Read original article here: http://searchcloudstorage.techtarget.com/feature/Understand-enterprise-file-sync-and-share-deployment-models
The disturbing trend of shadow IT continues to pop up in all corners of the enterprise. This is mostly due to the availability of new, easy-to-use applications that have been placed at employees' fingertips thanks to the ubiquity of the cloud and mobile devices. As a result, if an organization doesn't respond to employee demands, workers are more willing and capable than ever to go around IT to obtain, deploy and use the tools they want on their own.
Case in point: The widespread use of enterprise file sync and share (EFSS) services.
When it comes to accessing, sharing and collaborating on required documents and files, often from legacy applications that aren't typically mobile-enabled, employees demand the simplicity they experience with other mobile apps. This is what they get from the likes of Box and Dropbox, the file sync-and-share tools they use at home. So when IT is slow to respond because it has other priorities (say supporting critical applications) employees solve the problem on their own by downloading these tools themselves.
Basic services to look for in EFSS products
One of the big risks of what I'll call "shadow EFSS" is that a company has no visibility into what data (or types of data) are in personal employee file sync-and-share accounts. Consequently, that data cannot be properly protected and managed, which can lead to major business challenges such as regulatory compliance violations, loss of competitive advantage and damage to the business from bad press associated with a leak.
With shadow EFSS, it has become incredibly easy for corporate IP, financial information and regulatory data to accidentally fall into the wrong hands. In the old days, when an employee left an organization, they had to download data onto a floppy disk (that's the very old days), a thumb drive or a removable memory card to take corporate information with them. With shadow EFSS, however, the default behavior is that data automatically leaves with an employee. Once company data goes into an employee's personal EFSS account, the data stays there and is accessible from any device (smartphone, laptop, desktop, tablet) they currently or will use in the future.
Let's take a look at what you can do about shadow EFSS.
Bringing EFSS in and out of the shadows
If employees are willing to go around IT to use enterprise file sync and share, then the best way to deal with this trend is to embrace employee input by making them a part of solving the problem. Workers are much more likely to use and advocate for an outcome they helped choose. Embracing the EFSS trend can also help unlock new productivity gains by taking the friction out of information-sharing, communication and collaboration, as well as reduce the risk of data leakage by having more corporate data under IT control.
EFSS service, support questions to answer
The two main areas of consideration when bringing EFSS into the corporate fold are employee requirements, which lean toward ease of use to drive adoption, and the IT side, which also needs ease of use but requires security and control even more. The question becomes, how do I provide employees with a cloud-like experience while meeting security and regulatory requirements? There are many variables in this equation that could be geographically driven or corporate-policy driven, but are likely a mix of both.
One of the key considerations for IT is whether to use a cloud EFSS service such as Box or Dropbox for Business, deploy an on-premises EFSS application from the likes of Acellion, Intralinks or Varonis, or go hybrid with products such as Citrix ShareFile, Egnyte or Syncplicity.
Public Cloud EFSS
Cloud EFSS is a pretty attractive option. In addition to being fast and easy to set up, the public cloud model allows customers to offload some storage and most infrastructure costs. A few providers even offer unlimited storage for business accounts. The problem with this option is it leaves businesses at the mercy of how service providers handle data protection and security. It may also leave your company exposed when it comes to regulatory compliance.
EFSS admin and control questions that need answering
Encryption is a must-have for storing corporate data in the cloud, and pretty much all the EFSS service providers encrypt data in the cloud, on endpoint devices and in flight. The question is who manages the encryption keys, the service provider or the subscriber? If the service provider manages the keys and holds the data, some of their employees can actually access your data. This leaves you open to snooping and hacking. Thankfully, many EFSS providers now offer customer-managed keys, which alleviates some of these major concerns.
Another related cloud consideration is the regulatory environment. Laws differ from country to country regarding how and where data is stored, as well as who has jurisdiction over that data. The landscape here is still unclear. If data is stored in one country and managed in another, which country has jurisdiction? Both? And what are the laws of each country regarding whether that data can be turned over under subpoena? Do they contradict each other? Are there cross-geographic boundaries? All of this, how data sovereignty is affected by provider location, is still a moving target. The collapse of the European Safe Harbor Agreement guidelines last year certainly proved that.
Private and hybrid-cloud EFSS
The issues and uncertainty surrounding public cloud EFSS are driving organizations to look at hybrid and on-premises options, with hybrid seeming to be the preferred model. In a hybrid environment, some components run on premises while others run in the cloud. The most well-known hybrid model is an EFSS application delivered via SaaS, while data is stored at the discretion of the subscribing company in the cloud or on premises.
Question to ask EFSS vendors about data availability, recovery
When we ask companies about factors driving interest in retaining EFSS data on premises, many say they are looking for flexibility and control over where data is stored. Along the same lines, many organizations believe they are better equipped than third-party services to secure and protect their data. Again, in a public cloud model, the service provider is responsible for storing and providing access to company data. If, for example, the service provider experiences an outage or security breach, customers may not be able to access their data until service is restored, or may find sensitive data has been compromised. Knowing they can manage more sensitive or critical files in company data centers, where security and availability policies have already been established, puts IT at ease.
Additionally, many organizations, particularly large enterprises, have made significant investments building out on-premises data storage and infrastructure, and they cite the ability to use these existing resources as reasons to pursue alternate EFSS deployment models. Even though storage can be relatively inexpensive in public cloud offerings, if organizations want to put all their data in an enterprise file sync-and-share setup, they need to find a way to migrate existing data, which is often time-consuming and expensive. So a number of hybrid EFSS providers (such as Accellion, Citrix Sharefile and Egnyte) allow access to data in existing file shares, without migrating data.
Answer these security questions when EFSS comparison shopping
Enterprise file sync-and-share topic: Areas of consideration
Encryption and key management
What are the content protection capabilities?
How does it secure data on mobile devices?
What type of auditing controls does it offer?
For public/hybrid EFSS vendors only: What types of network security controls are in place?
What are policies regarding privacy and data ownership?
Lastly, most enterprises (90% in a recent ESG survey) have at least some data (e.g., sensitive IP and regulated data) they forbid from being stored in the cloud. This seems to suggest that the vast majority of these organizations have reservations around how service providers handle sensitive data. In light of these misgivings, it isn't surprising that customer interest in the on-premises and hybrid EFSS deployment models is burgeoning.
EFSS deployment considerations
When you are looking to deploy enterprise file sync and share, there are a few core guidelines you should follow to help drive success and adoption:
Embrace employee input and feedback. It will drive viral adoption and make your life much simpler. And more adoption means less risk of exposure through shadow IT.
Pay special attention to the "not one size fits all" rule (see sidebar). If you lock everything down, you'll drive down adoption. Some enterprise file sync-and-share vendors provide a tremendous degree of flexibility and balance when it comes to ease of use, security and control, but typically they trend in one direction or the other.
File sync 'n' share: One size doesn't fit all
One of the worst mistakes an organization can make is place too much emphasis on the strictest departmental requirements when it comes to adopting and deploying enterprise file sync and share. For example, asking HR or finance (both of which are likely under strict regulatory compliance requirements) to be the only departments providing input on adoption will lead to a particularly locked-down EFSS environment. This, in turn, will drive those departments that do not need such strict security controls to revolt and flock to the consumer EFSS services you are attempting to keep out in the first place. So be open to deploying multiple EFSS platforms with varying levels of security in place. For some departments, ease of use trumps security, for instance, which will lead to greater adoption, and greater adoption means more control over more corporate data for IT.
Understand infrastructure considerations. Do you need to access the existing corpus of information via mobile devices? Can you migrate data in a cost-effective and timely manner? Do you have sufficient networking capacity to handle additional LAN, WAN or Wi-Fi access to files?
Be careful about capacity planning. Storing all data from all laptops can add up fast, and so can costs. It is important to understand your real EFSS capacity requirements and plan for fast growth. Once you unlock greater access to data and collaboration, employees will become more productive, which means more data to store at a faster clip.
Pay attention to integration with existing apps, including productivity and security applications. You don't want to reinvent the wheel to accommodate EFSS. And you need it to fit into existing frameworks like Active Directory and the applications you may use where offloading storage can save money, such as Salesforce.
Table 1: Basic* comparison of public, hybrid, and private cloud options for online file sharing
**This table covers just the basic deployment models, there are other models, such as virtual private cloud, hosted. Client may control some limited configuration settings and controls user administration functions.
The cloud and the influx of mobile devices and applications in the enterprise are revolutionizing how we work and driving the adoption of file sync-and-share products -- often without the blessing and knowledge of IT. To successfully bring enterprise file sync and share out of the shadows and into the light requires careful consideration and thought. Be it cloud, on-premises or hybrid, enterprise file sync and share deployment is a big project that should involve not just your IT team but knowledge workers, legal, security experts and pretty much everyone else at the company. It's worth the effort, however, as the payback in productivity and reduced security risk can be enormous.
About the author:
Terri McClure is a senior storage analyst at Enterprise Strategy Group in Milford, Mass.