Cloud Computing and File Sharing in 2018

Controlling Mobile Device Management Costs

MyWorkDrive releases version 4.0!

MyWorkDrive is revolutionizing remote and mobile file sharing More Mobility More Security More Collaboration & More Productivity   FOR IMMEDIATE RELEASE February 5th, 2018 (San Francisco, CA) MyWorkDrive– the easiest and most secure file sharing product that allows remote access to files without having to sync or store data in a public cloud just shipped […]

Egnyte Alternative Solution

FileCloud Alternative Solution

MyWorkDrive

MyWorkDrive releases version 4.0

Marketing | MyWorkDrive

jrbruckman@myworkdrive.com

415-515-4179

 

MyWorkDrive releases version 4.0!

MyWorkDrive is revolutionizing remote and mobile file sharing

More Mobility More Security More Collaboration & More Productivity

 

FOR IMMEDIATE RELEASE February 5th, 2018 (San Francisco, CA)

MyWorkDrive– the easiest and most secure file sharing product that allows remote access to files without having to sync or store data in a public cloud just shipped version 4.0! One of the exciting new features is the Mobile Office Document Editing feature for iOS devices in Word, Excel and PowerPoint. MyWorkDrive already allows Office 365 business users to open, edit and save changes to remote Office files accessed through MyWorkDrive using a web browser. Now users can directly edit documents stored on file servers in real time from iOS devices without downloading or syncing. Security and mobility is key and 4.0 is already receiving rave reviews.

MyWorkDrive redefines file sharing and remote file access. No data room needed. No syncing, no VPNs, no uploading to another portal. Instant access with minimal set up and reasonable budgets. With MyWorkDrive as a trusted partner, CEOs can truly run a company from their phone and CTOs can bring IT budgets down and be a hero.

Recent stats are that businesses will spend $369 billion on digital transformation by 2020; and 67% of the world’s top enterprises will adopt digital transformation as a key strategic goal by 2018. Private and public sectors from Tech, Government, Healthcare, Finance, Entertainment, Education and more are struggling to stay connected and stay secure. Headline news is rife with stories of data breaches, data leaks, viruses and file corruptions. Syncing and sharing your files in ‘the cloud’ doesn’t guarantee data integrity or ease of remote accessibility. CDOs (Chief Digital Officers) are on the rise and in demand. Security and productivity are critical but IT Departments are a cost center NOT a profit center for most organizations. Companies get mired in allocation of resources and digital planning.

I am excited about our new Mobile Document editing feature on iOS devices using MS Word, Excel and Powerpoint. This is the culmination of 3+ years of hard work unifying and extending MyWorkDrive for Enterprises.”- Dan Gordon CEO & Co-Founder of MyWorkDrive

MyWorkDrive is a product and dba of Wanpath LLC, founded in 2014 and based in San Francisco, CA. For Enterprise and Standard Edition visit MyWorkDrive

8 Security and Support Concerns to consider before deploying Microsoft’s new Always On VPN

Always On VPN Concerns

Windows Server 2016’s new “Always On VPN” provides new options for remote access to internal network resources.  With Windows 10 Virtual Private Networking (VPN), you can create Always On VPN connections so that remote computers and devices are always connected to your organization network when they are turned on and Internet connected.

Requirements to Deploy Always On VPN

Is the new Always On VPN more secure or easier to administer and use than Direct Access or 3rd Party VPN’s?  We looked at numerous blog articles to gather the requirements to deploy Always On VPN.   Here are potential items that may lead to additional support costs and security concerns that enterprises will want to be aware of.

  1. AO VPN cannot be managed natively using Active Directory and group policy. It must be configured and managed using Microsoft System Center Configuration Manager (SCCM), Microsoft Intune, or PowerShell.
  2. AO VPN works only with Windows 10. It is not supported for Windows 7 or other operating systems.
  3. While AO VPN does add extensive filtering options, no additional blocking technologies exist to prevent viruses or malware, such as crypto locker, from encrypting files.
  4. A Public Key Infrastructure (PKI) is required along with Active Directory Certificate Services to authenticate clients.
  5. Like Direct Access, AO VPN requires two network adapters with one directly connecting to the external perimeter network.
  6. Remote Client Computers must be joined to the active directory domain.
  7. The IT Department will need to maintain an additional fleet of corporate laptops with VPN pre-configured for each potential remote user eliminating the BYOD option.
  8. Windows 2016 Server infrastructure is required.

Browser Based VPN Alternatives

Techtarget.com encourages companies to consider Web Based VPN Software Alternatives – “Browser-based remote access services offer both cost and ease-of-use advantages. Web browsers are already present on nearly every computing device, public or private, large or small. Web-based solutions use this browser and dynamically downloaded code to avoid installing and configuring VPN client software on the worker’s device. This approach facilitates remote access from just about anywhere and can significantly reduce per-user VPN administration costs.  Savings are even greater for companies that eliminate corporate laptops by leveraging existing desktops for Web-based remote access.”

MyWorkDrive

MyWorkDrive.com’s browser based file access software helps companies reduce their VPN support costs while reducing their security exposure risks.  Users simply open a browser to access their work files using their existing Windows Active Directory credentials from any device.  Once logged in, they can access company shares and home drives, and edit/view documents online.  For security, all MyWorkDrive clients also have DUO Two Factor authentication.  Even if only half of a company’s employees are directed to use MyWorkDrive’s Browser Based File Access client, they can achieve annual savings of up to 50% while improving security when compared to traditional VPN alternatives.

File Share Search

 

Quantifying Technology Costs of VPN Software

VPN Software Costs

Total Cost of Ownership

Businesses of all types utilize VPN software solutions to provide remote access to their employees.  How do we quantify the true Total Cost of Ownership (TCO) of supporting VPN software?  Why is TCO Important?

Gartner, Inc. (www.gartner.com) defines TCO as the total cost of using and maintaining an IT investment over time.  TCO calculations include a combination of direct costs (hardware, software acquisition, management, and support) and indirect costs (end-user training and downtime).   TCO is often overlooked and unbudgeted, presenting an incomplete projection of overall IT costs.

Most organizations look at their direct costs and setup labor only at the time of purchase.  However, research shows that a system’s software & hardware costs typically represent less than 20% of its TCO, with ongoing technical support, maintenance and labor costs accounting for the remaining 80%.  These ongoing VPN Software support costs represent the largest piece of the TCO pie and should, therefore, warrant the highest levels of scrutiny.

Consider the following chart that demonstrates the potential annual costs of supporting VPN clients for 1000 Users:

VPN Software Costs

Direct VPN Costs

Hardware & Software Costs

A business of 1000 employees can expect to pay between $6000-$8000 for a dedicated VPN device with a hot spare + Annual Maintenance.

Setup Costs

For large enterprises, VPN services can take up to 40 Hours for procurement, basic setup, and deployment.

Ongoing VPN Maintenance

VPN Devices require continual updating and refinement – expect ongoing maintenance, after hours updating and security patching.

User Support

Plan on providing technical support time to setup VPN Software on end user devices at a minimum of 30-60 Minutes per device with basic training for initial setup and an average of 15 Minutes/User per month for ongoing support.

Two Factor

Add costs for supporting various two-factor solutions – Some solutions allow use of third party services (at an additional cost), requiring additional configuration while others such as Microsoft VPN can utilize machine certificates which require additional support hours to manage and setup.

Indirect Costs

Potential Compromises

By default, an end user’s Windows network is routed through the office VPN network. As a result, this leaves the internal network open to Malware such as Crypto Locker and exposes the network up cybersecurity threats.

Connectivity Issues

IPsec type VPN’s are blocked at many locations resulting in calls to the help desk to resolve connectivity issues and results in lost employee productivity.

Potential File Corruption

Minor network fluctuations can disconnect the VPN clients potentially corrupting open files resulting in support costs for restores and lost work.

Additional Equipment

The IT Department will need to maintain an additional fleet of corporate laptops with VPN pre-configured for each potential remote user.

Browser Based VPN Alternatives

MyWorkDrive acts as the perfect VPN Alternative solution

MyWorkDrive’s browser-based file access software helps companies reduce their VPN support costs while reducing their security exposure risks.  User’s simply open a browser to access their work files using their existing Windows Active Directory credentials.  Once logged in they can access company shares, home drives and edit/view documents online.  For security, all MyWorkDrive clients also support DUO Two Factor authentication.

Even if only half of a company’s employees are directed to use MyWorkDrive’s Browser Based File Access client they can achieve annual savings of up to 50% while improving security.

 

PPTP VPN SECURITY CONCERNS

PPTP VPN SECURITY RISKSPPTP VPN

PPTP VPN Security Risks

PPTP is Microsoft’s VPN implementation that has been around since Windows NT.  Users tend to like using PPTP as it’s typically configured on Windows Desktops with a shortcut that remembers username and password for quick access.   When coupled with proper name resolution (historically WINS) and now DNS, users can easily browse the network for shares and printers.   On the back-end, Windows Server PPTP is configured by the system administrator with the Routing and Remote Access role (RRAS).   While the tools used to manage and deploy PPTP Systems have changed with each new version of Windows it’s universally agreed that PPTP is insecure as compared to modern alternatives and adds additional indirect support costs even when upgraded to support SSTP.

The PPTP protocol itself is no longer considered secure as cracking the initial MS-CHAPv2 authentication can be reduced to the difficulty of cracking a single DES 56-bit key, which with current computers can be brute-forced in a very short time (making a strong password largely irrelevant to the security of PPTP as the entire 56-bit keyspace can be searched within practical time constraints).

The attacker capture the handshake (and any PPTP traffic after that), do an offline crack of the handshake and derive the RC4 key.   Once the RC4 key is derived the attacker will be able to decrypt and analyze the traffic carried in the PPTP VPN.   PPTP does not support forward secrecy, so just cracking one PPTP session is sufficient to crack all prior PPTP sessions using the same credentials.

PPTP provides weak protection to the integrity of the data being tunneled.  The RC4 cipher, while providing encryption, does not verify the integrity of the data as it is not an Authenticated Encryption with Associated Data (AEAD) cipher.  PPTP also doesn’t do additional integrity checks on its traffic and is vulnerable to bit-flipping attacks, e.g. the attacker can modify the PPTP packets with little possibility of detection. Various discovered attacks on the RC4 cipher (such as the Royal Holloway attack) make RC4 a bad choice for securing large amounts of transmitted data, and VPNs are a prime candidate for such attacks as they typically transmit sensitive and large amounts of data.

PPTP Vulnerabilities

Security experts have reviewed PPTP and listed numerous known vulnerabilities including:

MS-CHAP-V1 is Fundamentally Insecure

Tools exist that can easily extract the NT Password hashes from MS-CHAP-V1 authentication traffic. MS-CHAP-V1 is the default setting on older Windows Servers

MS-CHAP-V2 is Vulnerable

MS-CHAP-V2 is vulnerable to dictionary attacks on captured challenge response packets. Tools exist to crack  these exchanges rapidly

Brute Force Attack Possibilities

It has been demonstrated that the complexity of a brute-force attack on a MS-CHAP-v2 key is equivalent to a brute-force attack on a single DES key.

Additional Support Costs

Beware of the additional support costs commonly associated with PPTP & Microsoft VPN Client.

  • By default, an end user’s Windows network is routed through the office VPN network. As a result, this leaves the internal network open to Malware and slows down all internet for all users at the office.
  • PPTP is typically blocked at many locations due to the known security issues resulting in calls to the help desk to resolve connectivity issues.
  • Conflicts with office internal subnets at remotes sites can block Microsoft VPN routing resulting in no connectivity and again leading to additional support costs.
  • Minor network fluctuations can disconnect the Microsoft VPN client while in use corrupting files leading to restores and lost work.
  • The IT Department will need to maintain an additional fleet of corporate laptops with Microsoft VPN preconfigured for each potential remote user.
  • Crypto Locker type malware are free to encrypt files over the VPN tunnel.

MyWorkDrive as a Solution

MyWorkDrive acts as the perfect VPN Alternative solution

In contrast with MyWorkDrive, the security risks of supporting Microsoft PPTP or SSTP VPN’s are eliminated:

  • Users get an elegant easy to use Web File Manager client accessible from any browser.
  • IT Support costs are eliminated – users simply log on with their existing Windows Active Directory credentials or use ADFS or any SAML provider to access company shares, home drives, and edit/view documents online.
  • Mobile Client’s for Android/iOS and MyWorkDrive Desktop Mapped Drive clients are available.
  • Unlike VPN block file types and receive alerts when file changes exceed set thresholds to block ransomware.
  • For security, all MyWorkDrive clients support DUO Two Factor authentication.

 

 

 

10 Reasons why SharePoint is not a File Server

sharepoint file server

Many companies are migrating to Office 365.   SharePoint Online is included with most subscriptions for free. Often, IT professionals are asked to evaluate moving their company file servers to SharePoint Online.  While SharePoint is great for collaborating on documents with teams inside or outside of the company, can it completely replace an on-premise file server for larger firms?

Here’s the list of the top 10 reasons we compiled on why SharePoint is not a file file server:

 

  1. Speed – Nothing can beat the speed of local network file server access. While Internet speeds are measured in Megabits, local network speeds are measured in Megabytes.  A local network connection is at least 10 times faster than any Internet connection.  For example, a fast 100 Mbp/s home Internet connection only equates to 12.2 MB/S.   In the office, networks are typically 1GB – a whopping 125 MB/s!!  For large files access, nothing beats a local area network connection.

 

  1. Simplicity – Users are trained to easily grab their files from a mapped drive. With SharePoint, files are stored in libraries that are accessed using a web-based interface. The interface looks nothing like Windows File Explorer.  Alternatively user can access file using the OneDrive for Business client which requires user training and  intervention to sync and to locate the shares they need.

 

  1. Storage Capacities – Even the smallest companies have easily terabytes of data. SharePoint Online has a 1TB limit on each library, a  5000 item display limit, a 15GB file size limit and a maximum 100,000 file sync limit.   Even if you did store this much data, or files this large, accessing them over the Internet may be unworkable (see Reason #1).

 

  1. Migration – Migrating to SharePoint from legacy file shares takes careful planning. All permissions must be manually recreated on the SharePoint sites along with equivalent folder structures.  File names on local shares allow special characters that are not allowed in SharePoint (#%&) that must all be renamed before migrating them.

 

  1. Backups and Disaster Recovery – With traditional file shares, they can easily be replicated to multiple sites, backed up and archived for compliance going back many years. With SharePoint, restoring old data involves multiple databases and entire SharePoint farms that may be no longer supported.   SharePoint Online only keeps the latest 90 days of deleted files – backups requires additional 3rd party subscription services that charge for ongoing backups and retrieval.
  1. Total Cost of Ownership (TCO) – Sharing files using traditional file shares can be deployed to users in minutes or made available using VPN or SSL VPN products like MyWorkDrive.com with a simple File Explorer-type web page. With SharePoint Online deployments are complex, data is scattered across libraries and scripting tools and services come with high price tags.  Users must also be trained on how to share and access data.  This all leads to additional IT support and training costs.

 

  1. Ownership of Data – Many firms have compliance regulations preventing them from moving files to the Cloud or legal concerns as to who has access to their company data. Moving data to Sharepoint Online requires careful compliance and legal review.

 

  1. Fragility – SharePoint systems are complicated and fragile.  Any Windows update can take down the entire SharePoint farm.  File Servers and Network Attached Storage (NAS) devices are dead simple to manage, patch and restore in an emergency.  Even with Sharepoint Online, syncing issues on a single PC can corrupt or remove data across multiple users.

 

  1. File Locking – Databases, Engineering CAD files and Accounting applications are designed to run locally at Gigabit speeds and have the ability to lock files in a multi-user network environment. These types of files cannot be stored or accessed using SharePoint.

 

  1. Archiving – Traditional file shares can be easily encrypted and stored offsite indefinitely, then easily restored at any time in the future regardless of any technology changes. With SharePoint, entire systems must be restored, or with SharePoint Online additional archiving services must be purchased and paid for perpetually which store SharePoint into long-term archives leading to additional support and subscription costs.

 

Bottom line – SharePoint is not a file server, it’s a collaboration portal.  Microsoft has a great support article here on this topic and they recently released File Share Syncing to Azure at the 2017 Ignite Conference (see our earlier blog article here) which makes it clear Microsoft will be supporting File Servers for many years into the future.

With MyWorkDrive our customers get the best of both worlds, local file access and secure remote access with cloud features – learn more..

 Sign-up for a 15 Day Free Trial

Harden IIS SSL for Compliance and Security

IIS SSL by default leaves older versions of SSL2, SSL3 and TLS enabled for compatibility.  MyWorkDrive has been engineered to support TLS 1.2.  Disabling insecure and weak ciphers is necessary to comply with security best practices including PCI, HIPAA, FINRA and GDPR.

 

While registry entries can be set manually, a great free tool exists for this called IIS Crypto by Nartac Software.

 

To lock down your Server’s IIS SSL ciphers, download the tool and apply one of the templates – at a minimum we suggest the “Best Practices Template”.

IIS SSL

 

The PCI Template 3.1 provides the most complete protection however some software may still require TLS 1.0 communication (MyWorkDrive does not).   One option is to apply the template settings to the Server only by unchecking “Set Client Side Protocols”.  This ensures only the “Server” portions are locked down and any client software ( e.g. Backup Software) continues to run.

After you have run the IIS Crypto tool and applied a minimum of the best practice template and restarted your server, you may wish to verify that your server responds on only the more secure IIS SSL cyphers.

 

There is great free SSL scanning tool at  https://www.ssllabs.com/ssltest/  that’s also built into the Nartac IIS Cryptol software that gives you a rating on how secure your SSL connections are.   Simply input your https web address and run the test.

You should get a Summary like this:

SSL Scanner

MyWorkDrive Recognized by Microsoft as an Industry Leader

What does it take to be a Microsoft Partner that leads the way in digital transformation solutions for business?

Secure File Access

It takes innovation, forward thinking, and a willingness to be just a little bit disruptive in a space that can at times be very traditional. The tech industry calls it, “digital transformation.”

What is “digital transformation?”

Digital transformation takes place when companies adopt a technology that changes the course of their workflow – making their workflow better, easier, or more efficient. This use of information technology to “transform” how businesses work is now one of the main focuses of Microsoft and its partners.

Intivix leaders, Rob Schenk and Dan Gordon, were pleased to have had MyWorkDrive mentioned during a session at an industry conference hosted by Microsoft called Inspire. At Inspire, Microsoft gathers its partners and resellers from around the globe to update them on the latest Microsoft offerings and industry trends. It is a great opportunity for technology providers to network and to interact with those who are innovating within the industry. According to Microsoft, Inspire is where “the world meets to transform business.”

Like many industry-specific conferences, Inspire is made up of many sessions and workshops.

At a special workshop called, “US14p The Art of the Possible: Digital Transformation for US Partners”, the Intivix team received commendation from Microsoft speaker, Sri Ganapathy for their work in developing MyWorkDrive.

Sri Ganapathy is a Partner Technology Strategist with Microsoft. It is Sri’s job to advise and encourage those that sell Microsoft’s products and services to follow the example of industry leaders. At this significant workshop, Sri Ganapathy made the point that technology providers should be moving their concentration from services that they want to offer to their clients to developing solutions to their client’s challenges that they can then promote across that particular industry vertical.

Some solutions that have been developed – such as MyWorkDrive – address business challenges across multiple industry verticals.

MyWorkDrive is an application developed by Intivix that allows companies to leverage their existing storage infrastructure while providing cloud availability features to that storage – allowing companies to move to the cloud at their own pace.

MyWorkDrive gives employees cloud access to their work files without VPN, syncing, or storing data in a public cloud.

This is different than VPN or file sync solutions. VPN and file sync are challenging in that they require employee retraining, are expensive to maintain, present an element of data-loss risk, and do not always conform to compliance standards. MyWorkDrive is the answer to all of these problems.

One of the outstanding features of MyWorkDrive is the solution’s seamless integration with Microsoft Office 365 online. With MyWorkDrive, employees can directly edit their Office documents in Office 365 online and collaboratively edit in real time without moving the files to the cloud. Once they are ready, employees can share Office 365 documents externally using OneDrive without compromising security.

Some of the other significant benefits of MyWorkDrive are:

  • The ability for a company to move to the cloud at its own pace
  • The advantage of leveraging existing infrastructure, Active Directory, and File Permissions
  • Two-factor authentication
  • Single Sign On (SSO)
  • Mapped Drive from anywhere
  • Mobile App for working away from the office

Because of the business problems that MyWorkDrive solves for companies across multiple verticals, Microsoft chose to highlight the MyWorkDrive solution within their presentation on innovative approaches that are driving business transformation today.

Rob Schenk, one of the partners at Intivix, said, “We were grateful for Microsoft’s recognition of MyWorkDrive. We’ve worked hard on it. We’re especially proud of MyWorkDrive because it combines fresh elements in file sharing that aren’t available in this configuration anywhere else. MyWorkDrive solves the user problems that were inherent in older file sharing technologies, and as a result, provides significant efficiencies for the end user.”

To find out more about MyWorkDrive and what we can do to improve your file access workflow, contact us now at 877-705-4997 or sales@myworkdrive.com