Effective team collaboration is more critical than ever to keep your organization nimble. Employees, contractors, partners and customers need an easy way to move ever larger files within, across and outside organizational boundaries. The challenge for network administrators is where once we could set tight policies that limited external large file transfer, today's client tools have eliminated the firewall as an effective control point. What's more, most of these apps are Software-as-a-Service based, which moves what was once inexpensive LAN activity to precious WAN links, and then doubles the usage via a round trip to boot.
First, let's blame marketing
There's no denying solutions like Dropbox are wonderful. They're easy to use and provide more convenient access methods than you can shake a stick at. Many administrators think these services are magical, but two problems exist. First, what do you really know about the security of your organization's data in the third party's data center and does that comply with your internal policies? Second, how much of that traffic is truly ship-to-shore, legitimately requiring a slice of your ISP bandwidth? For most admins, the answers are, unfortunately, "We don't really know" and "Not much; it's 95% internal sharing," respectively.
Really, how bad could it be with unseen employees clicking away at random end-user license agreements?
It's also frustrating because you're doing everything you can to maintain some level of control. It's somewhat easier for certain industry segments, like healthcare, where data access policy is driven by regulatory requirements, but in all cases, we IT pros try to accommodate users' needs. We give them bigger inboxes, allow larger attachments and create and manage common file-share locations for files that are too big. For external users, we manage File Transfer Protocol or other sharing services. But for some reason there's always pushback: "It's too hard for partners to use" or "There aren't enough features" or "It won't work on my non-VPned, virus-laden phone."
Although it's easy to pick on marketing, the truth is they're not the only group with short deadlines and a need to interact with external entities. When your marketing staff is faced with the need to transmit large files, Dropbox and similar solutions give the group options to pursue when its staffers don't know what else to do.
Admins face two tough choices for large file transfer
And this leaves you with two difficult choices as you watch the app traffic reports coming from your firewall with who-knows-what corporate documents flowing from company notebooks and random bring-your-own-device tablets and smartphones. You can block third-party sharing solutions and deal with VPs wailing that their teams are hamstrung, or let it all flow knowing there are essentially no security policies in place. Really, how bad could it be with unseen employees clicking away at random end-user license agreements?
If only everyone knew how to use FileZilla and file servers, we could solve this with the tools already in place. Legal would pat us on the back, too. As an added bonus, you'd also recover some of that ISP link bandwidth. Since most of your collaboration traffic is internal, why should you have to push it out to your most expensive (and least reliable) links?
The non-tyrannical option
Administrators have a third option: Select an in-house secure collaboration platform. There are several flavors available, ranging from free do-it-yourself-kits and commercial software to managed service providers and big vendor solutions. All can provide accelerated internal sharing that decrease the load on ISP links, keep your company's data safely inside your firewall and even deliver compliance and oversight for auditors and legal. Look for products that provide a balance between cost and features, allow external participant enablement (Web and email clients) and shave overall maintenance costs.
Securely managing the transport of company documents and digital assets isn't difficult, but finding a practical solution that users like and will reliably use is. It's unfortunate that the easiest to use "free" options can also be the most difficult to control. Fortunately, you have options that even the most difficult-to-persuade user can accept. Remember that you are network ops, and packets stop with you. Finally, firewall application blocking offers a nuclear option, the very whisper of which may help users accept the wisdom of your recommended solution.
This was first published in September 2013