Kategorien
Analysis

Dropbox alternatives for the enterprise IT

The popularity of easy of use cloud storage services like Dropbox to cause IT decision makers quite a headache. Withal, the market already offers enterprise ready solutions. This article introduces cloud services for the professional use.

Dropbox drives shadow IT

Dropbox has driven cloud storage services into the enterprise. The fandom of the US provider extends from the ordinary employee up to the executive floor. In particular, the fast access, the ease of use on each device and the little costs made Dropbox to an attractive product. But what sounds like a true success story at first, is in reality a serious problem for CIOs and IT manager. Dropbox has led to a new form of shadow IT. Meant, here is the widely uncontrolled growth of IT solutions, employees and departments use without taking care of the IT department, purchasing these using credit cards. Behind this mostly stands the criticism internal IT departments are not able to deliver suitable solutions fast and in a desired quality. This leads to situations, where company data are stored on private Dropbox accounts, where they do not have to belong.

The Dropbox boom and the easy access to public cloud services in general led to a discussion about the right to exist of traditional IT departments. Sooner or later they could die out some analysts predict. Then the IT strings are in the hand of the Line of Business Manager (LOB). Yet, the reality looks different: In particular, the often anxious LOB Manager have normally neither the time nor the knowledge, to make such IT decisions. They indeed know what is important for their area, but do they have the knowledge, which systems also have to play together? For many years companies fight with not ideal integrated isolated applications and data silos. Public cloud solutions exponentiate this problem and Dropbox is just the tip of the iceberg.

To get the Dropbox phenomenon under control several vendor of enterprise cloud storage have established in the past years. The widely used Dropbox service offers by far not what typical enterprise policies and IT governance models demand.

Dropbox for Business

Since 2011 „Dropbox for Business“, a corporate offer with advanced features for more safety, team management and reporting capabilities, exists. However, the solution does not have the breadth and variety of functions like other similar offers on the market. Therefore, Dropbox is more suited for small and familiar teams that do not require as much control as larger companies. For $795 per year for five users unlimited space is available. Each additional user cost $125 per year.

Administrators get access over a dashboard to information about the activities of their users. This includes the used devices, browser sessions and applications. Here it is also possible to close browser sessions, disconnect devices and disable third-party apps.

For improved security, various authentication mechanisms can be activated, including a two-factor authentication. There is also a single sign-on (SSO) integration with Active Directory and other SSO providers. For the technical infrastructure Dropbox uses Amazon S3. This means that the data is stored in one of the global Amazon data centers. Although these data centers meet high safety standards as SSAE16, ISAE 3402 and ISO 27001. However, Dropbox does not guarantee a specific location of the data within the Amazon Cloud, like a data center in the EU. Dropbox indicates that the data is encrypted with AES 256-bit before it is stored on Amazon S3. However, Dropbox has plain text access to user files. A separate encryption is only possible with external tools.

Another deficit is the lack of audit mechanisms at file level and activities of the user. It is not possible to centrally look into a single user account, or to look for an earlier version of the file. This only works if one register as a user to look into the data. In addition, the reports provide no information about user activities such as uploading and sharing of files – a big gap in the audit process.

Strengths

  • Ease of use.
  • Supports the major operating systems.
  • Big market share and acceptance in consumer space.
  • Unlimited storage space at an attractive price.

Weaknesses

  • Dropbox has full plain text access to user files.
  • No end-to-end encryption.
  • Data encryption using external tools.
  • Weak reporting.
  • Insufficient administration and audit options.
  • Location of the data can not be set.

Box

Box is one of the well-known providers of public cloud enterprise storage and targets its functions to small and medium-sized as well as large companies.The business plan is $15 per user per month for 3 to 500 users. This includes 1,000 GB of storage space. Box for Enterprise IT offers an unlimited number of users and unlimited disk space, the prices are obtained on request.

Clients for common desktop and mobile operating systems allow synchronization and uploading of data with almost any device. Files can be locked and automatically be released after time. In addition, depending on the plan, the version history is stored between 25 to 100 files. Other functions allow external authentication mechanisms, user management and auditing capabilities. The enterprise plan offers further management functions and access to APIs.

Depending on the plan more functions open. This can be particularly well seen on the permissions level. The higher the plan, the more types of users and access rights can be assigned to an object. Business and enterprise customers also get detailed reporting capabilities. These include, among other things, information on who has viewed and modified which files. Other safety features Box offers with authentication mechanisms for Active Directory, Salesforce, NetSuite, Jive and DocuSign and single sign-on (SSO) integration capabilities. In terms of data center capacity Box cooperates with Equinix. Among others, there is a data center in Amsterdam for the European market. Where Equinix has no sites, Box relies on Amazon Web Services.

Box ‚biggest weakness is the limitation on 40,000 objects for files and folders. This restrictions customers have already pointed out in mid-2012. So far, nothing has changed. There is only the information that the limit is raised to 100,000 objects in „Box Sync 4“.

Strengths

  • Ease of use.
  • Variety of extensions.
  • Supports the major operating systems.
  • Many relevant features for business (management, audit, etc).

Weaknesses

  • Files and folders are limited to 40,000 objects.
  • Encryption codes are owned by Box.

TeamDrive

TeamDrive from Hamburg is a file sharing and synchronization solution. It is intended for companies that do not want to save their sensitive data at external cloud services, but still want to allow their teams to synchronize data or documents. For this TeamDrive monitors any folder on a PC, laptop or smartphone that can be used and edited together with invited users. Thus, data is also offline available at all times. An automatic synchronization, backup and versioning of documents protect users against data loss. With the possibility to operate TeamDrive registration and hosting server in an own data center, the software can be integrated into existing IT infrastructures. For this reason all necessary APIs are available. For TeamDrive Professional enterprise customers pay 5.99 euros per user per month, or 59.99 euros per year.

Using the global TeamDrive DNS service several independently operated TeamDrive systems can be linked together. If necessary, this allows customers to build a controlled community cloud in a hybrid scenario.

TeamDrive offers many business-related functions for the management and control of a storage service. These include a rights management on Space-level for different user groups, as well as a version control system to access older versions of documents and changes of group members. For the synchronization of the data, clients for all major local and mobile operating systems are available, including Windows, Mac, Linux, iOS and Android. With TeamDrive SecureOffice, the vendor has also brought an expansion of its mobile clients on the market, with which documents can be processed within an end-to-end encryption. An integrated mobile device management (MDM) helps to manage all devices used with TeamDrive. These can be added, blocked or erased. TeamDrive can be bound to existing directory services such as Active Directory and LDAP to synchronize the user administration.

In addition to these management functions TeamDrive features a fully integrated end-to-end encryption where the encryption keys are exclusively owned by the user. Thus, TeamDrive is not able to access the data at no time. For encryption, TeamDrive relies on AES 256 and RSA 3072

It should also be mentioned that TeamDrive, as the only enterprise storage solution, carries the privacy seal by the Independent Centre for Privacy Protection Schleswig-Holstein (ULD). The privacy seal confirms that TeamDrive is suitable for the use in businesses and governments for the confidential exchange of data.

Strengths

  • End-to-end encryption.
  • Different encryption mechanisms.
  • SecureOffice for mobile secure processing of documents.
  • Certification by the ULD.
  • Integrated mobile device management.
  • Many relevant functions for businesses.

Weaknesses

  • No locking of files.
  • No browser access.

Microsoft SkyDrive Pro

SkyDrive Pro is Microsoft’s enterprise cloud storage, which is provided in conjunction with SharePoint Online and Office 365. The service is exclusively designed for business purposes and therefore should be different from SkyDrive. SkyDrive is aimed at home users who should predominantly store and share documents and photos in the Microsoft cloud. The management of SkyDrive Pro is in the responsibility of a company. Employees should store, share, and collaborate business documents with colleagues within a private domain.

SkyDrive Pro is fully synchronized with SharePoint 2013 and Office 365. An administrator decides how the libraries can be used within SkyDrive Pro for each user. For this purpose, different access rights for users and user groups can be assigned. Using a client documents can be synchronized with the local computer. Mobile clients are available for iOS and Windows Phone. Android and Blackberry are currently not supported.

Documents or entire folders can be shared with individual colleagues or distribution lists. Access rights can be assigned for read or write access. A recipient then receives an e-mail including the comment and the link to the document and can follow it to get change information later. Sharing with partners and customers outside the domain is possible if the company supports external sharing.

According to Microsoft, all data in SkyDrive Pro will be protected with several layers of encryption. The only way to get the information, is if an administrator granted access rights to it. Furthermore, Microsoft guarantees that the private corporate data is protected from search engines so that no meta-data is collected in any form. In addition, SkyDrive Pro is compliant with HIPAA, FISMA and other data protection standards.

Strengths

  • Integration with Office 365 and SharePoint.
  • Clients for mobile operating systems.

Weaknesses

  • Proprietary Microsoft system.
  • European data center only (Dublin, Amsterdam).
  • No Android client.

Amazon S3

Over a web service, Amazon S3 (Amazon Simple Storage Service) provides the access to an unlimited amount of storage in the Amazon cloud. Unlike to competing cloud storage services the storage can only be accessed via a REST and SOAP interface (API). Amazon does not provide an own local client for synchronization. This is due to the fact, that Amazon S3 basically serves as a central storage location, many other Amazon services use to store or retrieve data. Here an ecosystem of partners help with paid clients to make use of synchronization capabilities with desktop and mobile operating systems. Using the own Amazon AWS Management Console, folders and files can be accessed via the web interface.

With the API, data as objects can be stored, read, and deleted in the Amazon Cloud. The maximum size of an object is 5 GB. Objects are organized in buckets (folders). Authentication mechanisms ensure that the data is protected from unauthorized third parties. For this purpose, objects can be marked for private or public access and assigned with different user access rights to the objects.

Amazon S3 pricing varies by region in which the data is stored. One GB of storage used for the first TB in the EU region cost 0,095 U.S. dollars per month. In addition, the outgoing data transfer is charged. Up to 10 TB per month the traffic costs $0.12 per GB.

Many other cloud storage services use Amazon S3 to store the user data, including Dropbox, Bitcasa or Ubuntu One.

Strengths

  • The API is the de facto standard in the market.
  • Very high scalability.
  • Very good track record.

Weaknesses

  • No own clients.
  • The pay-per-use model requires strict cost control.

ownCloud

Like TeamDrive, ownCloud is a file sharing and synchronization solution. It is aimed at companies and organizations that want to keep their data under control and not to rely on external cloud storage services. The core of the application is the ownCloud server. This allows to integrate the software along with the ownCloud clients seamlessly into the existing IT infrastructure. In addition, the server enables the use of existing IT management tools. ownCloud serves as a local directory which mounts different local storages. Thus, the files are available to all employees on all devices. In addition to a local storage, directories can be connected via NFS and CIFS.

The ownCloud functions form a set of add-ons that are directly integrated into the system. These include a file manager, a contact manager and extensions to OpenID, WebDAV and a browser plugin for viewing of documents such as ODF and PDF. Other applications for enterprise collaboration are available on ownCloud’s own marketplace. Files can be uploaded using a browser or synchronized with clients for local and mobile operating systems.

Security is provided via a plugin for the server-side encryption, but which is not enabled by default. Is the plugin enabled, the files are encrypted when they are stored on the server. Here, only the contents of the files, the file names themselves are not encrypted. In addition ownCloud relies exclusively on security „at rest“.

The biggest advantage of ownCloud is also its disadvantage. The control over the data, which a company recovers through the use of ownCloud, on the other hand causes costs for the setup and operation. Administrators need to have enough knowledge about the operation of web servers such as Apache, but also about PHP and MySQL to successfully run ownCloud. In addition, a meticulous configuration is needed, without the expected performance of an ownCloud installation can not be reached.

Strengths

  • Open source.
  • Variety of applications.
  • Clients support the major operating systems.

Weaknesses

  • Weak security and encryption.
  • High costs for the operation of an own ownCloud infrastructure.
Kategorien
Analysis

Criteria for selecting a cloud storage provider

Who is searching for secure and enterprise ready options for Dropbox should have a closer look to the vendors. The quest for a cloud storage vendor depends in most cases on the individual requirements. These decision makers previously need to debate and define. In particular, this includes classifying the data. Here is defined which data is stored in the cloud and which is still located in an own on premise infrastructure. During the selection of a cloud storage vendor companies should regard the following characteristics.

Configuration and integration

The storage service should be able to integrate in existing or further cloud infrastructure in a simple manner. Thus users are empowered to expand the existing storage through a hybrid scenario cost-efficient. In addition, data can be migrated from the local storage into the cloud in a self-defined period. This leads to the option to disclaim an own storage system for specific data in the long run. It is the same with the straightforward and seamless export of data from the cloud that needs to be ensured.

A further characteristic is the interaction of the cloud service with internal systems like directory services (Active Directory or LDAP) for a centralized collection of data providing to applications. For an easy and holistic administration of user access to the storage resources this characteristic is mandatory. For this, the vendor should provide an open and well documented API to realize the integration. Alternatively he can also deliver a native software.

Platform independence to access data from everywhere

The mobility for the employees become more and more important. For companies it is of vital importance to appoint their working habits and deliver appropriate solutions.

In the best case the cloud provider should enable a platform independent access to the data by providing applications for all common mobile and local operating systems as well as an access over a web interface.

Separation of sensitive and public data

To give employees data access over mobile and web applications further security mechanisms like DMZs (demilitarized zone) and right controls on granular file level are necessary. A cloud storage provider should have functions to separate data with a higher security demand from public data. Companies who want to provide the data from an own infrastructure need to invest in further security systems or find a vendor who has integrated these type of security.

Connection to external cloud services

A cloud storage can be used as a common and consistent data base for various cloud services to integrate services like software-as-a-service (SaaS) or platform-as-a-service (PaaS). The cloud storage serves as a central storage. For this purpose the vendor needs to provide an open API to realize the connectivity.

Cloud storage – Eco- and partner system

Especially for storage vendors who exclusively dispose cloud solutions, a big ecosystem of applications and services is attractive and important to expand the storage service with further value added functions. This includes, for example, an external word processor to edit documents within the storage with multiple colleagues.

Size of the vendor – national and international

The track record is the most important evidence for the past success giving a statement about the popularity based on well-known customer and succeeded projects. This aspect can be considered for a national as well as an international footprint. Besides its available capacity and therefore its technology size, for a cloud storage vendor the international scope is also vital importance. If a company wants to enable its worldwide employees to access a central cloud storage, but decides for a vendor who just have data centers in the US or Europe, not only the latency can lead to problems. Insofar the scalability regarding the storage size as well as the scope are a crucial criteria.

In addition, it is interesting to look at the vendor’s roadmap: What kind of changes and enhancements are planned for the future? Are these enhancements interesting for the customer compared to another potential vendor who does not consider this?

Financial background

A good track record is not the only reason while choosing a vendor. Not least the drama of smashup storage vendor Nirvanix has shown that the financial background must be considered. Especially during the risk assessment a company should take a look on the vendor’s current financial situation.

Location and place of jurisdiction

The location where the company data is stored becomes more and more important. The demand for the physical storage of the data in the own country increasingly rises. This is not a German phenomenon. Even the French, Spain or Portuguese expect their data stored in a data center in the own country. (http://research.gigaom.com/report/the-state-of-europes-homegrown-cloud-market/) The Czechs prefer a data center in Austria instead of Germany. More relaxed are the Netherlands on this topic. Thereby the local storage of the data is basically not a guarantee for the legal compliance of the data. However, it becomes easier to apply local laws.

Most of the US vendor cannot fulfill a physical locality of the data in each European country. The data centers are either located in Dublin (Ireland) or Amsterdam (Netherlands) and just comply with European law. Although many vendors joined Safe Harbor which allows to legally transfer personal data into the US. However, it is just a pure self-certification that based on the NSA scandal is challenged by the Independent Regional Centre for Data Protection of Schleswig-Holstein (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)).

Cloud storage – Security

Regarding the topic of security it is mostly all about trust. This, a vendor only achieves with openness. He needs to show his hands to his customers technologically. Especially IT vendors are often criticize when it’s about talking on their proprietary security protocols. Mostly the critics are with good cause. But there are also vendors who willingly talk about it. These companies need to be find. Besides the subjective topic of trust it is in particular about the implemented security which is playing a leading role. Here it’s important to look on the current encryption mechanism a vendors is using. This includes: Advanced Encryption Standard – AES 256 for encrypting the data, Diffie-Hellman and RSA 3072 for key exchange.

Even the importance of the end-to-end encryption of the whole communication rises. This means, that the whole process a user is running through the solution, from the starting point until the end, is completely encrypted. This includes among others: The user registration, the login, the data transfer (send/ receive), the transfer of the key pairs (public/ private key), the storage location on the server, the storage location of the local device as well as the session while a document is edit. In this context it is to advise against separate tools who try to encrypt a non-secure storage. Security and encryption is not a feature, but rather a main function and belongs into the field of activity of the storage vendor. He has to ensure a high integrated security and a good usability at once.

In this context it is also important that the private key for accessing the data and systems is exclusively in the hands of the user. It also should be stored encrypted on the user’s local system. The vendor should have no capabilities to restore this private key. He should never be able to access the stored data. Note: There are cloud storage vendors that are able to restore the private key and are also able to access the user’s data.

Certification for the cloud

Certifications are a further attribute for the quality of storage vendors. Besides the standards like ISO 27001, with which the security of information and IT environments are rated, there also exist national and international certificates by approved certification centers.

These independent and professional certificates are necessary to get an honest statement on the quality and characteristic of a cloud service, the vendor and all down streamed processes like security, infrastructure, availability, etc. Depending on how good the process and the auditor is, a certification can also lead to an improvement of the product, by the auditor proactively gives advices for security and further functionality.

Kategorien
Analysis

Nirvanix. A living hell. Why multi-cloud matters.

One or two will certainly have heard of it. Nirvanix has oneself transported to the afterlife. The enterprise cloud storage service, which had a wide cooperation with IBM, on September 16, 2013 suddenly announced its closure and initially granted its existing customers a period of two weeks to migrate their data. The period has been extended to October 15, 2013 as customers need more time for migration. As a Nirvanix customer reported, it has stored 20 petabytes of data.

The end of Nirvanix

Out of nowhere enterprise cloud storage provider Nirvanix announced its end on September 16, 2013. To date its not declared how it happened. Rumor has it that a further round financing failed. Other reasons are seemingly on the faulty management. Thus, the company had five CEOs since 2008 until today. One should also not forget the strong competition in the cloud storage environment. Firstly, in recent years, many vendors have tried their luck. On the other hand the two top dogs Amazon Web Services with Amazon S3, and Microsoft with Azure Storage reduce the prices of their services in regular cycles, which are also enterprise-ready. Even to be named as one of the top cloud storage service provider by Gartner couldn’t help Nirvanix.

Particularly controversial is the fact that in 2011, Nirvanix has completed a five-year contract with IBM to expand IBM’s SmartCloud Enterprise storage services with cloud-based storage. As IBM has announced, stored data on Nirvanix will be migrated to the IBM SoftLayer object storage. As an IBM customer, I would still ask carefully about my stored data.

Multi-Cloud: Spread your eggs over multiple nests

First, a salute to the venture capital community. If it’s true that Nirvanix had to stop the service due to a failed round financing, then we see what responsibility is in their hands. Say no more.

How to deal with such a horror scenario like Nirvanix as cloud user? Well, as you can see a good customer base and partnerships with global players seems to be no guarantee that a service survived long term. Even Google currently plays its cloud strategy on the back of its customers and makes no binding commitment over the long-term consist of its services on the Google Cloud Platform, such as the Google Compute Engine (GCE). On the contrary, it is assumed that the GCE will not survive as long as other well-known Google services.

Backup and Multi-Cloud

Even if the cloud storage provider has to ensure the availability of the data, as a customer you have a duty of care and must be informed about the state of your data and – even in the cloud – take care of redundancy and backup. Meanwhile functions in the most popular cloud storage services are integrated to make seamless backups of the data and create multiple copies.

Although we are in the era of cloud, yet still applies: Backup! You should therefore ensure that a constantly checked(!) and a reliable backup and recovery plan exist. Furthermore, sufficient bandwidth must be available to move the data as soon as possible. This should also be checked at regular intervals using a migration audit to act quickly in the case of all cases.

To just move 20 petabytes of data is no easy task. Therefore you have to think about other approaches. Multi-cloud is a concept which is gaining more and more importance in the future. At it data and applications are distributed (in parallel) across multiple cloud platforms and providers. On this my analyst colleagues and friends Paul Miller and Ben Kepes already had discussed during their mapping session at the GigaOM Structure in San Francisco. Paul subsequently had written an interesting sector roadmap report on multi-cloud management.

Even next to Scalr, CliQr, RightScale and Enstratius already exist some management platforms for multi-cloud, we still find ourselves in a very early stage in terms of use. schnee von morgen webTV by Nikolai Longolius for example, is primarily on the Amazon Web Services and has developed a native web application 1:1 for the Google App Engine as a fallback scenario. This is not a multi-cloud approach, but shows its importance to achieve less effort for a provider-cross high availability and scalability. As Paul’s Sector Roadmap shows, it is in particular the compatibility of the APIs that must be attributed a great importance. In the future companies can no longer rely on a single provider, but distribute their data and applications across multiple providers to drive a best-of-breed strategy and to specifically spread the risk.

This should also be taken into consideration when simply store „only“ data in the cloud. The golden nest is the sum of a plurality of distributed.

Kategorien
Analysis

Cloud storage Box could become a threat for Dropbox and Microsoft SkyDrive

To become more attractive for private users and small businesses, the cloud storage provider Box has expanded its pricing model. Immediately in addition to the existing plans for private, business and enterprise customers a Starter plan can be selected as well, which is interesting for both small businesses and freelancers as well as private customers.

Private customers get more free storage, small businesses a new plan

The offer for private users has been increased from formerly free 5GB to 10GB. In addition, the portfolio was extended with a new Starter plan, which should be target at smaller companies. This offers 100GB disk space for 1 to max. 10 users per company account for $ 5 per user per month.

Box, that addressed large companies in the first place, thus hoped that smaller enterprise customers and consumers increased to store their data in the cloud, rather than save it to error-prone local media. According to CEO Aaron Levie, Box is particularly driven by the issues of information and collaboration. Whether it is a global corporation, a small business or a freelancer, in the end it is important that you are able to share content and access it securely and reliably from anywhere, so Levie.

The new Starter plan is just a hook

To be honest, the new Starter plan is very interesting as it meets the needs of a specific target group. However, these are not small companies, but definitely private users and freelancers. The features that are offered around the storage are definitely on enterprise level. In addition to various safety features (no end-to-end encryption) at different levels, integration options over apps on the basis of an ecosystem of third party developers are available. However, 100GB are far too little for small businesses, especially since this account is designed for 1 to 10 users. 10 GB per user is very scarce very quickly. In addition, many other interesting and important features for businesses are offered just with the next plan „Business“ for $15 per user per month. Where at least three users are need to set up. This will include 1000GB storage and other security functions on folder and file level per user, integration into an Active Directory, Google Apps and Salesforce, an advanced user management, etc. So, at the end of the day, the Starter plan just serves as a hook to drum up business customer.

On the other hand, this plan is a very interesting deal for private users and freelancers who need more features at a cheaper price and a similar performance like Dropbox. Since, although the free plan was extended to 10GB, but the free limit of 50GB has been dropped. Who now needs more than 10GB must buy 100GB for $10 per month. It therefore makes a lot more sense for private users to opt for a Starter plan and only pay $5 per month or $60 per year.

The Starter plan may well ensure that Dropbox and Microsoft SkyDrive losing market share if this renewal gets around. Particular SkyDrive should dress up warmly. Although Microsoft’s cloud storage is well integrated with the Windows operating systems and continues to be the cheapest on the market. However, SkyDrive is very slow and the user experience is below average. Just to highlight a tiny but crucial detail that makes Box simply better. Transparency, what is happening in the background. By way of comparison: Box has a small app for Windows in which the status is displayed. Here you can see: the progress in percent; the approximate time until the upload is completed; the file that is being processed; how many files need to be processed; how many files are processed in total. Microsoft SkyDrive shows nothing of this. The user is completely left in the dark.

Dropbox is known as performance king. Also the ease of use is good. Nevertheless, the Box Starter plan, due to its extended functional possibilities at a cheaper price and a similar performance, has certainly the potential to compete Dropbox.

Note: Due to the current security situation, it is pointed out that Box is a U.S. based provider and the data is stored in the United States. Although, the data is stored server side encrypted. However, Box doesn’t offer an end-to-end encryption (only SSL during transmission). The key for on Box‘ infrastructure encrypted data are owned by Box and not by the user. For this reason, Box has the opportunity to decode the data independent to allow third parties access it anytime.