WHITE PAPER N Best Practices fr File Sharing An Osterman Research White Paper Published September 2014 spnsred by SPONSORED BY π spnsred by SPON spnsred by Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn 98010-1058 USA Tel: +1 253 630 5839 Fax: +1 253 458 0934 inf@stermanresearch.cm www.stermanresearch.cm twitter.cm/msterman
EXECUTIVE SUMMARY Infrmatin wrkers need t share files as part f their wrk and d s regularly. File sharing is s cmmn, in fact, that Osterman Research surveys have fund that ne in fur emails cntains an attachment, and 98% f the bits that flw thrugh the typical email system are files that are being shared with thers. Hwever, file-sharing practices tday are fraught with excess cst and risk: Using email t share files results in a lack f cntrl ver hw cntent is sent, hw it is tracked, and hw many cpies are distributed thrughut an rganizatin. Mrever, email systems d nt permit senders t cntrl wh has access t this cntent r fr hw lng it can be accessed. Traditinal FTP systems are inefficient and cntribute t the ptential fr data leaks because users share passwrds and cntent can be left n FTP servers indefinitely, many times fr years. Cnsumer-fcused file sync and share slutins, such as Drpbx, are ppular and generally wrk as designed. Hwever, mst Drpbx accunts are managed by individual emplyees, nt their emplyer, which puts rganizatins at risk f data spliatin, data breaches, r an inability t find data when needed. These tls generally d nt ffer mnitring, tracking, audit trails, r ther essential file-sharing features. The result is that mst file sharing is inefficient, t expensive, t risky, and puts rganizatins at a significant disadvantage in the cntext f managing their legal, regulatry, and best practice bligatins. It is als ntewrthy that mst rganizatins dn t think they re managing their filesharing prcesses well. An Osterman Research survey cnducted in August 2014 fund that, when asked t grade their management f file sharing in the cntext f best practices fr infrmatin security and gd infrmatin gvernance, nly 9% f survey respndents gave their rganizatin an A. Frty-tw percent gave their rganizatins a B, while a plurality 44% gave themselves a C. KEY TAKEAWAY T eliminate these risks and put IT back in cntrl f the file-sharing prcess, rganizatins f all sizes shuld implement an enterprise-grade file sync and share capability that will meet the dual needs f: a) enabling emplyees t have access t all f their files frm any device, and b) enabling IT t cntrl the rganizatin s critical data assets. Organizatins f all sizes shuld implement an enterprise-grade file sync and share capability. ABOUT THIS WHITE PAPER This white paper discusses the current prblem with file sync and share practices and the results f a survey cnducted fr this paper in early August 2014. It prvides sme recmmendatins fr what decisin-makers shuld cnsider as they implement a file sync and share capability. The paper als prvides a brief verview f its spnsr, wnclud. FILE SHARING TODAY THE DE FACTO FILE-SHARING SOLUTIONS IN USE TODAY In mst rganizatins, email has becme the de fact file transprt system. As shwn in Figure 1, virtually all f the rganizatins surveyed emply email t transfer files. Hwever, the traditinal methd f file transfer, FTP, is als widely used, as are varius clud-based file sync and share tls. Our research als fund that enterprise-grade file transfer slutins are nt yet widely deplyed. 2014 Osterman Research, Inc. 1
Figure 1 Capabilities Emplyed fr File Transfer % f Organizatins in Which Capability is Used Surce: Osterman Research, Inc. REASONS FOR THE DOMINANCE OF EMAIL FOR FILE TRANSFER Email wes its dminance in the file transfer space t fur primary attributes that make it well suited as a cmmunicatins and cllabratin platfrm: Email is the mst imprtant single applicatin emplyed by mst infrmatin wrkers. Almst all email clients, including many Webmail systems, allw drag-and-drp f files int email messages. This is an essential element f the ease-f-use experience. Email has becme the default methd fr sending files in almst every rganizatin. Virtually all email systems are built t industry standards and ffer users a high degree f assurance that emails can be received and pened by any recipient. Almst every cmputing platfrm has an email client r ther access t crprate email, making it a nearly universally available platfrm fr sending files. As a result, email has becme the default methd fr sending files in almst every rganizatin. While ther tls are used t send electrnic files, email cntinues t be the main platfrm that individuals use t send cntent. IMPORTANT TRENDS IN FILE SHARING Varius file sync and share tls are widely used, including Drpbx, Ggle Drive, Apple iclud, Micrsft OneDrive, Bx, and many thers. These tls enable emplyees t access files frm any platfrm and send large files t thers. Mst f these tls are clud-based and ffer varius tiers f strage many vendrs emply a freemium mdel that prvides anywhere frm tw t 15 gigabytes f strage per accunt at n charge. A testament t the grwth f the file sync and share market is the significant number f new entrants int this space and the number f acquisitins that have ccurred ver the past tw years. 2014 Osterman Research, Inc. 2
Crprate data security is becming mre critical at the same time, evidenced by the increasing imprtance f preventing data breaches. Mtivated by an increasing number f cmpliance regulatins, as well as grwing cncerns ver data leaks and crprate data gvernance, IT is pushing fr mre visibility int hw emplyees are transferring cntent and the types f cntent that are sent inside and utside the rganizatin. Mrever, as cmpanies, business partners, and members f crprate wrkgrups becme mre gegraphically distributed as a result f telewrk schemes and increased reliance n business partnerships, there is a grwing need t imprve the reliability and ease f sharing critical dcuments, bth fr manual transfer f cntent and fr integratin with autmated business prcesses. The imprtance f telewrk shuld nt be underestimated. Emplyees and cntractrs are becming mre gegraphically distributed as rganizatins f all sizes implement telewrk prgrams t reduce the csts f rent and ther expenses assciated with prviding emplyees with ffice space. As a result, emplyees wh can n lnger wrk tgether physically nw rely mre n dcument sharing by email and file sync and share tls in rder t cllabrate n prjects. Clsely related is the grwing BYOD (Bring Yur Own Device), Bring Yur Own Applicatins (BYOA), and Bring Yur Own Clud (BYOC) trends amng emplyees wh increasingly use persnally wned capabilities t d their wrk. Fr example, Osterman Research has fund that the majrity f Apple iphne and Andrid smartphnes in the wrkplace tday are persnally wned, suggesting that mst rganizatins have simply accepted the BYOD, BYOA, and BYOC deplyment mdels as the nrm. THE STATUS QUO IS NOT OPTIMAL THERE ARE SERIOUS PROBLEMS WHEN EMAIL IS USED FOR FILE SHARING Email was designed as a cmmunicatin tl, nt as a file-sharing r cllabratin system. Hwever, email has becme the de fact file-sharing system in mst rganizatins. The result is that its use fr transprting the majrity f files in mst rganizatins leads t a variety f prblems. Fr example, as shwn in Figure 2 (n page 4), mre than ne-half f rganizatins reprt a variety f prblems assciated with managing email systems that are directly attributable t its use as a file transprt platfrm. Further, even prblems that are identified by fewer than ne-half f rganizatins as serius still pse threats t email system uptime and the ability t maintain the integrity f sensitive r cnfidential cntent. Email was designed as a cmmunicatin tl, nt as a filesharing r cllabratin system. When using email as a file-sharing system, crprate gvernance fr crprate data can be seriusly lacking. An imprtant aspect f this lack f crprate gvernance is that perfrming audits n r delivery verificatin f cntent sent t thers via email is difficult, if nt impssible. Fr example, if a user attaches a time-sensitive dcument t an email, nrmally the nly way t verify its delivery is t send anther email r cntact the recipient in sme ther way. Mst email systems d nt have the ability t track the flw f cntent frm sender t recipient thrughut the entire transfer prcess. Other prblems can ccur when using email fr file sharing: Lss f emplyee prductivity because f mre frequent email system dwntime incidents, as well as lnger dwntime incidents because f the large vlume f data that must be restred after a system dwntime. Pr email server perfrmance because f the large vlume f email that cntains attachments and s cnstrains bandwidth and cnsumes an inrdinate prprtin f email server CPU cycles. 2014 Osterman Research, Inc. 3
Significant duplicatin f files when the same attachment is sent t multiple parties. This alne can cntribute significantly t the blat f strage n email servers, n backups, and in email archives. Mrever, duplicatin f files makes it mre difficult and expensive t find relevant cntent during early case assessments, ediscvery, r a regulatry audit. Figure 2 Prblems in Managing Email Systems % Respnding a Serius r Very Serius Prblem Prblem % Grwth in messaging strage 46% Increasing message size 45% Enfrcing an email retentin / deletin plicy 43% Excessively large mail stres n the server 43% Increasing backup and restre times 41% Use f email fr sending files 39% Users sending attachments that are t large 37% Viruses, wrms, Trjan hrses, malware, etc. 35% Managing spam 36% Strage csts 35% Sftware licensing csts 34% Users sending cnfidential data imprperly 33% Supprting legal r cmpliance in searching fr cntent 30% Backups take t lng 28% Users pestering IT abut mailbx-size qutas 25% Ttal cst f wnership 24% Lack f netwrk bandwidth 22% Cmplying with regulatins like HIPAA, SOX, etc. 21% Reliability/uptime f email servers 19% Perfrmance/speed f email servers 17% Emplyees persnal use f crprate email 16% Finding qualified IT persnnel t manage email systems 16% Denial-f-service attacks 14% Scalability 15% Time required fr managing email server sftware 11% IT having difficulty meeting service-level agreements 8% Surce: Osterman Research, Inc. EXISTING SOLUTIONS OFTEN DO NOT MEET CORPORATE OR USER REQUIREMENTS There are varius ther file sharing related prblems faced by rganizatins that need t share infrmatin electrnically: IT typically lacks cntrl ver cntent because mst f this cntent is sent thrugh email, nn-secure file sync and share tls, r ther nn-secure means. While many cnsumer-fcused slutins like Drpbx wrk as intended, they ften lack the IT-fcused functinality needed t centrally manage crprate cntent. While IT is ften respnsible fr crprate gvernance, it lacks the ability t fully cntrl the flw f infrmatin sent thrugh nn-secure tls, particularly when emplyees are in cntrl f their wn accunts. Mrever, IT has little visibility int cntent sent via means ther than email, such as cludbased file-sharing tls, physical delivery, USB drives, persnal Webmail, etc. Indicating just hw much crprate decisin-makers are cncerned abut file transfer f files thrugh tls like Drpbx, Figure 3 demnstrates that fur f 2014 Osterman Research, Inc. 4
five rganizatins have at least sme level f cncern with the use f these widely deplyed tls. Figure 3 IT Management s Cncern Abut the Use f Emplyee-Managed Services Surce: Osterman Research, Inc. Mst file-sharing systems d nt permit centralized search and discvery f crprate cntent. Fr example, infrmatin that might be needed fr an ediscvery effrt r a regulatry audit may be difficult r impssible t find when stred in clud-based file sync and share tls that are managed by emplyees. Mrever, the distributin f data amng the varius file-sharing slutins that might be in use in an rganizatin and the inaccessibility f these cntent stres t the IT r legal department charged with finding it is a very serius prblem when quick turn-arund times are required. Mst file-sharing systems d nt permit centralized search and discvery f crprate cntent. The FTP systems deplyed in mst rganizatins used in 50% f rganizatins, as shwn in Figure 1 (n page 2) are quite useful fr sending large files, but they have tw serius drawbacks: First, FTP slutins in many rganizatins lack rbust security because users ften share lgin credentials. Secnd, the cntent n FTP systems is nrmally left unmanaged and unattended after files are sent, creating crprate gvernance prblems and greater ptential fr data breaches. The latter prblem is typically the mre serius, since this can result in access t sensitive r cnfidential cntent by unauthrized parties ver lng perids. Anther serius prblem with FTP is its reliability. Because FTP cannt inherently recver frm an errr, it des nt send an alert when a prblem has ccurred. Further, FTP may nt reliably transfer very large files in sme situatins, nr maximize bandwidth usage, sending files at a lwer speed than the available bandwidth wuld allw. This means nt nly that file transfers take lnger than necessary, but that the value f the purchased bandwidth is smetimes nt being realized. Many rganizatins have deplyed Micrsft SharePint t deal with cntent management issues, including file sharing. While SharePint is a useful tl, ur research has fund it t require a significant investment f time and ther IT resurces t manage prperly. If SharePint is t be used primarily as a glrified 2014 Osterman Research, Inc. 5
file share, it definitely represents an verkill apprach t the prblem f sharing cntent. Managing file-sharing slutins can be a time-cnsuming effrt fr IT staff. If FTP systems are used, then IT must manage these servers and deal with user issues as they arise. If email is used fr transferring files, then IT must spend time dealing with email prblems caused by mailbx qutas being exceeded. The majrity f emails and attachments are sent withut any encryptin. This increases the ptential fr data breaches and the risk f nn-cmpliance with a number f legal and regulatry bligatins t prtect sensitive data in transit and at rest. Because 46 US states nw have data-breach ntificatin laws and tw US states have enacted statutes that require the encryptin f certain cntent types when sent intra-state, file transfers that cntain sensitive infrmatin must be encrypted. Mrever, many cuntries arund the wrld have strict data svereignty laws. Data encryptin helps rganizatins t meet their varius natinal and glbal cmpliance bligatins. Mst users will send files electrnically, but sme users faced with the need t transfer very large files r large numbers f files will smetimes burn a CD-ROM r DVD-ROM and send it via physical delivery. This nt nly decreases the security f transferring files but als increases crprate csts. Mrever, it is difficult t cntrl this cntent nce it leaves the enterprise. Many industries such as healthcare, financial services and legal require cntent t be managed thrugh its entire lifecycle. Fr example, at the end f a legal case, lawyers are required t purge sensitive cntent prvided t expert witnesses such as medical recrds. This is difficult t cnfirm if a cmpany mails ut a CD r DVD. It is much easier t revke access t cntent (and track that) frm an enterprise file sync and share service. LOOSENING IT CONTROL OVER CORPORATE DATA AND FILE- SHARING PRACTICES Organizatins have traditinally relied n end users t decide what infrmatin shuld be kept, what shuld be deleted, where infrmatin shuld be stred, and fr hw lng it shuld be retained. Cnsequently, rughly three-quarters f crprate data tday is generated and cntrlled by individual emplyees. In mst cases, this practice is ineffective and causes what many refer t as cvert r undergrund archiving, in which individuals end up keeping everything in their wn unmanaged strage repsitries r archives, such as clud-based strage systems r lcal.pst files. These undergrund archives effectively lck mst f the rganizatin s infrmatin away, hidden frm everyne else in the rganizatin, and give birth t the phenmenn called dark data an undergrund f unmanaged, uncntrlled, and unstructured data. Inexpensive, clud-based strage has nly served t exacerbate the prblem f dark data. Undergrund archives effectively lck mst f the rganizatin s infrmatin away, hidden frm everyne else in the rganizatin, and give birth t the phenmenn called dark data. The prblem is mst evident in the widespread and grwing use f file sync and share tls. While these tls are useful fr individual users, they allw crprate plicies, legal requirements and regulatry bligatins t be circumvented, creating a serius infrmatin gvernance prblem. The net result is that while emplyees becme mre empwered, IT s cntrl ver crprate data gets reduced. This is nt a necessary balance but a cmmn ne nnetheless. IS DATA REALLY DELETED? Anther imprtant issue fr crprate decisin-makers and a grwing prblem as emplyees manage mre data n persnally wned devices and in clud-based data stres is the prblem f data nt really being deleted. Fr example, crprate data that is stred n an emplyee s persnal smartphne might nt be deleted when that emplyee leaves the cmpany r lses his r her device. An Osterman Research 2014 Osterman Research, Inc. 6
survey n BYOD issues cnducted during August 2014 1 fund that nly 83% f persnally wned smartphnes can be remtely wiped by IT. Anther Osterman Research survey cnducted in June 2014 fund that 84% f infrmatin wrkers wh used Drpbx in a previus jb still had access t the same accunt many times husing their previus emplyer s infrmatin in their current jb. Hwever, the prblem extends t clud prviders themselves, since sme prviders d nt necessarily delete custmer data even after the custmer has deleted it. Fr example, Ggle s privacy plicy states that, after yu delete infrmatin frm ur services, we may nt immediately delete residual cpies frm ur active servers and may nt remve infrmatin frm ur backup systems. 2 Drpbx states that it saves all deleted files fr 30 days 3 These issues create serius cntrl prblems fr rganizatins that must maintain strict cntrl f their crprate data. THE CONSUMERIZATION OF IT IS AN ENORMOUS PROBLEM The cncepts f BYOD, BYOA, and BYOC which are part f the larger trend tward the cnsumerizatin f IT are simple: Emplyees use their wn devices, apps and clud-based services t access crprate cntent and ther resurces like email, databases, and varius applicatins. It is essential t nte that the cnsumerizatin f IT cvers a wide frnt: It includes scial technlgies, clud-based tls t access cntent in a faster and easier way, and mre cnsumer-riented expectatins within the wrkplace. The ppularity f the cnsumerizatin trend is evident in the large prprtin f mbile phnes used in the wrkplace, the grwing number f mbile apps used t create and access crprate cntent, and the widespread use f file sync and share tls. CORPORATE RISK IS INCREASING Amng the varius risks assciated with the IT cnsumerizatin phenmenn in general and file sync and share in particular are: Inadequate cntent management Cntent created and stred in Drpbx, fr example, is less accessible t the rganizatin at large. This makes it mre difficult fr the rganizatin t knw the cntent it has available fr ediscvery r regulatry audits, increases the difficulty f accessing this data when required, and makes cntent retentin mre difficult. The lack f an audit trail in mst file sync and share slutins cntributes t the serius risk assciated with their use in a crprate envirnment. This can lead t a greater risk f evidence spliatin, greater risks in satisfying regulatry bligatins, and mre difficulty in managing cntent retentin perids. The prblem is magnified when emplyees leave a cmpany and d nt prvide access t the crprate data in their persnal accunts befre they leave. Amng the varius risks assciated with the IT cnsumerizatin phenmenn in general and file sync and share in particular is the inability fr rganizatins t manage their cntent adequately. Security risks An emplyee wh uses a file-sharing applicatin t sync crprate cntent fr use n a hme cmputer and inadvertently infects ne r mre files with malware in the prcess can intrduce this threat t the crprate netwrk when syncing files. This is a critical issue that can wreak havc fr crprate security staff, lead t lss f data, r create a variety f ther prblems. Related t this is the increased risk f data breaches frm cntent that is sent unencrypted thrugh file sync and share tls. Regulatry r legal sanctins Inadequate recrd-keeping r supervisin can result in a number f regulatry r 1 BYOD Market Trends Thrugh 2016, Osterman Research, Inc. 2 http://www.ggle.cm/plicies/privacy/ 3 https://www.drpbx.cm/help/969 2014 Osterman Research, Inc. 7
legal sanctins. Persnally managed cntent is treated as a frm f electrnic cmmunicatin by curts and regulatrs and s is subject t the same rules as thse fr email. Thus, rganizatins must take int accunt regulatry rules and ediscvery guidelines when devising their BYOD, BYOA, and BYOC plicies and prcedures. Unauthrized expsure f data Anther risk, and ne that is n the increase as a result f gvernment access t private infrmatin, is the ptential fr cntent sent thrugh unmanaged file sync and share tls t be expsed as part f gvernment data-gathering prgrams. This culd result in crprate data being subject t subpena r therwise expsed despite the intent f file sync and share service prviders t prtect their custmers data. RISKS LEAD TO COSTS All f these risks can lead t direct and/r indirect csts. Fr example, an inability t prduce all necessary data during a legal actin r a regulatry audit can result in fines r ther sanctins. Having data scattered acrss the rganizatin in persnal file-sharing accunts can require extra IT staff r legal staff time t find and prcess. Malware such as a keystrke lgger that is intrduced int an rganizatin thrugh an unmanaged file-sharing applicatin can result in the lss f finances (e.g., thrugh exfiltratin f funds frm a crprate bank accunt), lss f intellectual prperty, r a data breach. There are varius ways f quantifying these csts, althugh the example belw takes a quantitative business analysis apprach t estimating them. Fr example, let s assume that the use f nn-secure file-sharing slutins will result in the fllwing ptential risks and csts: Spliatin f data in a lawsuit: A 2.0% likelihd each year f a $200,000 sanctin fr lsing data. Intrductin f malware: A 2.5% likelihd each year f lsing $250,000 as a result f a single malware incident. A data breach f just 5,000 recrds: A 4.0% likelihd each year f incurring remediatin csts f $200 per recrd. Multiplying the likelihd f each incident by the cst f the event actually ccurring results in a ttal annual cst f $50,250. Hwever, it s imprtant t nte that these are rather cnservative estimates (a 2.0% chance equates t a single incident nly nce every 50 years), bth fr the likelihd f each event ccurring and its ptential financial impact the csts culd be dramatically higher. One f the mst imprtant differentiatrs between cnsumer and enterprise file sync and share is the primary cntrller f the infrmatin stred in these tls. BEST PRACTICES FOR EVALUATING FILE- SHARING SOLUTIONS Osterman Research recmmends a number f best practices that decisin-makers shuld cnsider as they plan a migratin frm the cllectin f unmanaged file sync and share slutins in their rganizatin t an enterprise-grade file sync and share capability: Fcus n ease f use Enterprise-grade file-sharing slutins must cmpete against the grwing number f easy-t-use, cnsumer-fcused file sync and share tls like Drpbx, Ggle Drive, Micrsft OneDrive, Apple iclud, and ther tls t which users have becme accustmed and upn which they depend t imprve their prductivity. As a result, an enterprise-grade file-sharing slutin must be simple t use and have a pleasing interface if IT expects users t emply it. Regardless 2014 Osterman Research, Inc. 8
f hw much IT dictates that users stp using their favrite file sync and share tl r attempts t frce the use f alternatives that are less appealing, users will nt use a tl if they dn t want t. Cnsider hw data is t be managed There are tw basic appraches t file sync and share: Mve data int specific repsitries, either n-premises and/r in the clud, r leave the data in its riginal lcatin but still share it securely. Either apprach can be used t manage data securely. The decisin will depend n the particular IT architecture that an rganizatin emplys, its preference fr string data in the clud r behind the crprate firewall, the regulatry envirnment that dictates where data can be stred, and ther factrs. Fcus heavily n crprate gvernance Establishing crprate gvernance f data is becming a mre serius issue as state, prvincial, and natinal gvernments fcus n stpping breaches f sensitive and cnfidential data. Because data breaches have been n the increase, we expect that laws and crprate plicies designed t gvern data mre effectively will becme stricter in the future. Because f this, rbust file sync and share slutins that will be able t satisfy gvernance requirements must becme a higher pririty. Put IT back in cntrl f the file-sharing prcess One f the mst imprtant differentiatrs between cnsumer and enterprise file sync and share is the primary cntrller f the infrmatin stred in these tls. In a cnsumer-centric IT apprach, individual emplyees are in charge f the crprate data, thereby intrducing the risks discussed earlier in this paper. In an enterprise-centric apprach t file sync and share, IT is in charge. Implementing a slutin fcusing n the latter is essential because it minimizes risk, ensures that crprate plicies are implemented and enfrced, and allws apprpriate cntrl ver sensitive and cnfidential crprate data. A key element in putting IT back in cntrl f the file sync and share prcess is the ability t reign in cnsumer-fcused file sync and share slutins as part f the rllut f the enterprise-grade capability. This ensures that users dn t end up using bth. Cnsider the deplyment ptins The majrity f cnsumer file sync and share slutins are managed in the clud. Enterprise-grade slutins, n the ther hand, typically permit the ptin f clud strage f cntent, n-premises strage, r a cmbinatin f bth. Mrever, if an rganizatin pts fr clud strage, the decisin t use public strage in a shared, multi-tenant envirnment shuld be cnsidered relative t a private clud apprach that is nrmally mre secure. There is nt necessarily a right apprach t enterprise-grade file sync and share, althugh highly sensitive data shuld, in many cases, be left n-premises r, if in the clud, managed using a private-clud mdel. Enterprise-grade file sync and share slutins include the ability t manage data thrughut its lifecycle. Fcus n the lifecycle f crprate data Enterprise-grade file sync and share slutins include the ability t manage data thrughut its lifecycle. Unlike mst email and FTP systems in which cntent is mstly unmanaged after being sent, enterprise-grade file sync and share slutins will allw cntent t be managed by senders and by IT with capabilities such as making the cntent available nly fr a limited time r allwing its access nly by authrized parties. This makes data breaches less likely and will imprve IT s ability t manage data in accrdance with regulatry, legal, and crprate plicy requirements. Ensure that essential capabilities are included The requirements fr any enterprise-grade file sync and share slutin will vary based n the particular needs f the rganizatin, but shuld include several key 2014 Osterman Research, Inc. 9
elements, such as: The ability t track files and create an audit trail f all infrmatin managed with the slutin. The ability t integrate with existing backup, archiving, mnitring, authenticatin, security, enterprise mbility management and ther slutins. The ability t integrate with r prvide messaging capabilities alng with file transfer. Rbust access cntrls that include highly granular permissins cntrl. Virus and malware scanning. The ability fr cntent t be accessed easily frm mbile devices. Rbust encryptin. Tampering preventin. Finally, slutins shuld be highly scalable, require a minimum f IT effrt t manage, and require very little training s that new users can get up t speed quickly. Cnsider integrated slutins Many rganizatins will want t cnsider their deplyment f a secure filesharing slutin in cnjunctin with a secure email capability because f the synergy between the tw slutins. A few vendrs ffer integrated secure filesharing and secure email capabilities, allwing bth t be managed tgether. 2014 Osterman Research, Inc. 10
SPONSOR OF THIS WHITE PAPER wnclud helps enterprises cncerned abut sensitive data leakage deliver a secure file sync and share slutin n site, n their strage, integrated with their infrastructure and security systems, managed t their plicies. The result is an easyt-use slutin that prvides cmplete cntrl ver sensitive crprate data. wnclud integrates seamlessly int existing user directries, gvernance, security, mnitring, strage and back-up tls becming part f the existing infrastructure and allwing IT t leave data where it is. And because wnclud is pen -surce and pen by nature, plug-in apps exist t extend wnclud ut f the bx, enabling LDAP/AD integratin, file versining, file sharing, external file system munts, and much mre. Yur Clud. Yur Data. Yur Way. Fr mre infrmatin visit www.wnclud.cm. www.wnclud.cm @wnclud sales@wnclud.cm +1 781 778 7577 2014 Osterman Research, Inc. All rights reserved. N part f this dcument may be reprduced in any frm by any means, nr may it be distributed withut the permissin f Osterman Research, Inc., nr may it be resld r distributed by any entity ther than Osterman Research, Inc., withut prir written authrizatin f Osterman Research, Inc. Osterman Research, Inc. des nt prvide legal advice. Nthing in this dcument cnstitutes legal advice, nr shall this dcument r any sftware prduct r ther ffering referenced herein serve as a substitute fr the reader s cmpliance with any laws (including but nt limited t any act, statute, regulatin, rule, directive, administrative rder, executive rder, etc. (cllectively, Laws )) referenced in this dcument. If necessary, the reader shuld cnsult with cmpetent legal cunsel regarding any Laws referenced herein. Osterman Research, Inc. makes n representatin r warranty regarding the cmpleteness r accuracy f the infrmatin cntained in this dcument. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. 2014 Osterman Research, Inc. 11