Looking for advice regarding 'user friendly' secure file sharing...

Chris_Hafner
Valued Contributor II

This is totally NOT JAMF related. However, you are all my favorite folks to ask for this type of advice and so, here I am.

Now for my issue: Our users are tired of working with our secure SMB file shares. They don't like being advised to move files to their local drives before beginning to work on them. They don't like learning which characters they shouldn't use (you know, like and or :), and they really hate having to have IT set directory permissions etc...

To help alleviate these issues we've moved all of our non-sensitive documents and files to GAFE (in more of a managed manner than that implies), are moving all HR related files to our HR management system, will be moving archival financial documentation to a properly secured Document management system that we are still evaluating, but we need to find the best solution to manage, share and maintain secured working files which may contain PII, PHI or other sensitive business information.

Because we've found good secure ways to handle MOST of our documents there are only a small number of users (I'm guessing less than 30) with minimal storage needs. Here in IT we love our Dropbox Business account but are looking into things like Box because they'll let you manage your own encryption keys. While both companies will sign BAAs (or rather HIPPA BAs) only Box will let you manage your encryption keys. While advertising some pretty neat file collaboration features.

Now, most of my personal experience with FileSharing and file security relate to our Distribution Points and so I am nowhere near being an expert in this field. I am unaware of any easy ways to accomplish this type of thing utilising traditional file sharing services and so I may be missing some ways to manage standard SMB shares so that it's more user-friendly and reliable.

What are everyones thoughts on this?

12 REPLIES 12

St0rMl0rD
Contributor III

Have you looked into OwnCloud?

Chris_Hafner
Valued Contributor II

@St0rMl0rD I have not. Thanks for that. I'm digging into the documentation right now. Have you deployed this?

tcam
Contributor

Most cloud programs sync to the local computer. OwnCloud, Google, DropBox, extra. So if they don't want to upload / download; syncing may be one way around that issue. Of course then you have files being stored on the client computers. Though your users probably do that to some degree anyway.

Some clouds now have options like save to drive, open from drive. Or plugins for browsers that try to make working from the cloud more seamless. (double clicking on a file , cause the browser to download and open the file in the background. When the file changes it tries to syng the file back to the cloud.

You could also look at hosting your own with some thing like qnap or sysnology.

Maybe we'll get lucky and at some point macOS will have the same built-in cloud drive features as iOS.

You could also use a service like https://www.sookasa.com/ to give you the seperation between google drive & your encryption keys .

Chris_Hafner
Valued Contributor II

Thanks for that as well. Sookasa looks interesting, but mostly because I never thought of file security in that manner. That said, we'd actively like to avoid keeping such files on user devices at all if possible, which is why I'm intrigued by things like OwnCloud.

Chris_Hafner
Valued Contributor II

*I'm not sure that iCloud will ever match this need. For no other reason than Apple would have the encryption keys. That could be great for non-secure items!

tcam
Contributor

@Chris_Hafner it looks like Sookasa might work with owncloud.

Chris_Hafner
Valued Contributor II

I am seeing that. Actually, OwnCloud (boy that name gets me) looks like it's going to make its way onto a test server next week for eval. Thanks all!

tcam
Contributor

@Chris_Hafner

Good Luck!

BTW have you looked at sysnology or qnap? Both are all in one NAS devices that support windows/mac/ios/sync.

Chris_Hafner
Valued Contributor II

@tcam Do you mean Synology? Yes, I have two Synology NASs coming for Veeam Backup so I figured I could check those in a few weeks.

CoSoSys
New Contributor

If avoiding storing sensitive files on the cloud is not possible, then maybe you should consider using a third-party encryption solution for those files (like an encrypted container).

Chris_Hafner
Valued Contributor II

@CoSoSys Absolutely agreed! This is for NON-sensitive data. I;ve got the Synology's, we just haven't set them up for trial yet. There have been some great suggestions here!

Kedgar
Contributor

Own cloud is excellent... I do also suggest pydio!