iPad And Enterprise File Sharing
MobilEcho, GroupLogic's new mobile file management platform, gives iPad users network access to network shares using a simple app, while granting administrators control over data access and usage.
A common complaint of enterprise users moving from PCs to tablets is the hoops tablets make you jump through when trying to copy documents from a network share. Neither iOS nor Android natively supports common network file-sharing protocols (CIFS/Windows, NFS/Unix, and AFP/Mac), nor does either or them make it easy to manipulate local files (in fact, iOS doesn't even have a user-accessible file system). While both systems allow moving files via USB tethering to a PC, this is hardly acceptable for a wireless device.
The usual workaround is either email or a cloud-based file-sharing service such as Dropbox. Again, neither approach is particularly convenient (they can't be initiated from the tablet, but require first accessing the file from a PC) nor secure (neither can guarantee end-to-end data encryption, nor adherence with enterprise data access and retention policies once the file has left the internal file server).
More Security Insights
- Getting a Grip on Mobile Malware
- How Attackers Identify and Exploit Software and Network Vulnerabilities
White PapersMore >>
Several client-side apps have emerged to solve the first problem by providing support for network file-sharing protocols (I use Files Connect on the iPad and the DLNA Media Share app on Android), but these can be confusing for novices since you have to manually set up individual server connections, sometimes by IP address since server browsing doesn't always work. Furthermore, they only exacerbate the data control problem.
In what will likely be the first of many such products, GroupLogic has just released what it terms a mobile file management platform, mobilEcho, that gives iPad users network access to network shares using a simple app, while granting administrators control over not only data access but usage as well.
MobilEcho addresses network security with a server-side application that integrates with Active Directory for identity management and uses GroupLogic's proprietary, SSL-based protocol for file transport. Controlling both ends of the file-transfer transaction enables several new security features, including in-transit data encryption using the SSL protocol and at rest by integrating with the iPad's native file encryption APIs; remote wipe; and granular control over file usage, such as what can be remotely stored, opened (by other iPad apps), or cached.
This last feature is subtle but important. Since iPad apps have their own file containers, allowing a sensitive document to be opened by, say, Pages means a copy of the document is made in a file container outside of mobilEcho's control. Thus, although a user's Active Directory credentials might grant access to a confidential document from a PC, mobilEcho lets administrators prevent sensitive material from being transferred to an iPad in the first place or only allow a document into the mobilEcho client for viewing, but not be copied to other iPad apps.
While GroupLogic's product does plug a hole iPad's enterprise feature set, as a 1.0 product, it has limitations (PDF). The biggest is that since mobilEcho uses a server-side application, it only works with shares hosted from native Windows servers; NAS appliances or multiprotocol enterprise arrays need not apply. Even Windows users with large, complex installations spanning multiple systems may be frustrated, since mobilEcho doesn't yet work with DFS. Finally, iPad users modifying Office docs using the iWork suite (Pages, Keynote, and Numbers) will find mobilEcho of no help in getting changed documents back to the server and thus will have to fall back on email or USB tether (iTunes).
GroupLogic offers two licensing models: per client for any number of servers (requires a custom quote per enterprise) and per server with various client packs (geared to smaller enterprises). Prices start at $795 for a three-client, single-server license and top out at $6,995 for unlimited clients on a single server.
MobilEcho provides some attractive features for enterprises seeking to make iPads equal citizens on their enterprise networks, but I suspect it won't be the only tablet-optimized network file-sharing product for long. Those needing an immediate fix should test the free trial, while companies that can wait should monitor InformationWeek's Mobile Security Tech Center as we follow the market.