Aah, that warm sharing feeling. Just don't let the cloud rain on your firm

How to get biz-level file sharing right the first time, every time

Parting of the ways

Although cloud support really isn't a problem, one area most definitely is: mobile devices. These are great because they not only let you access your data from anywhere, but with modern 3G and 4G networks you can do so with the kind of performance level you would expect on your corporate LAN.

Cirrus clouds

The problem is that as well as accessing data on mobile devices you can also store data on them. So what happens when someone leaves the company?

Sure, they will have to give back their corporate smartphone, but what if you have decided to encourage a policy of BYOD (bring your own device)? How do you prevent an army of users with data on their own phones and tablets from strolling off with your intellectual property?

The answer is mobile device management (MDM). You let your users access applications in a thin-client setup using the likes of Citrix Receiver, so that the data they are looking at doesn't sit on the phone itself.

And you let people view their corporate email on what looks like a smartphone-based email application but which is really a sandboxed application that can be configured to encrypt emails and make them readable only when the device is able to contact the server and confirm that it is still a registered, permitted device.

Similarly with files: by all means make them look like they are on the device, but ensure that in fact they are also in a sandbox protected by an application that will encrypt or completely delete the data if it is unable to authenticate to your home base.

The point here is that the data doesn't escape from the control of the organisation. You can apply central policies that ensure that when the mobile devices step outside the realm of control, so does the user's access to the data.

This can be either because the user has left the company or (if that is the way you have configured the viewing options) because the device is out of Wi-Fi/3G range and hence can't authenticate to home and confirm to itself that the user is entitled to see the information it holds.

And finally

On the surface the overall task of sharing files across your business is complicated, particularly if you want to do it seamlessly, securely and in a performant fashion.

In reality, though, to use the hideously over-used analogy it is rather like an onion. The whole apparently complex story is simply a collection of pretty straightforward layers.

By tackling these one step at a time you will suddenly find yourself with an implementation you didn't think possible. First, start with a directory service that you understand, possibly separate ones per location but preferably a single overall service split into sites.

Define permissions based on role to eliminate the need for information about remote people. Ensure that sites can communicate properly, using optimisation technology where you need to. Abstract the physical locations into a virtual global entity using the likes of DFS.

Turn on replication where it is sensible to do so; in the case of read-only access for database reporting, for example, it is a no-brainer.

Ask yourself whether you can put any or all of your data in the cloud instead of trying to host it on your own kit.

Finally, consider how the data will be accessed on each of your platforms – whether it is through a thin-client window or by syncing it to the end device so it can be read offline. And if the latter, make darned sure you are confident you can prevent someone strolling off with it. ®

Sponsored: Network DDoS protection