Enterprises and businesses use file servers (or NAS) to provide centralized and managed file storage space to their employees (as Home Directories and/or Shared/Group Folders). This storage is usually mapped to employees’ workstations or laptops using a combination of various software like AD, LDAP and CIFS. This arrangement has been working fine for many years; but, with changing network technologies and increasing mobility, there are many issues with how corporate users can make use of it today:
- They have to be connected to the corporate network either directly or via VPN (which, most of the times, is a big pain). It becomes even more difficult with WANs, Internet or mobile networks. This is obviously inconvenient, inefficient and restrictive for the mobile workforce and telecommuters.
- They have to use their desktop or laptop that has an OS that supports mounting or mapping of the file server storage. This leaves mobile devices completely out in the cold. Mobile devices are unable to access data on file servers, even when connected to corporate network.
- IT should have configured the workstations/laptops to automatically mount/map the file server storage. Not all users are power users, with knowledge or permissions to carry out the required mounting/mapping.
- The network file system model is designed to work with LANs and not with mobile devices and networks, where quick, easy and seamless access is the norm.
Effectively, the access to the file servers is pretty much restricted as shown below (by the red lines):
Even for within-network and non-mobile users, there are several other challenges with the current model:
- If an user needs to collaborate with her co-workers over some data from a file server, she needs to explicitly provide the files to the other users, either by:
a. Copying them to some "shared" location, assuming that such storage exists and that the users don’t resort to using unmanaged, unapproved and potentially dangerous cloud services like Dropbox and Google Drive.
b. Attaching them to e-mail or via messaging applications. Now the data not only resides on the file servers but is also replicated across email servers, PST files and local storages, adding up significantly to the organization's costs while being completely haphazard and out of IT control.
c. Modifying permissions or ACLs of the files, to make them accessible to other users. This is assuming that IT has granted the necessary rights to the user and that the user is aware enough to understand and use the ACLs in a manner that does not compromise the data.
d. Requesting IT to grant appropriate permissions, a change that can take its own time even in a moderately sized organization, where the admins are normally swamped with more critical tasks.
- If the file is to be shared with an someone outside the organization, it usually gets shared via e-mail or messaging clients with IT having no control over how, where, when and what can be shared outside the organization. While external users might get data as an attachment in e-mail, they still cannot upload anything back to the file server, even for valid business use cases. Real collaboration with "shared folders" is simply not possible.
Enter Vaultize, with VPN-free secure anywhere access to corporate file servers. Vaultize enables IT to configure access to corporate file servers such that it is tightly integrated with the access control and sharing policies defined by the Vaultize Administrator for the users in their organization. This, not only allows users to access their file server data anywhere from a single secure access point, but also automatically enforces the access control and sharing policies defined on that data. Vaultize does not cache any data from the file server, thus avoiding unnecessary redundancies, copy compliance issues and saving on storage costs. Users also do not need to connect to the corporate network or use VPN as they will be accessing data through Vaultize, which comes built-in with end-to-end security. The data is encrypted with AES-256 right when it is picked up from the file server and is decrypted only when the user "opens" it; it remains encrypted on server, on network and on endpoints (including mobile devices).
With Vaultize Anywhere Access, IT can do the following:
- Manage the file servers, and the paths on them, users have access to. The user to path mapping can be automated if AD or LDAP are being used.
- Define various user rights on file server data: view, download, modify, upload, delete, print, share and more.
- Define powerful access control policies to determine when and from which geo-locations, IP or devices the files can be accessed.
- Apply Vaultize Mobile Content Management (MCM) policies to control access and usage on mobile devices.
- Track and monitor various attributes associated with data accesses like geo-location, IP, time, device and user. These can also be used for generating reports and fine tuning access controls.
With that done, end users can now do the following with their file server data:
- Access it easily and securely anywhere, without the need of being in the corporate network or VPN.
- Access and collaborate on it using their mobile devices.
- Share it with others, inside or outside the organization, while controlling whether those users can view, download, print, upload or share files.
Once enabled by the Administrator, a Vaultize user sees his file server data as an integral part of her Vault, which can be accessed from anywhere either through the Web UI (the highlighted path indicates the file server):
Or, using the Vaultize mobile apps:
Once the file server data appears in her Vault, the user can also easily and securely share those files/folders, within or outside the organization, while controlling the kind of access people would have over them:
While other Vaultize users can access the shared data through their own Vaults, external users can access it via an URL that gets e-mailed to them:
If permitted by the Administrator and the owner of the data, external users can also upload files, which Vaultize will forward to the file server.
To know more about Anywhere Access and try it for free, please click here: http://www.vaultize.com/try-it-free.php.
This post is written by Amol Vaikar, the primary developer of Vaultize Anywhere Access. He’s a Principal Software Engineer at Vaultize.