Top Five Requirements for Secure Enterprise File Sync and Sharing
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
White Paper Top Five Requirements for Secure Enterprise File Sync and Sharing Mobilize enterprise data. Empower users anywhere. Maintain security and control. Employees depend on data to be productive. Learn what it takes to enable anywhere, any-device access to information without exposing your organization to risk. citrix.com
White Paper Secure Enterprise File Sync and Sharing People depend on business data to be productive—but when they rely on personal online file sharing accounts to mobilize data, they expose the organization to significant security risks. If IT simply blocks these accounts without providing a sanctioned alternative, business productivity will suffer, but allowing their continued use isn’t an option either. Instead, IT needs a file sync and sharing solution with the security, control and flexibility IT requires, as well as a rich, consumer-like user experience to ensure full adoption. This paper discusses the five essential criteria for secure enterprise file sync and sharing, including secure IT oversight, flexibility over where business data is stored, integration with existing infrastructure, a rich user experience and support for next-generation workspaces. Provided by the leader in mobile workspaces, Citrix® ShareFile® meets the requirements for secure enterprise file sync and sharing to enable true business mobility. The risks and challenges of mobile data access Data fuels productivity. To collaborate and drive business value, people rely on the ability to access and share files wherever work takes them, and on any device they use. The need is so critical that employees won’t wait for IT to provide a sanctioned file sync and sharing capability—if none is available, they’ll find their own way to get it done. But personal online file sharing accounts can create serious risks for the enterprise, such as putting business data at risk; opening the network to external threats, data loss and malware; violating regulatory rules; and allowing enterprise data to go outside of IT control and be stored on personal file sharing services. Even with the best of intentions, employees can cause untold damage to their business simply by trying to get their work done. The dangers of unmanaged mobile data access are clear. When an employee stores business data in a personal file sharing account and shares files with third parties, IT has no visibility into what type of data is stored there, whether any sensitive business data is leaving the building or enterprise control, and who else might have access to shared files and folders. When an employee leaves the company, data synced from the individual’s corporate desktop or laptop to a personal file sharing account remains in that account, and can be downloaded to any other device— personal or belonging to another business—that the individual uses. Personal file sharing services also pose a compliance nightmare, as IT has no way to verify where and how corporate data is being stored, who has access to it, and whether it is being managed, retained and archived in keeping with corporate policies. citrix.com 2
White Paper Secure Enterprise File Sync and Sharing This problem is rampant in the enterprise. According to an Enterprise Strategy Group report, a vast majority (70 percent) of organizations know or suspect their employees are using personal online file sharing accounts without formal IT approval1. Many IT organizations have yet to find an effective solution. Often, they resort to one of two measures, neither of them adequate: blocking the use of these unsecure services and thereby reducing business productivity, or allowing their use and compromising security. Making it even harder to combat, personal cloud file sharing services are omnipresent on many smart devices now. Employees who use their own smart phones at work have quick access to these pre-installed personal file sharing tools. Employees need these tools to be productive, so it’s up to business to keep their data safe and deploy equivalent enterprise-class capabilities in the workplace to address the online file sharing demands. An enterprise file sync and sharing (EFSS) solution provides a way for IT to secure enterprise information access and prevent the leakage that can result from uncontrolled and non-secure personal cloud services. Beyond addressing security threats, EFSS provides benefits for both users and the business by supporting bring-your-own-device (BYOD) and corporate mobility initiatives, and ultimately enhances data sharing, collaboration and productivity. Addressing the requirements for secure data sharing in the enterprise As a leader in business mobility, Citrix protects and guards the world’s most sensitive information, simplifying and verifying the security and sharing of data in corporate apps and documents across locations, networks and devices. IT can ensure the right level of secure access for every individual and situation with visibility and control to address privacy, compliance and risk management priorities without compromising end-user productivity. Based on this experience, Citrix has identified five essential areas any enterprise-ready data access, sync and sharing solution must address to meet people’s collaboration needs and IT’s requirements for security and control. These include: 1. Secure IT oversight including authentication and authorization, granular access control, device security and reporting. 2. Flexible storage options to meet diverse needs for data sovereignty, compliance, performance and cost. 1 ESG Research Report, Online File Sharing and Collaboration: Security Challenges and Requirements, August 2012. citrix.com 3
White Paper Secure Enterprise File Sync and Sharing 3. Integration with existing infrastructure to mobilize existing network shares and content repositories. 4. A rich user experience that promotes rapid adoption to wean users off personal file sharing services. 5. Support for next-generation workspaces so people can work and collaborate productively from anywhere. These requirements are explored in this paper, together with a discussion of how each is addressed by Citrix ShareFile. As an enterprise data sync and sharing solution, ShareFile enables IT to deliver a secure, managed and robust service that meets the mobility and collaboration needs of all business users. ShareFile complements Citrix technologies for enterprise mobility management (EMM), Windows app and desktop virtualization, collaboration and secure cloud networking as part of a complete business mobility strategy. 1. Secure IT oversight IT faces an urgent need to regain visibility and control over how and where business data is accessed and shared, and by whom. At the same time, it’s important not to limit productivity by enforcing unnecessary restrictions on data access that fail to take into account the actual requirements of each scenario. IT must strike the right balance by keeping data as secure as possible wherever and however it is used, while ensuring the greatest allowable freedom for each user in each scenario. An EFSS solution must provide all the features of personal online or consumer-grade file sharing services similar to Dropbox and Box, plus advanced security features to protect data and retain IT control and visibility. With ShareFile, IT can allow the right level of data access and sharing for each user and scenario, while gaining full visibility and control to protect business data effectively. Authentication and authorization With more people accessing business information from anywhere and from any device, authentication and authorization become more critical than ever. IT needs to be able to define strong authentication and authorization policies over who can access what, in what scenarios. ShareFile makes it simple to enable secure authorization through SAML 2.0 integration with Active Directory, as well as through popular business SaaS applications like Salesforce.com using industry recognized OAUTH 2.0 standards. IT can use granular administrative controls to allow contextual access: instead of controlling access only at login, and granting unlimited access to authenticated users, ShareFile makes it possible to reevaluate access for each request and transaction, then allow download-only access or full upload/edit/delete rights for users to authorized content depending on their location, role, device and other criteria. Mobile device policy-based controls and real-time application monitoring help administrators tune their security policies as needed. citrix.com 4
White Paper Secure Enterprise File Sync and Sharing Access control and secure collaboration Work teams increasingly span organizations and third parties play a greater role in business, including partners, suppliers, agencies, outsourcing providers and contractors. This creates the need for people to be able to share files easily with anyone inside or outside the organization— without exposing the enterprise network to risk. A complete file sharing and sync service for the enterprise should provide the ability to securely access and share files, including file shares inside the network, with anyone, anywhere. With ShareFile, IT can allow people—including trusted third parties—to access and share files from anywhere. Granular access controls and security policies, including device security policies, can be defined for both employees and third-party users through the same service. Key capabilities include the ability to require a log-in with defined password complexity for each user account, restrict the number of downloads available to a given user, restrict upload and download permissions for users added to team folders, and expire links to files whenever desired. IT can also restrict access based on network location. People can share data easily and securely with third parties who don’t have a ShareFile account, including the ability to request files from them to be uploaded directly into a specific folder in ShareFile. All device security policies can be configured for all users of the account. Data security An EFSS solution must also protect data while in transit, at rest, in storage and backup. Files are transferred through ShareFile over a secure SSL/TLS connection and are stored at rest with AES 256-bit encryption. Through the Passcode Lock feature, IT can leverage the mobile device’s encryption capabilities and enforce encryption for all ShareFile data on the device. The datacenters that host the ShareFile web application and databases are SSAE 16 accredited and the data centers that host the file storage application are SSAE 16 and ISO 27001 accredited. Citrix implements and maintains commercially reasonable and appropriate physical, technical and organizational complimentary controls to protect customer data. Citrix ShareFile is PCI-DSS compliant and will enter into a HIPAA business associate agreement. Citrix also offers ShareFile Cloud for Healthcare, a secure enclave within a private cloud where IT can upload, store and share patient heath information (PHI) and meet strict HIPAA compliance laws. ShareFile Cloud for Healthcare is technically compliant with the HIPAA Security Rule. Device security With mobile devices now ubiquitous in the business environment, it is critical for IT to ensure that the business information on tablets, smartphones and laptops does not fall into the wrong hands—especially when a device is lost or stolen. citrix.com 5
White Paper Secure Enterprise File Sync and Sharing
ShareFile provides extensive controls to provide complete protection for mobile applications and
data, and to ensure end-to-end security. Key features include remote wipe of ShareFile-stored files
and passwords, poison pill and data expiration policies, mobile device encryption, passcode lock,
and the ability to restrict the use of third-party apps and jail broken devices.
In addition to being sold as a standalone service, ShareFile is also available as part of the Citrix
XenMobile® enterprise mobility management solution. This integration provides complementary
security features including mobile app containers to keep individual mobile apps and their data
separate from other content on the device and let you assign security policies on a per-app basis;
single sign-on; scenario-based access controls; and the ability to manage and configure corporate
and personally-owned devices, including app blacklist/whitelists, full or selective device wipe, and
enterprise integration via LDAP and PKI.
“With our previous solution, there Robust reporting and auditing
was no way for me to audit usage To maintain compliance with IT standards and governance mandates, IT needs complete visibility
or manage users, and we didn’t into file access, sync and sharing activity.
have many controls in place. With
ShareFile, we can manage and ShareFile provides comprehensive capabilities to track, log and report on user file access, sync and
administer our accounts in-house. sharing activity, including the date, type, place and network address of each user event. Multiple
With increased control, we have versions of files can be stored to create full audit trails of editing activity. If a remote wipe is
immediate access to our files, initiated, IT can track file activity that occurred on the device from the time the wipe was initiated
manage compliance with regard to through its successful execution. To further aid compliance, ShareFile has adopted Health
permissions and reduce our reliance Insurance Portability and Accountability (HIPAA) Security Policies and Procedures (“HIPAA Security
on the vendor. With our previous Policy”) intended to comply with the requirements of the Security Standards for the Protection of
solution, all administration activities Electronic Protected Health Information and the Health Information Technology for Economic and
included the involvement of the Clinical Health (HITECH). The solution is also PCI DSS compliant and certified under the U.S./E.U.
other vendor.” Safe Harbor Program.
Ishq Davis
IT Enterprise Project Manager, 2. Flexible storage options
Forum Energy Technologies Flexible storage options is must-have for an EFSS solution and most personal file sharing solutions
simply fall short with this requirement. Different types of business information pose different
requirements: some files need to be stored onsite to meet compliance requirements, while others
can be stored in the cloud to simplify management, reduce cost and allow frictionless scalability.
For some types of data and apps, the location of data storage can make a significant difference in
performance. IT needs the flexibility to choose where data is stored—including both on-premises
and cloud options—through the same service.
The ShareFile StorageZones™ feature lets organizations choose where their data is stored: in
customer-managed object storage (Windows Azure or Amazon S3) and on-premises storage; in
Citrix-managed StorageZones within audited, SSAE 16-compliant datacenters powered by AWS
and Windows Azure; or in any combination of these. Customer-managed StorageZones within the
enterprise help IT meet unique data sovereignty and compliance requirements while optimizing
citrix.com 6
White Paper Secure Enterprise File Sync and Sharing performance by storing data in close proximity to the user. Citrix-managed StorageZones provide the economic benefits and effortless management of a cloud-based service. For organizations that require increased data protection, Restricted StorageZones offer the ability to encrypt data with the customer’s own encryption keys. By defining where data should be stored, IT is able to build the most cost-effective and customized solution for their organization. ShareFile StorageZone Options Citrix-Managed StorageZone Architecture Customer-Managed StorageZone Architecture Customer-Managed Restricted StorageZones Architecture 3. Integration with existing infrastructure One of the many drawbacks with personal online file sharing accounts is their inability to access data or otherwise integrate with backend services and infrastructure such as existing network shares, Microsoft SharePoint, SharePoint Online, OneDrive for Business or enterprise content management (ECM) systems. For full productivity, people need to be able to access and share files without having to worry about where they reside and the enterprise must feel confident their solution doesn’t place their data at risk. IT needs a way to mobilize the full range of business data without costly and time-consuming migration projects. citrix.com 7
White Paper Secure Enterprise File Sync and Sharing ShareFile allows a single point of access to all data sources throughout the enterprise. Working in conjunction with customer-managed StorageZones, StorageZone Connectors let IT create a secure connection between the ShareFile service and user data stored in existing network shares and SharePoint, including files that otherwise cannot be accessed outside of corporate networks or on mobile devices. Extending all the simplicity and mobile access benefits of ShareFile to existing data storage platforms without the need for data migration, StorageZone enables people to access their business documents easily and securely on mobile devices regardless of where the file is actually stored. ShareFile also includes a built-in mobile content editor, which supports standard SharePoint functions like check-out, edit and check-in from mobile devices. 4. A rich user experience The file sync and sharing challenge goes right to the core of the consumerization of IT: if IT can’t compete with the convenient and intuitive experience of a personal service, people simply won’t adopt the harder-to-use enterprise option. At the same time, it’s not enough for IT to simply match the experience and features of personal online file sharing or consumer-style accounts. Business users have requirements that go far beyond the scope of a simple consumer account, such as the ability to access and share files residing anywhere in the enterprise environment, collaborate across corporate networks, and improve mobile productivity with editing, annotation, offline access capability and workflow integration. ShareFile provides the rich user experience essential to foster fast and full adoption. People can access and sync all of their data from any device and securely share it with people both inside and outside the organization, including large files beyond the size limits of enterprise email systems. A built-in content editor lets people create, review and edit Microsoft Office documents and annotate Adobe PDF files right from ShareFile, even while offline. citrix.com 8
White Paper Secure Enterprise File Sync and Sharing
“With ShareFile, we can give 5. Support for next-generation workspaces
employees the same user ShareFile supports the introduction of a next-generation workspace that delivers secure access to
experience as a consumer file- apps, desktops, data and services from any device, over any network to empower mobile workers
sharing service but with IT with the freedom and flexibility to choose how they work. With 61 percent of information workers
visibility and control. No matter now working outside the office2, enabling people to work collaboratively and productively from
where they are or how bad their anywhere is now a critical requirement for IT. Employees want the same quality of user experience
Internet connection is, they can they expect from consumer software. Providing this experience means enabling secure and
access and share their job files.” controlled access to enterprise data from anywhere, replacing legacy PC backup tools and
decoupling data from devices.
Patrick Burch
Systems Engineer at
Brasfield & Gorrie ShareFile offers key capabilities to power next-generation workspaces. Users are able to create and edit
content across devices, edit content securely in Microsoft Office, check files in and out, apply free-form
annotations to PDFs, and sync files automatically or on-demand for virtual desktop environments.
In addition, with ShareFile, IT can future-proof their investment by choosing a solution that works
with any platform and device and provides seamless access to user data. Most importantly, the
organization can define the ShareFile implementation that works best for their specific
requirements. ShareFile Enterprise is offered as a standalone service, as part of an enterprise
mobility management solution with Citrix XenMobile, and as part of a software-defined workspace
with the Citrix Workspace Suite™. Integration with XenMobile helps to deliver a rich user experience
with Citrix-developed apps, including WorxMail™ for secure mobile email, calendar and contact
access; and WorxWeb™ for secure browsing. Integration with Citrix Workspace Suite delivers secure
access to mobile and virtual apps, desktops, and file sync and sharing services from any device, over
any network to empower mobile workers with the freedom and flexibility to choose how they work.
In addition, ShareFile is also optimized for other Citrix products. The unique on-demand sync
capability of ShareFile is specifically designed for pooled and hosted shared virtual desktop
environments, including those powered by Citrix XenDesktop® and Citrix XenApp®. On-demand
sync drastically cuts network load, bandwidth requirements and storage costs. ShareFile also offers
robust tools and clients for traditional desktops and devices.
Citrix ShareFile – an industry-recognized and IT-approved EFSS provider
For more than two decades, Citrix has driven innovation and transformation through solutions that
help people become more productive, in more places, to drive business value. As secure data
access moves to the forefront of the IT agenda, ShareFile has been recognized as a 2014 Gartner
Enterprise File Sync and Sharing (EFSS) Magic Quadrant Leader3. This evaluation is based on both
the completeness of the ShareFile vision and the company’s ability to execute on it.
ShareFile has received numerous accolades and industry awards over the years. In 2014, ShareFile
was named the Cloud Award for Best in Mobile Cloud Solution, the Tabby Award Winner for Best
iPad Data Access and Collection App and the Gold App of the Year for Best in Biz awards for its
iPhone app, and won the Virtualization Review Readers’ Choice Award.
2 Source: Forrester Research, Inc’s Business Technographics Application and Collaboration Workforce Survey, Q4 2013
3 http://www.citrix.com/news/announcements/jul-2014/citrix-positioned-as-a-leader-in-the-magic-quadrant-for-enterprise-
file-synchronization-and-sharing.html
citrix.com 9White Paper Secure Enterprise File Sync and Sharing
“Citrix ShareFile – It’s like Dropbox on steroids, with some
sophisticated management and collaboration features that tie into
other Citrix products.”
2014 Virtualization Review, Readers Choice Award
Provide your organization with an industry-recognized, IT-approved, enterprise ready file sync and
sharing solution that provides them with the user experience they want and the advanced security
features required by IT. ShareFile provides end-to-end integrations to existing infrastructure that’s
best for the business and flexible storage options across both cloud, on-premises or both.
Conclusion
The mobile data access challenge poses both risks and opportunities for IT. The use of personal file
sharing accounts can make it impossible for IT to maintain effective access control, security and
compliance for sensitive business data. While weaning users off these services can be difficult, it
can also bring powerful new benefits for individuals and the organization. By delivering file sync
and sharing features designed for business, with the simplicity and convenience of a consumer
service, IT can win adoption for a sanctioned enterprise alternative—with the robust security and
granular access control needed to protect the organization from risk. Citrix ShareFile provides a
complete solution that meets the five most important criteria for enterprise file sync and sharing
(EFSS): secure IT oversight, flexible storage options, integration with existing infrastructure, a rich
user experience and support for next-generation workspaces. In this way, IT can help employees
work and collaborate more effectively from anywhere while supporting the evolution of business
mobility enterprise-wide.
Additional resources
For additional information, please visit citrix.com/sharefile.
To get started with a free trial of secure file sync and sharing, visit citrix.com/sharefile.
Corporate Headquarters India Development Center Latin America Headquarters
Fort Lauderdale, FL, USA Bangalore, India Coral Gables, FL, USA
Silicon Valley Headquarters Online Division Headquarters UK Development Center
Santa Clara, CA, USA Santa Barbara, CA, USA Chalfont, United Kingdom
EMEA Headquarters Pacific Headquarters
Schaffhausen, Switzerland Hong Kong, China
About Citrix
Citrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management, networking
and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobility through secure,
mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network
and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million
users globally. Learn more at www.citrix.com
Copyright © 2015 Citrix Systems, Inc. All rights reserved. Citrix, ShareFile, XenMobile, StorageZones, Citrix Workspace Suite, WorxMail,
WorxWeb, XenDesktop and XenApp are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S.
and other countries. Other product and company names mentioned herein may be trademarks of their respective companies.
0415/PDF citrix.com 10You can also read
