At a high level, enterprise file sync and share appears to be the perfect solution for the modern business. End users rarely sit in one place anymore. They work at home, on the road, in coffee shops. Teams are not static or centrally located, but made up of designers, engineers and creatives based in different offices. A mobile, distributed workforce needs a file solution that allows people to collaborate easily and access critical files with the speed and performance to which they have become accustomed.
Sounds perfect, right? Unfortunately, there is a significant difference between this high-level EFSS pitch and the way these systems actually work in the real world. The shortcomings can be distilled into the following 4 dirty secrets of enterprise file sync and share.
1. EFSS doesn’t really utilize the cloud
Mentioning the cloud boosts the appeal of just about any technology, and file sync and share solutions are no exception. But when you deploy a standard EFSS system, you are not really utilizing cloud storage. A copy of a given file will be stored in the cloud. But copies of that file will also live on the desktops, laptops and mobile devices of all the end users who might need to access that file. There are advantages to this distributed model. For one, it allows those users faster access to the files they need. But creating so many extra copies across so many devices also creates unnecessary cloud storage security risks. Companies may end up violating compliance standards because of enterprise file sync and share-related data provenance problems. With so many copies of files on so many devices, it’s very difficult to track each one.
2. The security models are fundamentally flawed
While the sheer number of extra copies can pose risks for companies, the security models of many EFSS solutions also violate one of the fundamental principles of data security. A good security model assumes that you cannot trust anyone. Security should never depend on trust. Even though EFSS systems encrypt files, the solution providers also hold the cryptographic keys to unlock that data. There are a number of potential risks here. A rogue employee could decrypt the files. A government subpoena could force the solution provider to grant access without the customer’s permission. These scenarios might be unlikely, but when the EFSS provider holds the crypto keys, they are hardly impossible.
3. EFSS solutions add to the IT workload
Recently, EFSS solutions have begun offering tools designed to limit editing conflicts. Typically, these problems arise when two different users try to access and work on the same file. But even with these new tools, the potential for end-user-related errors is significant. For example, one end user might lock a shared file to prevent conflicts, then forget to unlock that data, leaving his or her colleagues without access. Other products display a marker to indicate that someone else is editing a file, requiring the user to honor it or else risk conflicts. Generally, these conflict avoidance tools require significant manual setup or user training, leading to added and unnecessary work for IT.
4. IT has to surrender control to the user or manage another separate system
Although EFSS solutions attempt to resolve identity and access control issues through methods such as the federated identity process, this is not the same as integrating with Active Directory or other established access control methods. What often happens with EFSS solutions is that companies end up with separate access control schemes in which the control rests with the users, not IT. From a compliance perspective alone this is unacceptable.
There is one more little secret – or more of a confession, really. Nasuni Mobile, our solution for extending access to files, is fundamentally an EFSS product. Yet there are some very important differences. Perhaps the most important distinction is that Nasuni is a true cloud solution. Nasuni maintains and continuously updates a single gold copy of each file in the cloud, so there is no question of which copy of a file is the true one. As end users work on a file, Nasuni’s cloud-based global file locking mechanism eliminates editing conflicts without the need for added IT setup or maintenance work. And because the gold copy of each file lives in the cloud, Nasuni can also offer unlimited versioning.
Another one of the dirty secrets of EFSS solutions is that they often come with limitations on versioning and backup control. End users might not be able to access a particular recent version of a file, and that older copy they suddenly need to restore could be gone entirely. With Nasuni Enterprise File Services, unlimited versioning is automatic.
Nasuni was also designed to meet strict compliance and security standards. IT retains control over permissions and access, and all files are encrypted with customer-controlled cryptographic keys. Sure, our clients can trust us, but they don’t have to. Their files are secure regardless, because we cannot access their data.