robybret - Fotolia

Security, control persist as file sync-and-share challenges

New business demands have sync-and-share vendors adding access policies so admins can regain control over data.

In the days before universal connectivity, file-sync features provided an easy way for users to synchronize files and folders to their laptops and then work with them offline. The next time the user connected to the network, any updates made by them would be synchronized automatically. That sounds simple, doesn't it?

This type of file synchronization technology has been in existence seemingly forever. Microsoft first introduced it in Windows 95 in the form of the Windows Briefcase. Today, sync-and-share options abound -- from big players to small -- and they all aim to provide users with flexibility and IT managers with some degree of control. But the tension between usability and security in file sync-and-share offerings is a real challenge for today's IT administrators.

The same workers who want to access SharePoint from their tablet, work on their iPhone on a train, and travel through several postal codes or countries carrying corporate data are also making data less secure. We've all read publicized accounts of corporate data gone missing when an employee leaves a laptop on a train or in a taxi, but what's worse is that hackers are working purposefully to steal that information.

There are other reasons why legacy file-synchronization techniques need to give way to today's dynamic sync-and-share market. For starters, the days of a single, universally accepted operating system are over. Obviously, any solution for providing users with access to file data when away from the office must work on a variety of platforms and devices.

Then there are new business demands. A global workplace offering remote offices and work-at-home options demands improved collaboration tools.

Modern file-sharing and synchronization solutions focus heavily on security and tend to be policy driven, which allows administrators to control the methods with which data can be accessed. For instance, an admin might choose to allow remote file access, but not offline file access.

However, these products typically let policies be used for purposes beyond merely allowing or disallowing access. IT managers looking at these products should evaluate the level of control they have over policies; some products allow admins to put a number of different granular controls in place for both remote access and file synchronization. These might include quotas, mandatory encryption, information rights management policies or even device-specific restrictions.

Another important feature found in some file-synchronization applications is granular remote wipe. Remote wipe features let an admin (or in some cases even a user) initiate a wipe operation against a lost or stolen device. Some vendors have built granularity into the remote wipe feature so an admin can remove corporate data from a user's device without removing the user's personal data and apps in the process.

Modern file sync-and-share solutions

When it comes to third-party file-synchronization solutions, every vendor offers a unique feature set. However, there are some features that are especially helpful and can be found in a variety of different products.

While some features are familiar to most IT users, there are some surprises. Encryption, for example, is one feature that most IT decision makers know to look out for. Even if the user's device is not configured to automatically encrypt file data, the file-sharing software may store offline file data within a secure "vault" to prevent unauthorized access to the data.

But a lesser known and very useful feature that exists in some modern file-synchronization solutions is content ownership policies. Imagine, for example, that a user synchronizes a file to their laptop so they can work while offline. While the user is offline, other users in the office also modify the file. The file has now been simultaneously updated by two different users. How can this conflict be resolved? Ownership policies can allow a specific user's updates to take precedence in situations in which an update merge proves to be impossible.

Content pushing is another feature that exists within some file-synchronization solutions. The basic concept behind this feature is quite simple. Rather than waiting for a user to come into the office and manually synchronize his or her files, an automatic synchronization is attempted any time the user connects to the Internet.

This type of feature offers two main benefits. First, a user's file updates are copied to the organization's file storage (or cloud storage) on a more frequent basis. This allows the data to be better protected than it would be if it resided solely on the user's device.

The other advantage to this technique is that it increases the odds that everyone is working from the most recent version of a document. If a user in the office modifies a document, then those modifications are automatically pushed to users who are working outside of the office and have chosen to subscribe to the document (or synchronize an offline copy of the document). Similarly, if the offline user modifies the document, those changes are uploaded at the first opportunity, thereby helping to ensure that others who may need to access the document are working from the most recent version.

Modern remote-access solutions

Security is of paramount concern for most modern file sync-and-share applications. Obviously, the security feature set varies from one vendor to the next, but it has become common for remote file-access apps to offer features, such as two-factor authentication, data encryption and even access restrictions, which can be based on factors like operating system, domain name, IP address and location. Operating system restriction policies enable an admin to ensure that data is only accessed on devices running secure operating systems. For example, an admin might choose to allow access from a device running Windows 7, Windows 8 or iOS, but not from devices running Windows XP.

Some remote access solutions also offer application awareness. Suppose a user wants to open a Microsoft Word document while working remotely. Although there are a number of applications that can open Word documents, an admin may wish to ensure that the document is only opened using Microsoft Word, thereby eliminating the chance of a user opening the document through a dubious open source application that may have known security vulnerabilities.

It has also become standard practice for file-sharing app vendors to offer deduplication and bandwidth throttling as a way of helping users to make efficient use of mobile bandwidth.

About the author:
Brien Posey is a Microsoft MVP with two decades of IT experience. Previously, Brien was CIO for a national chain of hospitals and health care facilities.

Next Steps

How to choose a cloud file-sharing option for your company

File sync-and-share options continue to grow

Do file sync and backup serve the same purpose?

Hybrid sync-and-share model offers firmsmore security

List of enterprise cloud-based file services continues to grow

This was last published in June 2014

Dig Deeper on Hybrid Cloud Storage

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Great summary of the salient issues with file sync and share applications. At Intralinks, we often talk about retaining lifetime control of documents, or giving users the ability to decide who, how and when a file is accessed, even after it has traveled outside the firewall. The key is a new information rights management technologies that provide these capabilities without the usual requirements for clunky viewers or downloads.
Cancel
I might be behind the times but I still just use a program called GoodSync to sync data between my own local storage devices. I know GoodSync will let me sync data over the internet to these same devices using "GoodSync Connect" but I'm just too paranoid.
Cancel

-ADS BY GOOGLE

SearchStorage

SearchSolidStateStorage

SearchConvergedInfrastructure

SearchAWS

SearchDisasterRecovery

SearchDataBackup

SearchSMBStorage

Close