Top Five Requirements for Secure Enterprise File Sync and Sharing

Page created by Bobby Powers
 
CONTINUE READING
Top Five Requirements for Secure Enterprise File Sync and Sharing
White Paper

Top Five Requirements
for Secure Enterprise
File Sync and Sharing
Mobilize enterprise data. Empower users anywhere.
Maintain security and control.
Employees depend on data to be productive. Learn what it takes to
enable anywhere, any-device access to information without exposing
your organization to risk.

citrix.com
Top Five Requirements for Secure Enterprise File Sync and Sharing
White Paper                                           Secure Enterprise File Sync and Sharing

People depend on business data to be productive—but when they
rely on personal online file sharing accounts to mobilize data, they
expose the organization to significant security risks. If IT simply
blocks these accounts without providing a sanctioned alternative,
business productivity will suffer, but allowing their continued use
isn’t an option either. Instead, IT needs a file sync and sharing
solution with the security, control and flexibility IT requires, as well
as a rich, consumer-like user experience to ensure full adoption.

This paper discusses the five essential criteria for secure enterprise file sync and sharing, including
secure IT oversight, flexibility over where business data is stored, integration with existing
infrastructure, a rich user experience and support for next-generation workspaces. Provided by the
leader in mobile workspaces, Citrix® ShareFile® meets the requirements for secure enterprise file
sync and sharing to enable true business mobility.

The risks and challenges of mobile data access
Data fuels productivity. To collaborate and drive business value, people rely on the ability to access and
share files wherever work takes them, and on any device they use. The need is so critical that
employees won’t wait for IT to provide a sanctioned file sync and sharing capability—if none is
available, they’ll find their own way to get it done. But personal online file sharing accounts can create
serious risks for the enterprise, such as putting business data at risk; opening the network to external
threats, data loss and malware; violating regulatory rules; and allowing enterprise data to go outside
of IT control and be stored on personal file sharing services. Even with the best of intentions,
employees can cause untold damage to their business simply by trying to get their work done.

The dangers of unmanaged mobile data access are clear. When an employee stores business data
in a personal file sharing account and shares files with third parties, IT has no visibility into what
type of data is stored there, whether any sensitive business data is leaving the building or
enterprise control, and who else might have access to shared files and folders. When an employee
leaves the company, data synced from the individual’s corporate desktop or laptop to a personal
file sharing account remains in that account, and can be downloaded to any other device—
personal or belonging to another business—that the individual uses. Personal file sharing services
also pose a compliance nightmare, as IT has no way to verify where and how corporate data is
being stored, who has access to it, and whether it is being managed, retained and archived in
keeping with corporate policies.

citrix.com                                                                                               2
Top Five Requirements for Secure Enterprise File Sync and Sharing
White Paper                                                      Secure Enterprise File Sync and Sharing

This problem is rampant in the enterprise. According to an Enterprise Strategy Group report, a vast
majority (70 percent) of organizations know or suspect their employees are using personal online
file sharing accounts without formal IT approval1. Many IT organizations have yet to find an
effective solution. Often, they resort to one of two measures, neither of them adequate: blocking
the use of these unsecure services and thereby reducing business productivity, or allowing their
use and compromising security. Making it even harder to combat, personal cloud file sharing
services are omnipresent on many smart devices now. Employees who use their own smart phones
at work have quick access to these pre-installed personal file sharing tools. Employees need these
tools to be productive, so it’s up to business to keep their data safe and deploy equivalent
enterprise-class capabilities in the workplace to address the online file sharing demands. An
enterprise file sync and sharing (EFSS) solution provides a way for IT to secure enterprise
information access and prevent the leakage that can result from uncontrolled and non-secure
personal cloud services. Beyond addressing security threats, EFSS provides benefits for both users
and the business by supporting bring-your-own-device (BYOD) and corporate mobility initiatives,
and ultimately enhances data sharing, collaboration and productivity.

Addressing the requirements for secure data sharing in the enterprise
As a leader in business mobility, Citrix protects and guards the world’s most sensitive information,
simplifying and verifying the security and sharing of data in corporate apps and documents across
locations, networks and devices. IT can ensure the right level of secure access for every individual
and situation with visibility and control to address privacy, compliance and risk management
priorities without compromising end-user productivity.

Based on this experience, Citrix has identified five essential areas any enterprise-ready data access,
sync and sharing solution must address to meet people’s collaboration needs and IT’s
requirements for security and control. These include:

1. Secure IT oversight including authentication and authorization, granular access control, device
   security and reporting.

2. Flexible storage options to meet diverse needs for data sovereignty, compliance, performance
   and cost.

1 ESG Research Report, Online File Sharing and Collaboration: Security Challenges and Requirements, August 2012.

citrix.com                                                                                                         3
Top Five Requirements for Secure Enterprise File Sync and Sharing
White Paper                                          Secure Enterprise File Sync and Sharing

3. Integration with existing infrastructure to mobilize existing network shares and content
   repositories.

4. A rich user experience that promotes rapid adoption to wean users off personal file sharing
   services.

5. Support for next-generation workspaces so people can work and collaborate productively
   from anywhere.

These requirements are explored in this paper, together with a discussion of how each is addressed
by Citrix ShareFile. As an enterprise data sync and sharing solution, ShareFile enables IT to deliver a
secure, managed and robust service that meets the mobility and collaboration needs of all
business users. ShareFile complements Citrix technologies for enterprise mobility management
(EMM), Windows app and desktop virtualization, collaboration and secure cloud networking as
part of a complete business mobility strategy.

1. Secure IT oversight
IT faces an urgent need to regain visibility and control over how and where business data is
accessed and shared, and by whom. At the same time, it’s important not to limit productivity by
enforcing unnecessary restrictions on data access that fail to take into account the actual
requirements of each scenario. IT must strike the right balance by keeping data as secure as
possible wherever and however it is used, while ensuring the greatest allowable freedom for each
user in each scenario.

An EFSS solution must provide all the features of personal online or consumer-grade file sharing
services similar to Dropbox and Box, plus advanced security features to protect data and retain IT
control and visibility. With ShareFile, IT can allow the right level of data access and sharing for each
user and scenario, while gaining full visibility and control to protect business data effectively.

Authentication and authorization
With more people accessing business information from anywhere and from any device,
authentication and authorization become more critical than ever. IT needs to be able to define
strong authentication and authorization policies over who can access what, in what scenarios.

ShareFile makes it simple to enable secure authorization through SAML 2.0 integration with Active
Directory, as well as through popular business SaaS applications like Salesforce.com using industry
recognized OAUTH 2.0 standards. IT can use granular administrative controls to allow contextual
access: instead of controlling access only at login, and granting unlimited access to authenticated
users, ShareFile makes it possible to reevaluate access for each request and transaction, then allow
download-only access or full upload/edit/delete rights for users to authorized content depending
on their location, role, device and other criteria. Mobile device policy-based controls and real-time
application monitoring help administrators tune their security policies as needed.

citrix.com                                                                                             4
Top Five Requirements for Secure Enterprise File Sync and Sharing
White Paper                                          Secure Enterprise File Sync and Sharing

Access control and secure collaboration
Work teams increasingly span organizations and third parties play a greater role in business,
including partners, suppliers, agencies, outsourcing providers and contractors. This creates the
need for people to be able to share files easily with anyone inside or outside the organization—
without exposing the enterprise network to risk. A complete file sharing and sync service for the
enterprise should provide the ability to securely access and share files, including file shares inside
the network, with anyone, anywhere.

With ShareFile, IT can allow people—including trusted third parties—to access and share files from
anywhere. Granular access controls and security policies, including device security policies, can be
defined for both employees and third-party users through the same service.

Key capabilities include the ability to require a log-in with defined password complexity for each
user account, restrict the number of downloads available to a given user, restrict upload and
download permissions for users added to team folders, and expire links to files whenever desired.
IT can also restrict access based on network location. People can share data easily and securely
with third parties who don’t have a ShareFile account, including the ability to request files from
them to be uploaded directly into a specific folder in ShareFile. All device security policies can be
configured for all users of the account.

Data security
An EFSS solution must also protect data while in transit, at rest, in storage and backup. Files are
transferred through ShareFile over a secure SSL/TLS connection and are stored at rest with AES
256-bit encryption. Through the Passcode Lock feature, IT can leverage the mobile device’s
encryption capabilities and enforce encryption for all ShareFile data on the device.

The datacenters that host the ShareFile web application and databases are SSAE 16 accredited and
the data centers that host the file storage application are SSAE 16 and ISO 27001 accredited.

Citrix implements and maintains commercially reasonable and appropriate physical, technical and
organizational complimentary controls to protect customer data. Citrix ShareFile is PCI-DSS
compliant and will enter into a HIPAA business associate agreement. Citrix also offers ShareFile
Cloud for Healthcare, a secure enclave within a private cloud where IT can upload, store and share
patient heath information (PHI) and meet strict HIPAA compliance laws. ShareFile Cloud for
Healthcare is technically compliant with the HIPAA Security Rule.

Device security
With mobile devices now ubiquitous in the business environment, it is critical for IT to ensure that
the business information on tablets, smartphones and laptops does not fall into the wrong
hands—especially when a device is lost or stolen.

citrix.com                                                                                               5
Top Five Requirements for Secure Enterprise File Sync and Sharing
White Paper                                         Secure Enterprise File Sync and Sharing

                                          ShareFile provides extensive controls to provide complete protection for mobile applications and
                                          data, and to ensure end-to-end security. Key features include remote wipe of ShareFile-stored files
                                          and passwords, poison pill and data expiration policies, mobile device encryption, passcode lock,
                                          and the ability to restrict the use of third-party apps and jail broken devices.

                                          In addition to being sold as a standalone service, ShareFile is also available as part of the Citrix
                                          XenMobile® enterprise mobility management solution. This integration provides complementary
                                          security features including mobile app containers to keep individual mobile apps and their data
                                          separate from other content on the device and let you assign security policies on a per-app basis;
                                          single sign-on; scenario-based access controls; and the ability to manage and configure corporate
                                          and personally-owned devices, including app blacklist/whitelists, full or selective device wipe, and
                                          enterprise integration via LDAP and PKI.

“With our previous solution, there        Robust reporting and auditing
 was no way for me to audit usage         To maintain compliance with IT standards and governance mandates, IT needs complete visibility
or manage users, and we didn’t            into file access, sync and sharing activity.
 have many controls in place. With
ShareFile, we can manage and              ShareFile provides comprehensive capabilities to track, log and report on user file access, sync and
administer our accounts in-house.         sharing activity, including the date, type, place and network address of each user event. Multiple
With increased control, we have           versions of files can be stored to create full audit trails of editing activity. If a remote wipe is
 immediate access to our files,           initiated, IT can track file activity that occurred on the device from the time the wipe was initiated
 manage compliance with regard to         through its successful execution. To further aid compliance, ShareFile has adopted Health
 permissions and reduce our reliance      Insurance Portability and Accountability (HIPAA) Security Policies and Procedures (“HIPAA Security
on the vendor. With our previous          Policy”) intended to comply with the requirements of the Security Standards for the Protection of
solution, all administration activities   Electronic Protected Health Information and the Health Information Technology for Economic and
 included the involvement of the          Clinical Health (HITECH). The solution is also PCI DSS compliant and certified under the U.S./E.U.
other vendor.”                            Safe Harbor Program.
 Ishq Davis
 IT Enterprise Project Manager,           2. Flexible storage options
 Forum Energy Technologies                Flexible storage options is must-have for an EFSS solution and most personal file sharing solutions
                                          simply fall short with this requirement. Different types of business information pose different
                                          requirements: some files need to be stored onsite to meet compliance requirements, while others
                                          can be stored in the cloud to simplify management, reduce cost and allow frictionless scalability.
                                          For some types of data and apps, the location of data storage can make a significant difference in
                                          performance. IT needs the flexibility to choose where data is stored—including both on-premises
                                          and cloud options—through the same service.

                                          The ShareFile StorageZones™ feature lets organizations choose where their data is stored: in
                                          customer-managed object storage (Windows Azure or Amazon S3) and on-premises storage; in
                                          Citrix-managed StorageZones within audited, SSAE 16-compliant datacenters powered by AWS
                                          and Windows Azure; or in any combination of these. Customer-managed StorageZones within the
                                          enterprise help IT meet unique data sovereignty and compliance requirements while optimizing

                                          citrix.com                                                                                           6
Top Five Requirements for Secure Enterprise File Sync and Sharing
White Paper                                         Secure Enterprise File Sync and Sharing

performance by storing data in close proximity to the user. Citrix-managed StorageZones provide
the economic benefits and effortless management of a cloud-based service. For organizations
that require increased data protection, Restricted StorageZones offer the ability to encrypt data
with the customer’s own encryption keys. By defining where data should be stored, IT is able to
build the most cost-effective and customized solution for their organization.

		                  ShareFile StorageZone Options

Citrix-Managed StorageZone Architecture              Customer-Managed StorageZone Architecture

Customer-Managed Restricted StorageZones Architecture

3. Integration with existing infrastructure
One of the many drawbacks with personal online file sharing accounts is their inability to access
data or otherwise integrate with backend services and infrastructure such as existing network
shares, Microsoft SharePoint, SharePoint Online, OneDrive for Business or enterprise content
management (ECM) systems. For full productivity, people need to be able to access and share files
without having to worry about where they reside and the enterprise must feel confident their
solution doesn’t place their data at risk. IT needs a way to mobilize the full range of business data
without costly and time-consuming migration projects.

citrix.com                                                                                          7
White Paper                                         Secure Enterprise File Sync and Sharing

ShareFile allows a single point of access to all data sources throughout the enterprise. Working in
conjunction with customer-managed StorageZones, StorageZone Connectors let IT create a
secure connection between the ShareFile service and user data stored in existing network shares
and SharePoint, including files that otherwise cannot be accessed outside of corporate networks
or on mobile devices. Extending all the simplicity and mobile access benefits of ShareFile to
existing data storage platforms without the need for data migration, StorageZone enables people
to access their business documents easily and securely on mobile devices regardless of where the
file is actually stored. ShareFile also includes a built-in mobile content editor, which supports
standard SharePoint functions like check-out, edit and check-in from mobile devices.

4. A rich user experience
The file sync and sharing challenge goes right to the core of the consumerization of IT: if IT can’t
compete with the convenient and intuitive experience of a personal service, people simply won’t
adopt the harder-to-use enterprise option. At the same time, it’s not enough for IT to simply
match the experience and features of personal online file sharing or consumer-style accounts.
Business users have requirements that go far beyond the scope of a simple consumer account,
such as the ability to access and share files residing anywhere in the enterprise environment,
collaborate across corporate networks, and improve mobile productivity with editing, annotation,
offline access capability and workflow integration.

ShareFile provides the rich user experience essential to foster fast and full adoption. People can
access and sync all of their data from any device and securely share it with people both inside and
outside the organization, including large files beyond the size limits of enterprise email systems. A
built-in content editor lets people create, review and edit Microsoft Office documents and
annotate Adobe PDF files right from ShareFile, even while offline.

citrix.com                                                                                              8
White Paper                                                      Secure Enterprise File Sync and Sharing

“With ShareFile, we can give         5. Support for next-generation workspaces
employees the same user              ShareFile supports the introduction of a next-generation workspace that delivers secure access to
experience as a consumer file-       apps, desktops, data and services from any device, over any network to empower mobile workers
sharing service but with IT          with the freedom and flexibility to choose how they work. With 61 percent of information workers
 visibility and control. No matter   now working outside the office2, enabling people to work collaboratively and productively from
 where they are or how bad their     anywhere is now a critical requirement for IT. Employees want the same quality of user experience
Internet connection is, they can     they expect from consumer software. Providing this experience means enabling secure and
access and share their job files.”   controlled access to enterprise data from anywhere, replacing legacy PC backup tools and
                                     decoupling data from devices.
Patrick Burch
Systems Engineer at
Brasfield & Gorrie                   ShareFile offers key capabilities to power next-generation workspaces. Users are able to create and edit
                                     content across devices, edit content securely in Microsoft Office, check files in and out, apply free-form
                                     annotations to PDFs, and sync files automatically or on-demand for virtual desktop environments.

                                     In addition, with ShareFile, IT can future-proof their investment by choosing a solution that works
                                     with any platform and device and provides seamless access to user data. Most importantly, the
                                     organization can define the ShareFile implementation that works best for their specific
                                     requirements. ShareFile Enterprise is offered as a standalone service, as part of an enterprise
                                     mobility management solution with Citrix XenMobile, and as part of a software-defined workspace
                                     with the Citrix Workspace Suite™. Integration with XenMobile helps to deliver a rich user experience
                                     with Citrix-developed apps, including WorxMail™ for secure mobile email, calendar and contact
                                     access; and WorxWeb™ for secure browsing. Integration with Citrix Workspace Suite delivers secure
                                     access to mobile and virtual apps, desktops, and file sync and sharing services from any device, over
                                     any network to empower mobile workers with the freedom and flexibility to choose how they work.

                                     In addition, ShareFile is also optimized for other Citrix products. The unique on-demand sync
                                     capability of ShareFile is specifically designed for pooled and hosted shared virtual desktop
                                     environments, including those powered by Citrix XenDesktop® and Citrix XenApp®. On-demand
                                     sync drastically cuts network load, bandwidth requirements and storage costs. ShareFile also offers
                                     robust tools and clients for traditional desktops and devices.

                                     Citrix ShareFile – an industry-recognized and IT-approved EFSS provider
                                     For more than two decades, Citrix has driven innovation and transformation through solutions that
                                     help people become more productive, in more places, to drive business value. As secure data
                                     access moves to the forefront of the IT agenda, ShareFile has been recognized as a 2014 Gartner
                                     Enterprise File Sync and Sharing (EFSS) Magic Quadrant Leader3. This evaluation is based on both
                                     the completeness of the ShareFile vision and the company’s ability to execute on it.

                                     ShareFile has received numerous accolades and industry awards over the years. In 2014, ShareFile
                                     was named the Cloud Award for Best in Mobile Cloud Solution, the Tabby Award Winner for Best
                                     iPad Data Access and Collection App and the Gold App of the Year for Best in Biz awards for its
                                     iPhone app, and won the Virtualization Review Readers’ Choice Award.

                                     2 Source: Forrester Research, Inc’s Business Technographics Application and Collaboration Workforce Survey, Q4 2013
                                     3 http://www.citrix.com/news/announcements/jul-2014/citrix-positioned-as-a-leader-in-the-magic-quadrant-for-enterprise-
                                      file-synchronization-and-sharing.html

                                     citrix.com                                                                                                                9
White Paper                                                               Secure Enterprise File Sync and Sharing

           “Citrix ShareFile – It’s like Dropbox on steroids, with some
            sophisticated management and collaboration features that tie into
            other Citrix products.”
           2014 Virtualization Review, Readers Choice Award

           Provide your organization with an industry-recognized, IT-approved, enterprise ready file sync and
           sharing solution that provides them with the user experience they want and the advanced security
           features required by IT. ShareFile provides end-to-end integrations to existing infrastructure that’s
           best for the business and flexible storage options across both cloud, on-premises or both.

           Conclusion
           The mobile data access challenge poses both risks and opportunities for IT. The use of personal file
           sharing accounts can make it impossible for IT to maintain effective access control, security and
           compliance for sensitive business data. While weaning users off these services can be difficult, it
           can also bring powerful new benefits for individuals and the organization. By delivering file sync
           and sharing features designed for business, with the simplicity and convenience of a consumer
           service, IT can win adoption for a sanctioned enterprise alternative—with the robust security and
           granular access control needed to protect the organization from risk. Citrix ShareFile provides a
           complete solution that meets the five most important criteria for enterprise file sync and sharing
           (EFSS): secure IT oversight, flexible storage options, integration with existing infrastructure, a rich
           user experience and support for next-generation workspaces. In this way, IT can help employees
           work and collaborate more effectively from anywhere while supporting the evolution of business
           mobility enterprise-wide.

           Additional resources
           For additional information, please visit citrix.com/sharefile.
           To get started with a free trial of secure file sync and sharing, visit citrix.com/sharefile.

           Corporate Headquarters                           India Development Center                         Latin America Headquarters
           Fort Lauderdale, FL, USA                         Bangalore, India                                 Coral Gables, FL, USA

           Silicon Valley Headquarters                      Online Division Headquarters                     UK Development Center
           Santa Clara, CA, USA                             Santa Barbara, CA, USA                           Chalfont, United Kingdom

           EMEA Headquarters                                Pacific Headquarters
           Schaffhausen, Switzerland                        Hong Kong, China

           About Citrix
           Citrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management, networking
           and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobility through secure,
           mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network
           and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million
           users globally. Learn more at www.citrix.com

           Copyright © 2015 Citrix Systems, Inc. All rights reserved. Citrix, ShareFile, XenMobile, StorageZones, Citrix Workspace Suite, WorxMail,
           WorxWeb, XenDesktop and XenApp are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S.
           and other countries. Other product and company names mentioned herein may be trademarks of their respective companies.

0415/PDF   citrix.com                                                                                                                                  10
You can also read