ShareFile Blog

Data collaboration: Take care when you share

As a consultant on Enterprise workplace solutions, I work for many customers in a variety of verticals like Engineering, Finance, Healthcare, Insurance, and Legal. With all the obvious differences between these verticals, there are also similarities. One of these similarities is that each customer has employees that need to collaborate with either partners, suppliers or clients. Most of the time, the shared data is classified, containing either company sensitive information or personal (client/customer) sensitive data.

This article is about collaborating in a user friendly, secure and auditable way. It’s not focused on security regulations like e.g. HIPAA or GDPR although offering secure and auditable functionality of course helps in being compliant. Traditionally, collaborating on data is focused on collaborating with internal colleagues by the use of legacy systems like Windows File Shares. When collaborating with an external partner or client, most companies usually offer email to send data back and forth. The problem with email is that it’s limited in attachment size, not secure, there is no functionality to track versions, and it is impossible to limit or track what happens to a document after it has been sent.

What we find with our customers is that most employees don’t hesitate to share information in their private life over services like WhatsApp, Dropbox, iCloud and OneDrive on a day-to-day basis. These employees expect the same functionality and simplicity from their corporate IT and when this is not provided, they simply fall back to what they use in their private life. In the Netherlands, people and politics were shocked to find that 40% of medical specialists shared client information via WhatsApp. In my personal opinion, I don’t believe a medical specialist sends out client data without reason and WhatsApp was just the only way they could think of to get that data out to a colleague ASAP. Remember, IT already tells them email is not secure enough.

This article will cover how Citrix ShareFile facilitates users to collaborate on data:

Data collaboration should be easy

Sharing data should first and foremost be secure, but if we offer a secure service that’s not easy to use, employees will simply fall back to easy-to-use systems. Security and simplicity should both be considered equally when offering services to employees.

Let’s take a step back and think about the earlier mentioned use case of a medical specialist in need of sharing client information. We already educated our users that email is not secure and we don’t want them using consumer services like WhatsApp. This is why analyst firms are evolving the Enterprise File Sharing and Synchronization (EFSS) category to evaluate capabilities for content collaboration platforms, which aim to transform efficiencies, data collaboration, and workflows. In the example of the medical specialist this would mean offering a secure business solution with the same simplicity as a consumer service.

Citrix ShareFile offers an easy-to-use and highly secured platform to store, synchronize, share and collaborate on data. Compared to other Enterprise File Synchronization & Sharing solutions, one of the key differentiators of ShareFile is that the central storage repository, where files are saved, can be facilitated from either the Microsoft Azure cloud or any private cloud. Another important differentiator is the variety of ShareFile client applications and plug-ins. This means that it is simple to use ShareFile on any device, integrated in a variety of the most used business applications like Microsoft Outlook, Microsoft 365 or Google.

With ShareFile, employees are able to share data with external users within ShareFile called clients. When a ShareFile folder is shared or a user shares a document requiring the recipient to log in, clients are required to create a personal ShareFile client account. Within ShareFile, there are two types of users being an employee and a client. Both users are able to use ShareFile with full functionality. The only difference is that an employee is able to share files and folders with clients where the client is limited in sharing functionality. The control of who data is shared with is limited to employees only. From a licensing perspective, only employees require a ShareFile license so there is no license requirement for clients.

When an employee shares data with another employee or external client, ShareFile offers the ability to share either a single file or share an entire folder. When sharing an entire folder, several documents are shared at once and new documents within the same folder are automatically shared with the same permissions set on the folder level.

Share in t-minus 10, 9, 8……

Both single file sharing and folder sharing are extremely simplified and even the most inexperienced end user is able to share files successfully and quickly. ShareFile offers many client applications for a variety of platforms. In this article the ShareFile Web application and iOS application will be covered.

Single file sharing from the ShareFile Web application
As you can see in the screenshots below, sharing a single file is extremely easy. Locate the file, right click it, select “Email with ShareFile” and select or create a user. When ready, hit send and the file is shared.

Single file sharing from the ShareFile iOS application
Sharing a single file from the ShareFile iOS application is just as easy – locate and select the file, click “Share via E-mail” and select or create a user. When ready, hit share.

Folder sharing from the ShareFile Web application
Sharing a folder is just as simple as sharing a file. Open the folder, click on “People on this Folder,” click on “Add People to Folder” and select or create a user. Click “Add” and the folder is shared.

Client experience
When a single file or folder has been shared, the client receives an email with instructions to access the ShareFile system. The screenshots below demonstrate the client user experience when accessing the system (user account is not required).

When a client is required to login to collaborate on a single file, the client is required to create a password to access the ShareFile system. For a shared folder, the client is always required to log in with a username and password. The screenshots below demonstrate the client user experience when accessing the system when a user account is required. After this short registration sequence, the client is able to log in and use Citrix ShareFile.

When a client account is created, a user is able to access files or folders shared with ShareFile with any ShareFile application available. The client simply logs into the ShareFile Web application and clicks on Apps or downloads a ShareFile application from a native mobile App Store.

Security & Compliance

When sharing data with external clients, it is important that data is only accessed by the intended client(s) and that data is shared in such a way that it is protected as described by corporate policy. Citrix ShareFile offers a variety of functionality that can be added on top of the by default available options for securing shared data. The options enabled by default allow an employee to share a single file with a variety of options.

Log in requirements
A client is required to log in before accessing the shared file with a username and password. The username is the email address of the client and a password is created the first time the client uses the ShareFile system.

These setting controls what a client is able to do with a shared file. The ability to limit views allows the client to view a document in an online viewer without granting ability to download, print and copy & paste from the document. Other options available are “view and print” or “full control” where the file can also be downloaded from the ShareFile system.

Access Expires: Controls the availability of the file for a pre-set duration
Accesses per user: Controls how many times a client is able to view the document

Integrated Rights Management
Although the default sharing options are already very powerful these can be further extended by Integrated Rights Management. For example, when a client is allowed to view a document but the document contains Intellectual Property we protect it from printing or copy pasting content. What we can’t protect is having the client take a picture from the screen with a mobile phone.

Integrated Rights Management adds a watermark with the username and a date/time stamp to the online viewer to make sure a leaked document is always tracked to the user that it was shared with. Integrated Rights Management also applies the option to protect the document even when the document is downloaded from the ShareFile platform. The client always has to authenticate to ShareFile before the document is opened. When Integrated Rights Management is enabled on a ShareFile platform, the options are as easily set as the default sharing options shown before.

Data Leakage Prevention
Data leakage prevention (DLP) integrates with existing DLP solutions to allow a document to be blocked for access based on the contents of the document. It is possible to share a document with certain private information with colleagues but not with clients. When opened, the client will receive a message stating that the document is not allowed to be opened.

ShareFile offers company administrators the ability to control what sharing functionality is available to users and clients. For example, an administrator is able to disable the option for a client to share files. This way sharing files within a shared folder is limited to just employees.

ShareFile offers an extensive reporting engine to provide reports about who was able to access data, when data is accessed and how data was used.

Citrix ShareFile make it very easy for users to share files and start collaborating with colleagues as well as clients. This while maintaining corporate compliancy standards and protecting valuable information.