The popularity of easy of use cloud storage services like Dropbox to cause IT decision makers quite a headache. Withal, the market already offers enterprise ready solutions. This article introduces cloud services for the professional use.
Dropbox drives shadow IT
Dropbox has driven cloud storage services into the enterprise. The fandom of the US provider extends from the ordinary employee up to the executive floor. In particular, the fast access, the ease of use on each device and the little costs made Dropbox to an attractive product. But what sounds like a true success story at first, is in reality a serious problem for CIOs and IT manager. Dropbox has led to a new form of shadow IT. Meant, here is the widely uncontrolled growth of IT solutions, employees and departments use without taking care of the IT department, purchasing these using credit cards. Behind this mostly stands the criticism internal IT departments are not able to deliver suitable solutions fast and in a desired quality. This leads to situations, where company data are stored on private Dropbox accounts, where they do not have to belong.
The Dropbox boom and the easy access to public cloud services in general led to a discussion about the right to exist of traditional IT departments. Sooner or later they could die out some analysts predict. Then the IT strings are in the hand of the Line of Business Manager (LOB). Yet, the reality looks different: In particular, the often anxious LOB Manager have normally neither the time nor the knowledge, to make such IT decisions. They indeed know what is important for their area, but do they have the knowledge, which systems also have to play together? For many years companies fight with not ideal integrated isolated applications and data silos. Public cloud solutions exponentiate this problem and Dropbox is just the tip of the iceberg.
To get the Dropbox phenomenon under control several vendor of enterprise cloud storage have established in the past years. The widely used Dropbox service offers by far not what typical enterprise policies and IT governance models demand.
Dropbox for Business
Since 2011 “Dropbox for Business”, a corporate offer with advanced features for more safety, team management and reporting capabilities, exists. However, the solution does not have the breadth and variety of functions like other similar offers on the market. Therefore, Dropbox is more suited for small and familiar teams that do not require as much control as larger companies. For $795 per year for five users unlimited space is available. Each additional user cost $125 per year.
Administrators get access over a dashboard to information about the activities of their users. This includes the used devices, browser sessions and applications. Here it is also possible to close browser sessions, disconnect devices and disable third-party apps.
For improved security, various authentication mechanisms can be activated, including a two-factor authentication. There is also a single sign-on (SSO) integration with Active Directory and other SSO providers. For the technical infrastructure Dropbox uses Amazon S3. This means that the data is stored in one of the global Amazon data centers. Although these data centers meet high safety standards as SSAE16, ISAE 3402 and ISO 27001. However, Dropbox does not guarantee a specific location of the data within the Amazon Cloud, like a data center in the EU. Dropbox indicates that the data is encrypted with AES 256-bit before it is stored on Amazon S3. However, Dropbox has plain text access to user files. A separate encryption is only possible with external tools.
Another deficit is the lack of audit mechanisms at file level and activities of the user. It is not possible to centrally look into a single user account, or to look for an earlier version of the file. This only works if one register as a user to look into the data. In addition, the reports provide no information about user activities such as uploading and sharing of files – a big gap in the audit process.
- Ease of use.
- Supports the major operating systems.
- Big market share and acceptance in consumer space.
- Unlimited storage space at an attractive price.
- Dropbox has full plain text access to user files.
- No end-to-end encryption.
- Data encryption using external tools.
- Weak reporting.
- Insufficient administration and audit options.
- Location of the data can not be set.
Box is one of the well-known providers of public cloud enterprise storage and targets its functions to small and medium-sized as well as large companies.The business plan is $15 per user per month for 3 to 500 users. This includes 1,000 GB of storage space. Box for Enterprise IT offers an unlimited number of users and unlimited disk space, the prices are obtained on request.
Clients for common desktop and mobile operating systems allow synchronization and uploading of data with almost any device. Files can be locked and automatically be released after time. In addition, depending on the plan, the version history is stored between 25 to 100 files. Other functions allow external authentication mechanisms, user management and auditing capabilities. The enterprise plan offers further management functions and access to APIs.
Depending on the plan more functions open. This can be particularly well seen on the permissions level. The higher the plan, the more types of users and access rights can be assigned to an object. Business and enterprise customers also get detailed reporting capabilities. These include, among other things, information on who has viewed and modified which files. Other safety features Box offers with authentication mechanisms for Active Directory, Salesforce, NetSuite, Jive and DocuSign and single sign-on (SSO) integration capabilities. In terms of data center capacity Box cooperates with Equinix. Among others, there is a data center in Amsterdam for the European market. Where Equinix has no sites, Box relies on Amazon Web Services.
Box ‘biggest weakness is the limitation on 40,000 objects for files and folders. This restrictions customers have already pointed out in mid-2012. So far, nothing has changed. There is only the information that the limit is raised to 100,000 objects in “Box Sync 4”.
- Ease of use.
- Variety of extensions.
- Supports the major operating systems.
- Many relevant features for business (management, audit, etc).
- Files and folders are limited to 40,000 objects.
- Encryption codes are owned by Box.
TeamDrive from Hamburg is a file sharing and synchronization solution. It is intended for companies that do not want to save their sensitive data at external cloud services, but still want to allow their teams to synchronize data or documents. For this TeamDrive monitors any folder on a PC, laptop or smartphone that can be used and edited together with invited users. Thus, data is also offline available at all times. An automatic synchronization, backup and versioning of documents protect users against data loss. With the possibility to operate TeamDrive registration and hosting server in an own data center, the software can be integrated into existing IT infrastructures. For this reason all necessary APIs are available. For TeamDrive Professional enterprise customers pay 5.99 euros per user per month, or 59.99 euros per year.
Using the global TeamDrive DNS service several independently operated TeamDrive systems can be linked together. If necessary, this allows customers to build a controlled community cloud in a hybrid scenario.
TeamDrive offers many business-related functions for the management and control of a storage service. These include a rights management on Space-level for different user groups, as well as a version control system to access older versions of documents and changes of group members. For the synchronization of the data, clients for all major local and mobile operating systems are available, including Windows, Mac, Linux, iOS and Android. With TeamDrive SecureOffice, the vendor has also brought an expansion of its mobile clients on the market, with which documents can be processed within an end-to-end encryption. An integrated mobile device management (MDM) helps to manage all devices used with TeamDrive. These can be added, blocked or erased. TeamDrive can be bound to existing directory services such as Active Directory and LDAP to synchronize the user administration.
In addition to these management functions TeamDrive features a fully integrated end-to-end encryption where the encryption keys are exclusively owned by the user. Thus, TeamDrive is not able to access the data at no time. For encryption, TeamDrive relies on AES 256 and RSA 3072
It should also be mentioned that TeamDrive, as the only enterprise storage solution, carries the privacy seal by the Independent Centre for Privacy Protection Schleswig-Holstein (ULD). The privacy seal confirms that TeamDrive is suitable for the use in businesses and governments for the confidential exchange of data.
- End-to-end encryption.
- Different encryption mechanisms.
- SecureOffice for mobile secure processing of documents.
- Certification by the ULD.
- Integrated mobile device management.
- Many relevant functions for businesses.
- No locking of files.
- No browser access.
Microsoft SkyDrive Pro
SkyDrive Pro is Microsoft’s enterprise cloud storage, which is provided in conjunction with SharePoint Online and Office 365. The service is exclusively designed for business purposes and therefore should be different from SkyDrive. SkyDrive is aimed at home users who should predominantly store and share documents and photos in the Microsoft cloud. The management of SkyDrive Pro is in the responsibility of a company. Employees should store, share, and collaborate business documents with colleagues within a private domain.
SkyDrive Pro is fully synchronized with SharePoint 2013 and Office 365. An administrator decides how the libraries can be used within SkyDrive Pro for each user. For this purpose, different access rights for users and user groups can be assigned. Using a client documents can be synchronized with the local computer. Mobile clients are available for iOS and Windows Phone. Android and Blackberry are currently not supported.
Documents or entire folders can be shared with individual colleagues or distribution lists. Access rights can be assigned for read or write access. A recipient then receives an e-mail including the comment and the link to the document and can follow it to get change information later. Sharing with partners and customers outside the domain is possible if the company supports external sharing.
According to Microsoft, all data in SkyDrive Pro will be protected with several layers of encryption. The only way to get the information, is if an administrator granted access rights to it. Furthermore, Microsoft guarantees that the private corporate data is protected from search engines so that no meta-data is collected in any form. In addition, SkyDrive Pro is compliant with HIPAA, FISMA and other data protection standards.
- Integration with Office 365 and SharePoint.
- Clients for mobile operating systems.
- Proprietary Microsoft system.
- European data center only (Dublin, Amsterdam).
- No Android client.
Over a web service, Amazon S3 (Amazon Simple Storage Service) provides the access to an unlimited amount of storage in the Amazon cloud. Unlike to competing cloud storage services the storage can only be accessed via a REST and SOAP interface (API). Amazon does not provide an own local client for synchronization. This is due to the fact, that Amazon S3 basically serves as a central storage location, many other Amazon services use to store or retrieve data. Here an ecosystem of partners help with paid clients to make use of synchronization capabilities with desktop and mobile operating systems. Using the own Amazon AWS Management Console, folders and files can be accessed via the web interface.
With the API, data as objects can be stored, read, and deleted in the Amazon Cloud. The maximum size of an object is 5 GB. Objects are organized in buckets (folders). Authentication mechanisms ensure that the data is protected from unauthorized third parties. For this purpose, objects can be marked for private or public access and assigned with different user access rights to the objects.
Amazon S3 pricing varies by region in which the data is stored. One GB of storage used for the first TB in the EU region cost 0,095 U.S. dollars per month. In addition, the outgoing data transfer is charged. Up to 10 TB per month the traffic costs $0.12 per GB.
Many other cloud storage services use Amazon S3 to store the user data, including Dropbox, Bitcasa or Ubuntu One.
- The API is the de facto standard in the market.
- Very high scalability.
- Very good track record.
- No own clients.
- The pay-per-use model requires strict cost control.
Like TeamDrive, ownCloud is a file sharing and synchronization solution. It is aimed at companies and organizations that want to keep their data under control and not to rely on external cloud storage services. The core of the application is the ownCloud server. This allows to integrate the software along with the ownCloud clients seamlessly into the existing IT infrastructure. In addition, the server enables the use of existing IT management tools. ownCloud serves as a local directory which mounts different local storages. Thus, the files are available to all employees on all devices. In addition to a local storage, directories can be connected via NFS and CIFS.
The ownCloud functions form a set of add-ons that are directly integrated into the system. These include a file manager, a contact manager and extensions to OpenID, WebDAV and a browser plugin for viewing of documents such as ODF and PDF. Other applications for enterprise collaboration are available on ownCloud’s own marketplace. Files can be uploaded using a browser or synchronized with clients for local and mobile operating systems.
Security is provided via a plugin for the server-side encryption, but which is not enabled by default. Is the plugin enabled, the files are encrypted when they are stored on the server. Here, only the contents of the files, the file names themselves are not encrypted. In addition ownCloud relies exclusively on security “at rest”.
The biggest advantage of ownCloud is also its disadvantage. The control over the data, which a company recovers through the use of ownCloud, on the other hand causes costs for the setup and operation. Administrators need to have enough knowledge about the operation of web servers such as Apache, but also about PHP and MySQL to successfully run ownCloud. In addition, a meticulous configuration is needed, without the expected performance of an ownCloud installation can not be reached.
- Open source.
- Variety of applications.
- Clients support the major operating systems.
- Weak security and encryption.
- High costs for the operation of an own ownCloud infrastructure.