Top Five Requirements for Secure Enterprise File Sync and Sharing

Top Five Requirements

for Secure Enterprise

File Sync and Sharing

Mobilize enterprise data. Empower users anywhere.

Maintain security and control.

Employees depend on data to be productive. Learn what it takes to

enable anywhere, any-device access to information without exposing

People depend on business data to be productive—but when they

rely on personal online file sharing accounts to mobilize data, they

expose the organization to significant security risks. If IT simply

blocks these accounts without providing a sanctioned alternative,

business productivity will suffer, but allowing their continued use

isn’t an option either. Instead, IT needs a file sync and sharing

solution with the security, control and flexibility IT requires, as well

as a rich, consumer-like user experience to ensure full adoption.

This paper discusses the five essential criteria for secure enterprise file sync and sharing, including secure IT oversight, flexibility over where business data is stored, integration with existing

infrastructure, a rich user experience and support for next-generation workspaces. Provided by the leader in mobile workspaces, Citrix® _ShareFile® _{meets the requirements for secure enterprise file}

sync and sharing to enable true business mobility.

The risks and challenges of mobile data access

Data fuels productivity. To collaborate and drive business value, people rely on the ability to access and

share files wherever work takes them, and on any device they use. The need is so critical that employees won’t wait for IT to provide a sanctioned file sync and sharing capability—if none is available, they’ll find their own way to get it done. But personal online file sharing accounts can create

serious risks for the enterprise, such as putting business data at risk; opening the network to external threats, data loss and malware; violating regulatory rules; and allowing enterprise data to go outside

of IT control and be stored on personal file sharing services. Even with the best of intentions,

employees can cause untold damage to their business simply by trying to get their work done. The dangers of unmanaged mobile data access are clear. When an employee stores business data

in a personal file sharing account and shares files with third parties, IT has no visibility into what

type of data is stored there, whether any sensitive business data is leaving the building or

enterprise control, and who else might have access to shared files and folders. When an employee

leaves the company, data synced from the individual’s corporate desktop or laptop to a personal

file sharing account remains in that account, and can be downloaded to any other device— personal or belonging to another business—that the individual uses. Personal file sharing services also pose a compliance nightmare, as IT has no way to verify where and how corporate data is

being stored, who has access to it, and whether it is being managed, retained and archived in keeping with corporate policies.

This problem is rampant in the enterprise. According to an Enterprise Strategy Group report, a vast majority (70 percent) of organizations know or suspect their employees are using personal online

file sharing accounts without formal IT approval1_{. Many IT organizations have yet to find an}

effective solution. Often, they resort to one of two measures, neither of them adequate: blocking the use of these unsecure services and thereby reducing business productivity, or allowing their

use and compromising security. Making it even harder to combat, personal cloud file sharing

services are omnipresent on many smart devices now. Employees who use their own smart phones

at work have quick access to these pre-installed personal file sharing tools. Employees need these

tools to be productive, so it’s up to business to keep their data safe and deploy equivalent

enterprise-class capabilities in the workplace to address the online file sharing demands. An enterprise file sync and sharing (EFSS) solution provides a way for IT to secure enterprise

information access and prevent the leakage that can result from uncontrolled and non-secure

personal cloud services. Beyond addressing security threats, EFSS provides benefits for both users and the business by supporting bring-your-own-device (BYOD) and corporate mobility initiatives,

and ultimately enhances data sharing, collaboration and productivity.

Addressing the requirements for secure data sharing in the enterprise

As a leader in business mobility, Citrix protects and guards the world’s most sensitive information, simplifying and verifying the security and sharing of data in corporate apps and documents across

locations, networks and devices. IT can ensure the right level of secure access for every individual

and situation with visibility and control to address privacy, compliance and risk management priorities without compromising end-user productivity.

Based on this experience, Citrix has identified five essential areas any enterprise-ready data access, sync and sharing solution must address to meet people’s collaboration needs and IT’s

requirements for security and control. These include:

1. Secure IT oversight including authentication and authorization, granular access control, device security and reporting.

3. Integration with existing infrastructure to mobilize existing network shares and content repositories.

4. A rich user experience that promotes rapid adoption to wean users off personal file sharing

services.

5. Support for next-generation workspaces so people can work and collaborate productively from anywhere.

These requirements are explored in this paper, together with a discussion of how each is addressed

by Citrix ShareFile. As an enterprise data sync and sharing solution, ShareFile enables IT to deliver a

secure, managed and robust service that meets the mobility and collaboration needs of all business users. ShareFile complements Citrix technologies for enterprise mobility management (EMM), Windows app and desktop virtualization, collaboration and secure cloud networking as part of a complete business mobility strategy.

1. Secure IT oversight

IT faces an urgent need to regain visibility and control over how and where business data is

accessed and shared, and by whom. At the same time, it’s important not to limit productivity by enforcing unnecessary restrictions on data access that fail to take into account the actual

requirements of each scenario. IT must strike the right balance by keeping data as secure as

possible wherever and however it is used, while ensuring the greatest allowable freedom for each user in each scenario.

An EFSS solution must provide all the features of personal online or consumer-grade file sharing services similar to Dropbox and Box, plus advanced security features to protect data and retain IT control and visibility. With ShareFile, IT can allow the right level of data access and sharing for each

user and scenario, while gaining full visibility and control to protect business data effectively.

Authentication and authorization

With more people accessing business information from anywhere and from any device,

authentication and authorization become more critical than ever. IT needs to be able to define

strong authentication and authorization policies over who can access what, in what scenarios. ShareFile makes it simple to enable secure authorization through SAML 2.0 integration with Active Directory, as well as through popular business SaaS applications like Salesforce.com using industry

recognized OAUTH 2.0 standards. IT can use granular administrative controls to allow contextual

access: instead of controlling access only at login, and granting unlimited access to authenticated users, ShareFile makes it possible to reevaluate access for each request and transaction, then allow download-only access or full upload/edit/delete rights for users to authorized content depending on their location, role, device and other criteria. Mobile device policy-based controls and real-time application monitoring help administrators tune their security policies as needed.

Access control and secure collaboration

Work teams increasingly span organizations and third parties play a greater role in business, including partners, suppliers, agencies, outsourcing providers and contractors. This creates the

need for people to be able to share files easily with anyone inside or outside the organization— without exposing the enterprise network to risk. A complete file sharing and sync service for the enterprise should provide the ability to securely access and share files, including file shares inside

the network, with anyone, anywhere.

With ShareFile, IT can allow people—including trusted third parties—to access and share files from

anywhere. Granular access controls and security policies, including device security policies, can be

defined for both employees and third-party users through the same service.

Key capabilities include the ability to require a log-in with defined password complexity for each

user account, restrict the number of downloads available to a given user, restrict upload and

download permissions for users added to team folders, and expire links to files whenever desired. IT can also restrict access based on network location. People can share data easily and securely with third parties who don’t have a ShareFile account, including the ability to request files from them to be uploaded directly into a specific folder in ShareFile. All device security policies can be configured for all users of the account.

Data security

An EFSS solution must also protect data while in transit, at rest, in storage and backup. Files are transferred through ShareFile over a secure SSL/TLS connection and are stored at rest with AES

256-bit encryption. Through the Passcode Lock feature, IT can leverage the mobile device’s

encryption capabilities and enforce encryption for all ShareFile data on the device.

The datacenters that host the ShareFile web application and databases are SSAE 16 accredited and

the data centers that host the file storage application are SSAE 16 and ISO 27001 accredited.

Citrix implements and maintains commercially reasonable and appropriate physical, technical and

organizational complimentary controls to protect customer data. Citrix ShareFile is PCI-DSS compliant and will enter into a HIPAA business associate agreement. Citrix also offers ShareFile Cloud for Healthcare, a secure enclave within a private cloud where IT can upload, store and share patient heath information (PHI) and meet strict HIPAA compliance laws. ShareFile Cloud for Healthcare is technically compliant with the HIPAA Security Rule.

Device security

With mobile devices now ubiquitous in the business environment, it is critical for IT to ensure that

the business information on tablets, smartphones and laptops does not fall into the wrong hands—especially when a device is lost or stolen.

ShareFile provides extensive controls to provide complete protection for mobile applications and

data, and to ensure end-to-end security. Key features include remote wipe of ShareFile-stored files

and passwords, poison pill and data expiration policies, mobile device encryption, passcode lock, and the ability to restrict the use of third-party apps and jail broken devices.

In addition to being sold as a standalone service, ShareFile is also available as part of the Citrix

XenMobile® _{enterprise mobility management solution. This integration provides complementary}

security features including mobile app containers to keep individual mobile apps and their data separate from other content on the device and let you assign security policies on a per-app basis;

single sign-on; scenario-based access controls; and the ability to manage and configure corporate

and personally-owned devices, including app blacklist/whitelists, full or selective device wipe, and

enterprise integration via LDAP and PKI.

Robust reporting and auditing

To maintain compliance with IT standards and governance mandates, IT needs complete visibility into file access, sync and sharing activity.

ShareFile provides comprehensive capabilities to track, log and report on user file access, sync and

sharing activity, including the date, type, place and network address of each user event. Multiple

versions of files can be stored to create full audit trails of editing activity. If a remote wipe is initiated, IT can track file activity that occurred on the device from the time the wipe was initiated

through its successful execution. To further aid compliance, ShareFile has adopted Health

Insurance Portability and Accountability (HIPAA) Security Policies and Procedures (“HIPAA Security

Policy”) intended to comply with the requirements of the Security Standards for the Protection of

Electronic Protected Health Information and the Health Information Technology for Economic and Clinical Health (HITECH). The solution is also PCI DSS compliant and certified under the U.S./E.U.

Safe Harbor Program. 2. Flexible storage options

Flexible storage options is must-have for an EFSS solution and most personal file sharing solutions

simply fall short with this requirement. Different types of business information pose different

requirements: some files need to be stored onsite to meet compliance requirements, while others

can be stored in the cloud to simplify management, reduce cost and allow frictionless scalability.

For some types of data and apps, the location of data storage can make a significant difference in performance. IT needs the flexibility to choose where data is stored—including both on-premises

and cloud options—through the same service.

The ShareFile StorageZones™ feature lets organizations choose where their data is stored: in customer-managed object storage (Windows Azure or Amazon S3) and on-premises storage; in Citrix-managed StorageZones within audited, SSAE 16-compliant datacenters powered by AWS and Windows Azure; or in any combination of these. Customer-managed StorageZones within the

enterprise help IT meet unique data sovereignty and compliance requirements while optimizing

“With our previous solution, there was no way for me to audit usage or manage users, and we didn’t have many controls in place. With ShareFile, we can manage and administer our accounts in-house. With increased control, we have immediate access to our files, manage compliance with regard to permissions and reduce our reliance on the vendor. With our previous solution, all administration activities included the involvement of the other vendor.”

Ishq Davis

IT Enterprise Project Manager, Forum Energy Technologies

performance by storing data in close proximity to the user. Citrix-managed StorageZones provide

the economic benefits and effortless management of a cloud-based service. For organizations

that require increased data protection, Restricted StorageZones offer the ability to encrypt data

with the customer’s own encryption keys. By defining where data should be stored, IT is able to

build the most cost-effective and customized solution for their organization.

ShareFile StorageZone Options

Citrix-Managed StorageZone Architecture Customer-Managed StorageZone Architecture

Customer-Managed Restricted StorageZones Architecture

3. Integration with existing infrastructure

One of the many drawbacks with personal online file sharing accounts is their inability to access

data or otherwise integrate with backend services and infrastructure such as existing network

shares, Microsoft SharePoint, SharePoint Online, OneDrive for Business or enterprise content management (ECM) systems. For full productivity, people need to be able to access and share files

ShareFile allows a single point of access to all data sources throughout the enterprise. Working in

conjunction with customer-managed StorageZones, StorageZone Connectors let IT create a

secure connection between the ShareFile service and user data stored in existing network shares

and SharePoint, including files that otherwise cannot be accessed outside of corporate networks or on mobile devices. Extending all the simplicity and mobile access benefits of ShareFile to

existing data storage platforms without the need for data migration, StorageZone enables people to access their business documents easily and securely on mobile devices regardless of where the

file is actually stored. ShareFile also includes a built-in mobile content editor, which supports

standard SharePoint functions like check-out, edit and check-in from mobile devices.

4. A rich user experience

The file sync and sharing challenge goes right to the core of the consumerization of IT: if IT can’t

compete with the convenient and intuitive experience of a personal service, people simply won’t

adopt the harder-to-use enterprise option. At the same time, it’s not enough for IT to simply match the experience and features of personal online file sharing or consumer-style accounts. Business users have requirements that go far beyond the scope of a simple consumer account, such as the ability to access and share files residing anywhere in the enterprise environment,

collaborate across corporate networks, and improve mobile productivity with editing, annotation,

offline access capability and workflow integration.

ShareFile provides the rich user experience essential to foster fast and full adoption. People can access and sync all of their data from any device and securely share it with people both inside and

outside the organization, including large files beyond the size limits of enterprise email systems. A built-in content editor lets people create, review and edit Microsoft Office documents and annotate Adobe PDF files right from ShareFile, even while offline.

5. Support for next-generation workspaces

ShareFile supports the introduction of a next-generation workspace that delivers secure access to apps, desktops, data and services from any device, over any network to empower mobile workers

with the freedom and flexibility to choose how they work. With 61 percent of information workers now working outside the office2_{, enabling people to work collaboratively and productively from} anywhere is now a critical requirement for IT. Employees want the same quality of user experience

they expect from consumer software. Providing this experience means enabling secure and controlled access to enterprise data from anywhere, replacing legacy PC backup tools and decoupling data from devices.

ShareFile offers key capabilities to power next-generation workspaces. Users are able to create and edit

content across devices, edit content securely in Microsoft Office, check files in and out, apply free-form annotations to PDFs, and sync files automatically or on-demand for virtual desktop environments. In addition, with ShareFile, IT can future-proof their investment by choosing a solution that works

with any platform and device and provides seamless access to user data. Most importantly, the

organization can define the ShareFile implementation that works best for their specific

requirements. ShareFile Enterprise is offered as a standalone service, as part of an enterprise

mobility management solution with Citrix XenMobile, and as part of a software-defined workspace with the Citrix Workspace Suite™. Integration with XenMobile helps to deliver a rich user experience

with Citrix-developed apps, including WorxMail™ for secure mobile email, calendar and contact

access; and WorxWeb™ for secure browsing. Integration with Citrix Workspace Suite delivers secure access to mobile and virtual apps, desktops, and file sync and sharing services from any device, over any network to empower mobile workers with the freedom and flexibility to choose how they work. In addition, ShareFile is also optimized for other Citrix products. The unique on-demand sync capability of ShareFile is specifically designed for pooled and hosted shared virtual desktop

environments, including those powered by Citrix XenDesktop® _{and Citrix XenApp}®_{. On-demand}

sync drastically cuts network load, bandwidth requirements and storage costs. ShareFile also offers robust tools and clients for traditional desktops and devices.

Citrix ShareFile – an industry-recognized and IT-approved EFSS provider

For more than two decades, Citrix has driven innovation and transformation through solutions that help people become more productive, in more places, to drive business value. As secure data

access moves to the forefront of the IT agenda, ShareFile has been recognized as a 2014 Gartner

Enterprise File Sync and Sharing (EFSS) Magic Quadrant Leader3_{. This evaluation is based on both}

the completeness of the ShareFile vision and the company’s ability to execute on it.

ShareFile has received numerous accolades and industry awards over the years. In 2014, ShareFile was named the Cloud Award for Best in Mobile Cloud Solution, the Tabby Award Winner for Best iPad Data Access and Collection App and the Gold App of the Year for Best in Biz awards for its

“With ShareFile, we can give employees the same user experience as a consumer file-sharing service but with IT visibility and control. No matter where they are or how bad their Internet connection is, they can access and share their job files.”

Patrick Burch

Systems Engineer at Brasfield & Gorrie

Corporate Headquarters Fort Lauderdale, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA EMEA Headquarters Schaffhausen, Switzerland

India Development Center Bangalore, India

Online Division Headquarters Santa Barbara, CA, USA Pacific Headquarters Hong Kong, China

Latin America Headquarters Coral Gables, FL, USA UK Development Center Chalfont, United Kingdom

About Citrix

Citrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management, networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobility through secure, mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.citrix.com

Copyright © 2015 Citrix Systems, Inc. All rights reserved. Citrix, ShareFile, XenMobile, StorageZones, Citrix Workspace Suite, WorxMail, WorxWeb, XenDesktop and XenApp are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies.

“Citrix ShareFile – It’s like Dropbox on steroids, with some

sophisticated management and collaboration features that tie into

other Citrix products.”

2014 Virtualization Review, Readers Choice Award

Provide your organization with an industry-recognized, IT-approved, enterprise ready file sync and

sharing solution that provides them with the user experience they want and the advanced security

features required by IT. ShareFile provides end-to-end integrations to existing infrastructure that’s best for the business and flexible storage options across both cloud, on-premises or both. Conclusion

The mobile data access challenge poses both risks and opportunities for IT. The use of personal file sharing accounts can make it impossible for IT to maintain effective access control, security and compliance for sensitive business data. While weaning users off these services can be difficult, it can also bring powerful new benefits for individuals and the organization. By delivering file sync

and sharing features designed for business, with the simplicity and convenience of a consumer

service, IT can win adoption for a sanctioned enterprise alternative—with the robust security and

granular access control needed to protect the organization from risk. Citrix ShareFile provides a

complete solution that meets the five most important criteria for enterprise file sync and sharing (EFSS): secure IT oversight, flexible storage options, integration with existing infrastructure, a rich user experience and support for next-generation workspaces. In this way, IT can help employees

work and collaborate more effectively from anywhere while supporting the evolution of business mobility enterprise-wide.

Additional resources

For additional information, please visit citrix.com/sharefile.