifies a document, then those modifications are automatically pushed to users who are working outside of the office and have chosen to subscribe to the document (or synchronize an offline copy of the document). Similarly, if the offline user modifies the document, those changes are uploaded at the first opportunity, thereby helping to ensure that others who may need to access the document are working from the most recent version.

Modern remote-access solutions

Security is of paramount concern for most modern file sync-and-share applications. Obviously, the security feature set varies from one vendor to the next, but it has become common for remote file-access apps to offer features, such as two-factor authentication, data encryption and even access restrictions, which can be based on factors like operating system, domain name, IP address and location. Operating system restriction policies enable an admin to ensure that data is only accessed on devices running secure operating systems. For example, an admin might choose to allow access from a device running Windows 7, Windows 8 or iOS, but not from devices running Windows XP.

Some remote access solutions also offer application awareness. Suppose a user wants to open a Microsoft Word document while working remotely. Although there are a number of applications that can open Word documents, an admin may wish to ensure that the document is only opened using Microsoft Word, thereby eliminating the chance of a user opening the document through a dubious open source application that may have known security vulnerabilities.

It has also become standard practice for file-sharing app vendors to offer deduplication and bandwidth throttling as a way of helping users to make efficient use of mobile bandwidth.

About the author: Brien Posey is a Microsoft MVP with two decades of IT experience. Previously, Brien was CIO for a national chain of hospitals and health care facilities.

Next Steps

How to choose a cloud file-sharing option for your company

File sync-and-share options continue to grow

Do file sync and backup serve the same purpose?

Hybrid sync-and-share model offers firmsmore security

List of enterprise cloud-based file services continues to grow

This was first published in June 2014

Dig deeper on Hybrid Cloud Storage

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

2 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchStorage

SearchSolidStateStorage

SearchVirtualStorage

SearchAWS

SearchDisasterRecovery

SearchDataBackup

SearchSMBStorage

Close