BYOD – Storage Made Easy Blog

January 12, 2021January 12, 2021

How to securely web enable access to CIFS / SMB File Shares

One of the predominant use cases that many companies have is to enable file access to SMB file shares that live behind the corporate firewall , or indeed are hosted on IaaS infrastructures (such as Amazon FSX or Azure Files), without the need for a VPN and without reconfiguring permissions whilst using Active Directory or LDAP for authentication and also ensuring that data is secure and compliance legislation is satisfied.

This has of course become even more of a requisite during the recent Covid-19 pandemic in which there is a pressing need to enabled. such access for remote workers.

Accessing files over CIFS/SMB network over VPN using a mobile network is possible but access can be patchy, clients apps limited and it is often extremely slow.

The File Fabric enables this using its built in CIFS / SMB connector. This blog post will step through how to web enable SMB file shares.

Continue reading “How to securely web enable access to CIFS / SMB File Shares”

July 12, 2016April 14, 2021

My Favourite Feature: The File Fabric Client Ecosystem

My name is Erik, I work as Director of Engineering, Storage Made Easy in the US. I want to share my favorite File Fabric feature with you. Some day’s life gets hectic, and it is not just work I am talking about. As you can use all SME features in a personal account, this post will focus on enterprise deployments.

As an IT department, it is hard to respond to every demand. First the users, there is some combination of “access anywhere”, “BYOD”, “VPN free”, “faster”, “bigger”, etc. Then as a manager your requirements are something like this: Continue reading “My Favourite Feature: The File Fabric Client Ecosystem”

September 10, 2014April 14, 2021

Cloud Storage Security concerns ? Why Hybrid Cloud offers the best of both worlds

With the recent celebrity photo scandal fresh in the minds of companies who are either using or anticipating moving to use Cloud questions regarding security, architecture and governance are fair ones to ask.

Without a doubt cloud computing offers advantages to companies that encompass ease of use, productivity and cost savings, however companies have concerns about if, how and where they store their sensitive data. This is where hybrid cloud can play a part.

What is Hybrid Cloud ? Hybrid Cloud essentially continues to offer businesses all the benefits associated with the public cloud whilst enabling them to continue to have choices of storing certain types of data privately.

The benefits of a hybrid cloud strategy are that it addresses the security concerns of sensitive data whilst offering a dual strategy, unlike a pure private cloud implementation.

The Storage Made Easy Enterprise File Fabric provides such a public / private hybrid cloud solution but takes it a step further in the following ways:

– The File Fabric integrates with many existing private data applications and public cloud solutions. Private data application examples are SMB, CMIS, SharePoint, FTP and NAS/SAN. Public cloud solution examples are Amazon S3, RackSpace Cloud Files, Google Storage, Azure Blog Storage, Salesforce etc. The File Fabric does not force you to work with other storage or data that comes with the solution. The File Fabric is storage agnostic and it works with what data sources exist within a company.

-The File Fabric offers a control point for all corporate data wherever it is stored. As a control points Storage Made Easy can be configured to audit log all file events which can be exported as an excel file or as Syslog events for use with Business DashBoards. It also enables encrypting of sensitive files through the gateway that reside on public cloud Apps, or the choice of keeping these files entirely private behind the firewall but still accessible. GEO location tracking and restrictions are also built into the platform as is secure file sharing across all data stores enabling a common file sharing policy to be set.

– The File Fabric provides a single pane of glass into all cloud services and integrates into corporate identity management systems such asSAML, LDAP and Active Directory. It can function as a public and private cloud data control point and can also be set to enable users to add their own consumer cloud accounts if this is a company policy, and it can track which corporate documents are moved, or shared, into a users consumer cloud account.

– More effective governance is provided as the File Fabric not only provides the flexibility and security of the hybrid cloud model, it also provides a cloud control point for existing private data and public cloud data sets.

March 17, 2014March 17, 2014

Document Management is more than just managing documents – it is also securing them

Document control and management is of vital importance to any organization. If sensitive information is sent outside of your company, once the documents have been sent electronically, control is lost and this can put files you shared at risk. They can be copied or forwarded anywhere in the world, in seconds.

For most businesses, the focus of their attention is on document management and on the organizational workflow and the storage of documents. Companies want to be able to integrate documents into a workflow and store documents in an organized and secure way that still allows documents to be found easily . Where the document is stored can frequently change. It could be SharePoint, it could be FTP, it could be on some external repository etc. Where the security process can fall down is when documents are shared externally or how they are available to be collaborated on.

The proliferation of employees bringing there own devices to work (BYOD and BYOC) and using preferred SaaS applications of their own choosing has led to corporate governance becoming even more of a challenge for those tasked with its enforcement as an increasing number of end users bypass corporate protocol.

Such ‘Shadow IT‘ can pose a significant security risk, as unapproved hardware and software that are used do not undergo the necessary security checks and the storage and dissemination of such documents is outside of corporate control.

Storage Made Easy provides a unified Enterprise File Share and Sync solution, which works with a companies existing private and public data, presenting these files in a unified view.. It enables enterprises to not only securely sync, but also to securely share and work with files, wherever they need to go, even on devices that are beyond IT’s control.

IT benefits from a solution that gives them control, and users benefit as they have automatic access to documents and files from multiple data repositories, with robust security wherever behind the corporate firewall, or using any tablet, smartphone or PC.

Storage Made Easy uniquely provides:

• The ability to view, annotate, edit and sync almost any cloud or private file from almost any storage to any device.

• Internal and external collaboration features to work securely with anyone without losing control of enterprise data.

• Complete audit tracking to ascertain who accessed files, where form, and what action was taken.

• Provides a secure way for the organizations to collaborate with external partners using business workspaces.

• GEO Restrictions – restrict access to documents by IP address and by client. For example let an external sub office only have access to a folder from a specific IP address from the web browser (or any other client you nominate).

• Full Bring Your Own Device Support to restrict access to by employees by device type.

• Sophisticated permissions that unify permissions to different back end document storage and which can also be used with Active Directory or LDAP

• A way to solve the “DropBox” “bring your own cloud” problem be auditing such clouds even when documents are uploaded direct.

• A way to encrypt files stored on remote clouds which a key that is stored behind the corporate firewall this protecting remote sensitive data.

In summary you do not have to choose between a homogenous and restrictive system or a lawless fenzy of different unapproved systems. The Storage Made Easy Enterprise file share and sync solution is storage agnostic. It is compatible with most private or public file sharing cloud data stores allowing users to continue using their preferred cloud storage provider while at the same time converging off-site and on–site private and public data. This allows a centralized point for corporate governance, thus providing a real solution to the Shadow IT and corporate governance problem.

November 21, 2013November 21, 2013

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

These policies should also ripple through to the mobile Applications used in a company:

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

Summary

Companies need to connect disconnected information to enable corporate governance.

April 23, 2013April 23, 2013

The Top 5 things to Consider for Business File Sharing

File Sharing is a key part of a companies ability to collaborate and share corporate data, which increasingly can be stored in many disparate services. The purpose of this post is to offer suggestion businesses should consider for their corporate file sharing strategy:

Many business just let employees share files with no control and no checks. This needs a policy. This is the businesses core asset and it needs to be protected and secure. Also, compliance and legislation of data is increasingly becoming important. The business needs to ensure it does not get caught in a compliance trap.

Point 1: Implement a control mechanism for your users. For example Storage Made Easy enables users to share files using links that can be password protected and in which the link can be set to expire. This protects against the user forwarding file. The file link can be set to expire on first download for example or set to download after 24 hours (or any other specified time period). If the file is password protected, even if the file is forwarded by the recipient then the file cannot be accessed unless the password is provided. A control mechanism promotes best practice security management of files and reduces operational risk.

Point 2: Point Solution or not ? Consider whether your strategy should be a point solution or whether it works with your existing data sets. Many vendors may purport to promote managed secure file sharing but often you find you have to move your data to their Cloud to have the solution work for you. Storage Made Easy works with private on-premise data, public cloud data such as DropBox, SkyDrive, Box etc and also with SaaS services such as BaseCamp. This promotes a ‘joined up’ strategy for company file sharing.

Point 3: Integrates with what you have ? Consider whether the solution works how you work so that it does not get in the way of business or productivity. For example Storage Made Easy integrates directly in the desktop as a network drive with simple right click options to share files. This behaviour supports Windows, Mac and Linux. Also integration has been done with other core business productivity tools such as Microsoft Outlook and Mac Mail to promote easy secure file sharing using links directly from the corporate mail client. Similar integrations exists for core productivity tools such as Microsoft Office and Open Office or Libre Office.

Point 4: Compliance, Compliance Compliance – Compliance is fast catching up with all verticals when it comes to storing and accessing corporate files off site. There is specific industry legislation related to this, such as HIPPA in healthcare and FERPA in education, but there are various legislation proposals being processed at various levels in the USA and EU and it is a safe bet that the ability to track historic file events will become more of a requirement not less of a one. Also for companies, the ability to search against historic file sharing or data access should be just part of an overall joined up corporate security policy.

Point 5: On-Premise, Hybrid or Cloud ? The last point is to do with implementation. You should be able to decide how you manage data or metadata associated with storing files and sharing files. This can be behind the corporate firewall, totally on Cloud., or some combination of both. The key word here is choice.

March 8, 2013March 8, 2013

10 things to consider when implementing a company BYOD / MDM Strategy

More and more companies are embracing Bring Your Own Device (BYOD) as part of a Mobile Device Management Strategy (MDM) primarily as a means to save money. The cost savings can be potentially huge but what steps should you consider with regards to implementing an MDM / BYOD Policy ?

We highlight 10 things you should think about below:

1. Do a cost benefit analysis of current company owned devices. Remember to include insurance and accessories. Work out your real savings.

2. Bring Your Own Device does not mean you have to embrace every device ! Set some guidelines. Perhaps you want to limit it to iOS and BlackBerry or iOS and Android or indeed maybe you wish to embrace the top 4. Embracing MDM / BYOD does not mean anarchy rules, set a policy. Storage Made Easy Cloud Appliance supports MDM/BYOD for BlackBerry, Android, iOS and Windows Phone.

3. As part of your move to an effective MDM /BYOD policy, understand how your employees prefer to work. Are many of your employees mobile ? Field agents ? Sales Reps ? On the move ? Is most of their work conducted in this manner ?

4. Are all your data points accessible over mobile devices ? Are they joined up ? Is application access supported across all devices ? Part of what the Storage Made Easy Cloud Appliance does is to unify data sources so they are accessible from one application on a mobile device. This can support data services that perhaps don’t even have access from the chosen mobile device. It also makes it easier to work with data from a single dashboard rather than having to install ‘n’ number of Apps.

5. Have a secure file sharing policy. You do not want employees using their devices and sharing data that cannot be audited. Not only does this promote data leak, but for regulated industries it can break compliance laws. The Storage Made Easy Cloud Appliance promotes easy data sharing but it keeps audit logs of all links shared, from the person who shared them to the remote IP address that downloaded the data. It also enables password protections and time expiry on links.

6. Ensure you have control of user access into corporate data. You may not own the user device but you still want to have some measures of protections about how users get access to corporate applications and corporate data. You need to be able to turn access off without compromising the users device. Storage Made Easy addresses this by unifying data access and letting administrators control access for any user either by device, IP Address or GEO Location.

7. As part of your MDM User policy mandate Apps that promote security, such as anti-virus / malware Apps and App such as Divide which promote the creation of separate identities and user areas for business and personal data. Don’t be shy in having a strict policy. Even though you are implementing an MDM/ BYOD policy you may still need a small selection of devices for users that will not or cannot sign up to the policy.

8. Decide whether you are going to have ‘device wipe’ as part of your policy. This is one of the most contentious areas of MDM /BYOD and if you implement it you will need to include it as part of your policy that users sign up to and ensure they understand the consequences. Note that all devices enable remote wipe. For more information on this please see the ‘remote wipe’ section on the SME Wiki.

9. Consider your policy for un-authorised Apps being used with corporate data. We have all heard of how DropBox has infiltrated enterprise IT by the back-door and is actually in use in department within companies but without official sanction by IT. Storage Made Easy handles this by enabling DropBox (or other un-sanctioned cloud storage uses) to be audited just as other corporate data, even if the user uses the DropBox service direct.

10. Policy is key. Staff need to fully understand and sign up to the MDM policy being introduced. It should be easy to understand, and easy for the staff to get access to the resources that they need from their Apps. On the company side understandin costs savings, investment needed, and security implications is key. Implementing an MDM / BYOD policy may look attractive but it requires thought and planning to be successful.

Want to know more on controlling cloud sprawl ? Read our whitepaper.

For more on BYOD, visit the BYOD section on our Wiki.

June 19, 2012June 19, 2012

IBM Bans DropBox. Here is why you don’t need to follow suit

You may have missed it but IBM recently banned their 400,000 user based from using DropBox and other services like it. Jeanette Horan, IBM’s chief information officer, said that the restrictions has been in place since a review of IBM’s BYOD policy. A great article underlining the reasons IBM made this policy change can be found in this Information Week article from Kevin Casey.

“The risk of allowing BYOC is inherent in any organization that owns confidential or critical information, which I would assume is every corporation in existence”

however how do you enforce it ?

“There’s also that minor matter of enforcement. IBM has the wherewithal to practice what it preaches, but when IT and financial resources are already spread thin, trying to keep people from sending corporate files to their personal Gmail accounts might be an exercise in futility.”

Enforcement of policy is of course a good question and one that we are happy to expand on. What IBM are really describing is the issue of what is being termed as “Cloud Sprawl” ie. the plethora of online services that can be responsible for not only information leak, but also prevent cohesive company information visibility. We have blogged about this previously.

The SME Cloud Appliance and service is the enabler for governance and control of different Cloud Storage providers, such as DropBox, and of SaaS Services, such as BaseCamp for example. There are specific controls built into the Appliance to enable IT to govern how access is granter to information and also specific controls to not only restrict access but audit access:

This can audit access of all cloud storage types including personal clouds (if it is decided to allow them in the organisation). The auditing is granular and logs each event type and IP address of any file or resource interaction:
class

User login can groups can be controlled by Active Directory integration and Access permissions can be set against groups/roles across all information resources:

As we have shown, the Cloud File Server Appliance is a mechanism for IT within SMB’s and other companies to keep control of diverse information clouds and SaaS Cloud services whilst still promoting things such as BYOD and can be used as a SaaS hosted service or can be obtained as a Virtual Machine and hosted in-house.