Frequently Asked Questions
Find answers to common questions about MyWorkDrive compliance and security features.
General
What is MyWorkDrive?
MyWorkDrive is a secure file access and sharing platform that allows organizations to provide employees and clients with remote access to files stored on their own servers or cloud storage—without moving data to a third-party cloud. It works as a web-based file access layer over your existing infrastructure, giving you the convenience of cloud-style file access with full data ownership and control.
How does MyWorkDrive work?
MyWorkDrive installs on or near your Windows file server and acts as a secure gateway, translating web-based file access requests into native file system operations on your server. Users connect via a web browser or mobile app over HTTPS, and all authentication is handled through your existing Active Directory or identity provider. Files never leave your environment—only the access layer is provided by MyWorkDrive.
What are the benefits of using MyWorkDrive?
MyWorkDrive provides secure remote file access without VPNs, eliminates the need to migrate data to third-party cloud storage, supports compliance with regulations like HIPAA, GDPR, and CMMC, integrates with your existing Active Directory and NTFS permissions, and enables Office Online editing and mobile access from any device. Organizations retain full data ownership while gaining enterprise-grade remote access capabilities.
Is MyWorkDrive secure?
Yes. MyWorkDrive uses TLS encryption for all connections, supports multi-factor authentication (MFA), integrates with SAML 2.0 identity providers, enforces your existing NTFS permissions, provides detailed audit logging, and includes data loss prevention (DLP) controls. Because files remain on your own servers, you retain full control over your data at all times—there is no third-party cloud exposure.
Can I access MyWorkDrive from anywhere?
Yes. MyWorkDrive is accessible from any modern web browser on Windows, macOS, Linux, iOS, or Android. You can also use the MyWorkDrive Windows Drive Mapping client and mobile apps for native device integration. No VPN is required for remote access since MyWorkDrive acts as a secure, authenticated gateway to your file server over standard HTTPS.
Compliance
What is file sharing compliance?
File sharing compliance refers to the set of policies, technical controls, and processes an organization must implement to meet regulatory or legal requirements when sharing files internally or externally. Compliance governs how data is transmitted, stored, accessed, and audited, ensuring sensitive information is protected according to frameworks like HIPAA, GDPR, CMMC, or FINRA.
Why is file sharing compliance important for regulated industries?
Regulated industries—including healthcare, finance, legal, and government—handle sensitive data subject to strict legal obligations. Non-compliance with file sharing regulations can result in significant fines, data breaches, legal liability, and reputational harm. Compliance ensures data is properly protected, access is controlled, and evidence of due diligence is maintained through auditing and documented policies.
What are the risks of non-compliant file sharing?
Non-compliant file sharing exposes organizations to data breaches, regulatory fines, loss of business licenses, legal liability, and reputational damage. Common risks include using consumer-grade tools that lack encryption or audit trails, sharing files through uncontrolled email attachments, and storing data on third-party platforms that do not meet your industry's data residency or security requirements.
Which compliance standards apply to file sharing systems?
Common standards include HIPAA (healthcare), GDPR (EU data protection), CMMC (U.S. defense contractors), FINRA (financial services), SOX (public companies), FERPA (education), ITAR/EAR (defense exports), CJIS (criminal justice), FedRAMP (federal cloud services), and ISO 27001. The applicable standard depends on your industry, geography, and the type of data your organization handles.
What types of data require compliant file sharing?
Data types that commonly require compliant file sharing include Protected Health Information (PHI), Personally Identifiable Information (PII), financial records, legal documents, student education records, criminal justice information, defense-related technical data (CUI), and any information subject to data residency restrictions under applicable law or contract.
What is the difference between secure file sharing and compliant file sharing?
Secure file sharing focuses on protecting data from unauthorized access using encryption, authentication, and access controls. Compliant file sharing goes further by ensuring those security measures meet the specific requirements of a regulatory framework—including mandated audit logging, defined retention periods, specific encryption standards, prescribed access control models, and formal documentation of policies and procedures.
What encryption is required for compliant file sharing?
Most compliance frameworks require encryption in transit using TLS 1.2 or higher, and encryption at rest using AES-256. FIPS 140-2 validated encryption is required for U.S. federal environments and CMMC. HIPAA requires encryption as an addressable safeguard, while GDPR and PCI DSS require strong encryption as part of technical controls. MyWorkDrive enforces TLS for all connections and supports FIPS-compliant deployments.
What access controls are needed for file sharing compliance?
Compliance frameworks generally require role-based access control (RBAC), least-privilege access, multi-factor authentication (MFA), user provisioning and deprovisioning processes, and the ability to revoke access immediately when an employee departs. MyWorkDrive enforces access using your existing NTFS permissions and Active Directory groups, ensuring only authorized users can access specific files and directories.
What audit logs are required for compliance?
Most compliance frameworks require audit logs that capture user authentication events (successes and failures), file access and modification events, file sharing and download activity, administrative configuration changes, and permission changes. Logs must typically be tamper-resistant, retained for a defined period, and available for review on demand. MyWorkDrive provides comprehensive audit logging that meets these requirements.
How does MyWorkDrive support compliant file sharing without moving data to the cloud?
MyWorkDrive installs on or near your own file server and acts as a secure access gateway, allowing users to access files remotely without copying or migrating data to any third-party cloud. Your files stay on your servers under your control, subject to your existing NTFS permissions and data policies. MyWorkDrive adds TLS encryption, MFA, audit logging, and DLP controls on top of your existing infrastructure—enabling compliance without compromising data sovereignty.
Education
What is secure file sharing in education?
Secure file sharing in education refers to systems and practices that allow students, faculty, and staff to access, share, and collaborate on files while protecting sensitive academic data such as student records, research data, and administrative documents. It ensures compliance with regulations like FERPA and state privacy laws while maintaining usability for educational workflows.
Why is cloud storage risky for schools?
Public cloud storage services like Google Drive, Dropbox, or consumer OneDrive can present compliance risks for schools because data is stored on third-party infrastructure outside the school's direct control. This creates challenges for FERPA compliance, data residency requirements, and contractual obligations. Schools also face risks of unauthorized access to student records and limited visibility into how and where data is stored or processed.
What academic data needs secure file sharing?
Academic data requiring secure handling includes student education records (protected under FERPA), financial aid information, health records, research data with funding obligations or export controls, staff personnel records, legal documents, and any data classified under state privacy laws. Even routine administrative files may contain sensitive PII that must be handled securely to remain compliant.
How can schools provide secure remote file access?
Schools can provide secure remote access by deploying a solution like MyWorkDrive, which installs on the school's own file server and provides a secure web-based gateway for remote access without VPN. Files remain on the school's infrastructure, authentication is integrated with Active Directory or LDAP, and all connections are encrypted with TLS—no data migration required.
What authentication methods are best for schools?
Schools benefit from integrating file access with their existing identity infrastructure. MyWorkDrive supports Active Directory, Microsoft Entra ID (Azure AD), SAML 2.0, and LDAP, allowing students and staff to use their school-issued credentials. Multi-factor authentication can be enforced through the identity provider, and SSO reduces password fatigue while maintaining centralized control over access.
How do administrators control file access?
Administrators control file access by defining NTFS permissions on file server directories. MyWorkDrive respects these permissions natively, so existing access control policies are automatically enforced. Administrators can also configure share-level restrictions, disable downloading, restrict access to specific IP addresses or devices, and generate audit reports from the MyWorkDrive admin panel.
Can schools offer cloud access without moving files to the cloud?
Yes. MyWorkDrive is specifically designed for this use case. It installs on the school's existing Windows file server and provides web-based and mobile access to those files—without migrating any data to a third-party cloud service. Students and staff access files over a secure HTTPS connection, and the files always remain on the school's own servers.
Can schools keep using Active Directory and NTFS permissions?
Yes. MyWorkDrive integrates natively with Active Directory and leverages NTFS file permissions. Schools do not need to replicate or reconfigure their existing permission structure—MyWorkDrive reads the underlying Windows permissions and enforces them for every user, whether accessing files from on campus or remotely. This simplifies administration and ensures consistent access control.
How can schools enable remote access without VPNs?
MyWorkDrive provides VPN-free remote access by acting as a secure, authenticated web gateway to the school's file server. Students and staff connect through a web browser or the MyWorkDrive app over HTTPS, authenticated against Active Directory or a SAML identity provider. There is no need to configure or manage VPN clients, and access can be restricted or revoked centrally through the admin panel.
Why choose MyWorkDrive over public cloud storage for education?
MyWorkDrive keeps data on the school's own servers, making it significantly easier to comply with FERPA, state privacy laws, and institutional data governance policies. Unlike public cloud storage, there is no data migration, no reliance on third-party data handling practices, no per-user storage costs, and no risk of data being accessed by the cloud provider or used for purposes outside the school's control. Schools retain full ownership of all data.
How does MyWorkDrive prevent local file syncing?
MyWorkDrive provides web-based and mapped drive access that does not automatically sync files to local devices. Unlike tools like OneDrive or Dropbox, MyWorkDrive does not create local copies of files by default. Administrators can also configure DLP settings to disable downloads from the web client, ensuring files are accessed and edited in place on the server rather than being copied to potentially unsecured personal devices.
Enterprise
What is enterprise file sharing?
Enterprise file sharing refers to systems and practices that allow large organizations to store, access, and distribute files securely across employees, teams, and locations—while maintaining centralized control, compliance, and security. Unlike consumer file sharing tools, enterprise solutions must support role-based access, audit logging, integration with corporate identity systems, and the ability to meet regulatory obligations.
How is enterprise file sharing different from consumer file sharing?
Enterprise file sharing is designed to meet the governance, security, and compliance demands of organizations. It includes Active Directory integration, granular NTFS-based access control, multi-factor authentication, detailed audit logging, DLP controls, and the ability to keep data on the organization's own infrastructure. Consumer tools like Dropbox or Google Drive lack these controls and are not appropriate for handling sensitive business or regulated data.
Why are enterprises moving away from VPN-based file access?
VPNs were designed for network access, not file sharing—and they come with significant drawbacks for modern enterprises: performance bottlenecks when many remote users connect simultaneously, complex client configuration and troubleshooting, broad network access that violates least-privilege principles, and limited support for mobile or browser-based workflows. Solutions like MyWorkDrive provide direct, secure file access over HTTPS without requiring full network-level connectivity.
What are the risks of public cloud file sharing for enterprises?
Public cloud file sharing platforms store enterprise data on third-party infrastructure, creating risks including unauthorized access by the cloud provider or its staff, data residency and sovereignty issues, limited visibility into how data is handled, potential vendor lock-in, and difficulties meeting compliance obligations under GDPR, HIPAA, CMMC, or industry-specific regulations. Many enterprises also face contractual or board-level restrictions on third-party data hosting.
What security standards should enterprise file sharing meet?
Enterprise file sharing solutions should support TLS 1.2+ encryption in transit, AES-256 encryption at rest, multi-factor authentication, SAML 2.0 or Active Directory integration, role-based access control (RBAC), comprehensive audit logging, and data loss prevention (DLP). Depending on the industry, additional standards may apply: FIPS 140-2, HIPAA safeguards, CMMC practices, FINRA requirements, or ISO 27001 controls.
How does zero trust apply to enterprise file sharing?
Zero trust principles require that access to resources is never implicitly granted based on network location—every access request must be authenticated, authorized, and validated. For file sharing, this means requiring strong authentication (MFA), enforcing least-privilege NTFS permissions for every user, logging all access events, and granting access to specific files or folders rather than the entire network. MyWorkDrive enforces these principles natively through your existing Windows permission model combined with its authentication and auditing capabilities.
How can enterprises prevent data breaches during file sharing?
Enterprises can reduce breach risk by enforcing MFA for all remote access, applying least-privilege NTFS permissions, disabling unnecessary download and sync capabilities through DLP settings, using audit logging to detect anomalous activity, restricting access to corporate-managed devices or IP ranges, and keeping files on company-controlled servers rather than third-party clouds. MyWorkDrive supports all of these controls within a single platform.
Can enterprises enable file sharing without migrating data?
Yes. MyWorkDrive is specifically designed to provide enterprise file sharing capabilities on top of existing Windows file servers without requiring any data migration. IT teams install MyWorkDrive on or near the existing file server, configure authentication, and users can immediately access files remotely through the web interface or mapped drive client. Existing folder structures, permissions, and policies are preserved entirely.
How can enterprises enable remote work without VPNs?
MyWorkDrive provides remote file access over HTTPS, authenticated by your corporate identity provider, without requiring employees to connect to a VPN. Users access files through a web browser or the Windows drive mapping client, with the same NTFS permissions enforced as on the internal network. This eliminates VPN configuration overhead, improves performance for file-specific access, and allows IT to grant targeted file access rather than broad network connectivity.
Why choose MyWorkDrive over SharePoint, Google Drive, or EFSS platforms?
Unlike SharePoint, Google Drive, or traditional Enterprise File Sync and Share (EFSS) platforms, MyWorkDrive does not require migrating files to a new platform or cloud. Enterprises keep data on their existing servers, maintain all existing NTFS permissions and folder structures, avoid per-user cloud storage costs, and eliminate third-party data custody risks. MyWorkDrive also integrates natively with Active Directory and supports compliance use cases that require data sovereignty.
How does MyWorkDrive support enterprise file sharing on existing file servers?
MyWorkDrive installs directly on or alongside your Windows file server and creates a secure web and API layer for remote file access. It reads your existing NTFS permissions, integrates with Active Directory or Entra ID for authentication, and provides a fully functional remote file access experience—including web UI, mapped drive client, Office Online editing, and mobile apps—without changing how files are stored or organized on the server.
Government
What is secure file sharing for government agencies?
Secure file sharing for government agencies means providing authorized personnel with remote access to official files while meeting strict security, compliance, and data sovereignty requirements. Government agencies must ensure that sensitive data—including CUI, law enforcement records, and citizen information—is protected from unauthorized access, never stored on unapproved third-party systems, and fully auditable for oversight and compliance purposes.
Why can't government agencies use public cloud file sharing?
Public cloud file sharing platforms store data on infrastructure not directly controlled by the agency, creating significant risks including data sovereignty violations, potential access by foreign governments or unauthorized parties, inability to meet FedRAMP, FISMA, CJIS, or CMMC requirements, and challenges maintaining the chain of custody required for sensitive or classified data. Government agencies typically require data to remain on government-controlled or FedRAMP-authorized infrastructure.
How does MyWorkDrive support government remote work?
MyWorkDrive enables government employees to securely access files on agency servers from any device over an encrypted HTTPS connection, without requiring a VPN. Authentication is handled through the agency's existing Active Directory or SAML identity provider. All file access is logged for compliance and auditing, and no file content is stored on MyWorkDrive's infrastructure—data remains on agency-controlled servers at all times.
Can multiple departments securely share files?
Yes. MyWorkDrive leverages NTFS permissions and Active Directory group policies to enforce department-level access controls. Administrators can configure file shares so that each department only has access to its authorized directories, while cross-department sharing is controlled through specific permission grants. All sharing activity is logged, giving agencies full visibility into inter-departmental data access.
How does MyWorkDrive eliminate VPN security risks?
Traditional VPNs grant broad network access once a user is authenticated, increasing the attack surface if credentials are compromised. MyWorkDrive provides application-layer file access over HTTPS, scoped strictly to the files and folders each user is authorized to access based on NTFS permissions. This eliminates lateral movement risk, reduces the attack surface, and removes the need for VPN infrastructure that requires ongoing patching and management.
How is access controlled for government users?
Access is controlled through integration with the agency's Active Directory or Entra ID environment. MyWorkDrive respects all existing NTFS file and folder permissions, so users can only access data they are explicitly authorized to view. Multi-factor authentication can be enforced, IP address restrictions can be applied, and administrators can provision or revoke individual access through the standard directory management tools already in use.
How are files encrypted during remote access?
All file transfers between users and the MyWorkDrive server are encrypted using TLS 1.2 or higher, the same standard used for HTTPS web traffic. Files are never stored or cached on MyWorkDrive's infrastructure—they are streamed directly from the agency's file server to the authenticated user. For data at rest, encryption is handled at the server level using Windows BitLocker or equivalent server-side encryption, which remains under agency control.
Does MyWorkDrive support FedRAMP environments?
MyWorkDrive can be deployed within FedRAMP-authorized cloud environments by installing on Windows Server instances hosted on FedRAMP-authorized infrastructure such as AWS GovCloud or Azure Government. Because MyWorkDrive is software you deploy and control—not a SaaS platform—the FedRAMP authorization boundary is determined by where you run it. This gives agencies flexibility to meet authorization requirements within their existing cloud or on-premises environments.
Is MyWorkDrive aligned with FIPS requirements?
MyWorkDrive can be configured to operate in a FIPS 140-2 compliant mode by enabling FIPS-compliant cryptographic settings on the underlying Windows Server and .NET runtime. This ensures that all cryptographic operations—including TLS negotiation and hashing—use FIPS-validated modules. Agencies requiring FIPS compliance should enable FIPS mode at the operating system level and verify that the full deployment stack meets their specific requirements.
How does MyWorkDrive support data sovereignty?
MyWorkDrive never stores file content on its own servers. All data remains on the agency's servers in the jurisdiction of their choosing—on-premises, in a government data center, or on FedRAMP-authorized cloud infrastructure. This architecture ensures complete data sovereignty, with no risk of files being processed, stored, or accessed outside the agency's control. MyWorkDrive only processes authentication and routing metadata, not file content.
Legal
What is secure file sharing for law firms?
Secure file sharing for law firms means providing attorneys, paralegals, and authorized clients with access to case files and legal documents while maintaining attorney-client privilege, satisfying bar association data security requirements, and protecting confidential client information. It requires encryption, strong authentication, detailed access logs, and the ability to control exactly who can access each matter's files.
Why can't law firms rely on public cloud storage?
Public cloud storage platforms store client data on third-party infrastructure, raising significant concerns for law firms around attorney-client privilege, confidentiality obligations under state bar rules, data residency requirements, and the risk of unauthorized access. Many state bar associations and ethics opinions caution against using consumer or public cloud services for client data unless adequate safeguards are contractually established and technically enforced.
What client data must law firms protect?
Law firms must protect all data subject to attorney-client privilege and confidentiality obligations, including case materials and litigation documents, contracts and transactional records, personal information of clients and witnesses, financial and billing records, settlement agreements, discovery materials, and any regulated data such as PHI or PII that appears in client documents. Model Rules of Professional Conduct require reasonable measures to prevent unauthorized disclosure.
What is MyWorkDrive private cloud for law firms?
MyWorkDrive private cloud for law firms means deploying MyWorkDrive on the firm's own servers—whether on-premises or on a dedicated virtual machine—so that all client files remain under the firm's direct control. Attorneys and staff access files remotely through a secure web interface or mapped drive, authenticated by the firm's Active Directory. No file data is ever sent to or stored on MyWorkDrive's infrastructure.
How does MyWorkDrive ensure data security and compliance?
MyWorkDrive enforces TLS encryption for all connections, integrates with Active Directory for authentication and NTFS-based access control, requires multi-factor authentication, provides comprehensive audit logging of all file access and sharing events, and includes DLP controls to prevent unauthorized downloads or sharing. These controls together support compliance with bar association data security requirements, GDPR, HIPAA (for health-related legal matters), and other applicable obligations.
How is sensitive data encrypted at rest and in transit?
Data in transit is encrypted using TLS 1.2 or higher for all connections between clients and the MyWorkDrive server. Data at rest is encrypted at the server level—law firms can enable Windows BitLocker or hardware-level encryption on their servers, which remains entirely under the firm's control. MyWorkDrive does not store file content on its own infrastructure, so there is no exposure from third-party storage encryption practices.
How does two-factor authentication help law firms?
Two-factor authentication (2FA) significantly reduces the risk of unauthorized access even if an attorney's or staff member's password is compromised. MyWorkDrive supports MFA via SAML 2.0 identity providers such as Microsoft Entra ID with Conditional Access, as well as built-in TOTP-based 2FA. This aligns with American Bar Association guidance recommending that law firms implement strong authentication for all systems containing client data.
How can dispersed legal teams securely share files?
MyWorkDrive enables attorneys and legal staff at different offices or working remotely to access the same files on the firm's central file server through a secure web interface or mapped drive, without VPN. NTFS permissions ensure each user only sees the matters they are authorized for. File sharing links can be generated for external parties such as clients or co-counsel, with optional password protection, expiration dates, and access logging.
Can law firms deploy MyWorkDrive without migrating files?
Yes. MyWorkDrive installs on or alongside the firm's existing Windows file server. There is no requirement to move, restructure, or migrate any files. Existing folder structures, matter organization, NTFS permissions, and DMS integrations remain intact. This means firms can go from deployment to full remote access capability with no disruption to existing workflows or file locations.
Why choose MyWorkDrive over VPN or traditional file sync systems?
VPNs grant broad network access and require complex client configuration, while traditional file sync tools copy files to local devices, creating data governance and confidentiality risks. MyWorkDrive provides targeted, permission-enforced file access over HTTPS without local file copies or broad network exposure. For law firms, this means less administrative overhead, better audit trails, reduced risk of confidential data ending up on unmanaged devices, and a user experience that works on any browser or device.
Non Profit
What is secure file sharing for nonprofits?
Secure file sharing for nonprofits means enabling staff, volunteers, and board members to access organizational files remotely while protecting donor data, beneficiary records, grant documentation, and financial information. Nonprofits must balance the need for easy remote access with data security obligations and, in many cases, compliance with regulations such as HIPAA (for health-related missions), FERPA (for education programs), or GDPR (for organizations with EU constituents).
Why can't nonprofits rely on public cloud storage?
Public cloud storage creates risks for nonprofits including limited control over where donor and beneficiary data is stored, potential violations of grant conditions or donor privacy expectations, exposure to third-party data handling practices, and difficulties meeting compliance requirements when handling regulated data such as PHI or education records. Nonprofits handling grants from government agencies may also face contractual restrictions on where data can be stored.
What types of nonprofit data need protection?
Nonprofits typically handle donor records and payment information, beneficiary personal data, healthcare or social services records (for mission-driven organizations), employee and volunteer HR files, grant applications and financial reports, board communications, legal agreements, and strategic planning documents. Many of these categories involve sensitive PII or regulated data that requires appropriate security and access controls.
How does MyWorkDrive help nonprofits share files remotely?
MyWorkDrive installs on the nonprofit's own server and provides secure web-based remote access to files without VPN or data migration. Staff and volunteers can access authorized files from any browser or device using their existing organizational credentials. Administrators control access through NTFS permissions and Active Directory groups, and all activity is logged. External parties such as auditors or partner organizations can be given scoped access through secure sharing links.
How does MyWorkDrive prevent data leaks?
MyWorkDrive includes data loss prevention (DLP) settings that administrators can use to disable file downloads from the web client, block clipboard access, restrict printing, and prevent screen capture on mobile apps. These controls reduce the risk of sensitive data being copied to unmanaged personal devices. Combined with NTFS-based least-privilege permissions, organizations can tightly control what each user can access and what actions they can perform.
How does two-factor authentication improve nonprofit security?
Two-factor authentication (2FA) protects nonprofit accounts even if passwords are compromised through phishing or credential stuffing attacks—which disproportionately target nonprofits due to lower IT security resources. MyWorkDrive supports MFA via SAML 2.0 identity providers including Microsoft Entra ID, Okta, and others, as well as a built-in TOTP option. Enabling 2FA is a low-cost, high-impact way for nonprofits to significantly reduce unauthorized access risk.
Can nonprofits control which devices access files?
Yes. MyWorkDrive allows administrators to restrict access by IP address range, enforce device-level controls through identity provider Conditional Access policies (such as Entra ID requiring compliant devices), and disable specific client types. For nonprofits concerned about volunteers using personal or unmanaged devices, these controls allow access to be limited to managed, approved endpoints or restricted to browser-only access without local file downloads.
Does MyWorkDrive support SAML or Shibboleth authentication?
Yes. MyWorkDrive supports SAML 2.0 authentication, which is compatible with Shibboleth—the identity federation software commonly used in higher education and research institutions. This allows nonprofits affiliated with academic institutions or using InCommon Federation identity infrastructure to authenticate users with their existing federated credentials, reducing password management overhead and enabling single sign-on across applications.
Can nonprofits provide cloud-like access without migrating files?
Yes. MyWorkDrive is designed specifically for this use case. It deploys on the organization's existing Windows file server and immediately provides a browser-based and mobile file access experience without requiring any files to be moved or restructured. Nonprofits can offer their staff the convenience of anywhere access while keeping all data on their own infrastructure under their direct control.
Why choose MyWorkDrive over VPN or cloud file sync services?
VPNs are complex to manage and grant overly broad network access, while cloud sync services copy files to third-party servers and personal devices, creating privacy and compliance risks. MyWorkDrive provides secure, permission-enforced file access over HTTPS with no local file copies and no third-party data hosting. For nonprofits with limited IT staff, this means a simpler deployment, better data governance, lower costs, and a user experience that works on any device without client software.
Disaster Recovery
What is disaster recovery for Windows file shares?
Disaster recovery for Windows file shares involves strategies, tools, and procedures to restore access to files stored on Windows file servers after hardware failure, ransomware, natural disaster, or other disruptions. An effective DR plan ensures that file data is replicated to a secondary location, that permissions are preserved, and that users can be granted remote access quickly—ideally without requiring physical access to the primary site or reliance on a VPN that may also be affected.
Why is disaster recovery important for enterprises?
File shares are often the backbone of enterprise operations, containing everything from contracts and financial records to engineering files and HR documents. An unplanned outage can halt productivity, damage client relationships, trigger regulatory reporting obligations, and result in significant financial losses. A tested disaster recovery plan reduces recovery time objectives (RTO) and recovery point objectives (RPO), minimizing business impact and demonstrating due diligence to auditors and insurers.
How does MyWorkDrive integrate with Azure File Sync?
Azure File Sync continuously replicates files from your on-premises Windows file server to Azure Files. In the event of an on-premises outage, MyWorkDrive can be deployed on an Azure virtual machine with access to the Azure Files share, restoring remote user access within minutes. Because MyWorkDrive respects NTFS permissions and connects to Active Directory or Azure AD, the user experience during failover mirrors normal operations as closely as possible.
How are NTFS permissions preserved during disaster recovery?
Azure File Sync replicates both file content and NTFS ACLs (access control lists) to Azure Files. When MyWorkDrive is provisioned on the failover server and connected to the replicated share, the same permission structure is automatically enforced. Users retain exactly the same access rights they had before the outage, with no need to manually recreate permission assignments or reconfigure access controls on the recovery environment.
Can MyWorkDrive restore access without using a VPN?
Yes. Because MyWorkDrive provides file access over HTTPS, users can connect to the failover server from any location using a web browser or the drive mapping client—no VPN required. This is a significant advantage in disaster scenarios where VPN infrastructure may be unavailable, damaged, or overloaded. As long as the MyWorkDrive instance on the failover server is reachable over the internet, users can immediately resume file access.
How is remote file access enabled during outages?
During an outage, a pre-configured MyWorkDrive instance on an Azure VM (or secondary server) can be activated and pointed at the replicated Azure Files share. DNS records can be updated to redirect users to the failover endpoint, or users can be given the failover URL directly. Authentication continues through Azure AD or a replicated Active Directory instance. If pre-staged correctly, failover can be completed in under an hour with no manual permission reconfiguration required.
What components are needed for disaster recovery with MyWorkDrive?
A complete DR solution with MyWorkDrive typically requires: Azure File Sync installed on the primary Windows file server to replicate data to Azure Files; an Azure VM with MyWorkDrive pre-installed and licensed as the failover access server; Azure AD or Azure Domain Services for authentication during failover; a valid TLS certificate for the failover domain; and documented runbooks for activating the failover environment and communicating the new access URL to users.
Can Azure AD or Azure Domain Services be used for authentication?
Yes. MyWorkDrive supports authentication via Microsoft Entra ID (Azure AD) using SAML 2.0 or OAuth, which remains available even if on-premises Active Directory is unavailable during a disaster. For environments requiring NTFS permission enforcement in Azure, Azure Active Directory Domain Services (AADDS) can be used to provide domain authentication and permission evaluation in the cloud, enabling a fully functional failover environment without an on-premises domain controller.
How often should disaster recovery be tested?
Best practice and most compliance frameworks recommend testing DR procedures at least annually, with table-top exercises more frequently. For MyWorkDrive-based DR, a full failover test should include activating the Azure VM, confirming Azure File Sync replication is current, validating that authentication works through Azure AD, verifying NTFS permissions are correctly applied, and confirming that representative users can successfully access files through the failover URL. Tests should be documented and any gaps remediated promptly.
Why choose MyWorkDrive + Azure File Sync over traditional DR solutions?
Traditional DR solutions for file servers often require expensive secondary hardware, complex DFS-R replication, and VPN-dependent remote access that may be unavailable during a disaster. MyWorkDrive combined with Azure File Sync provides a cloud-native, cost-effective alternative: continuous replication to Azure Files without additional hardware, a pre-staged failover access server that can be activated in minutes, VPN-free remote access once failover is complete, and preservation of all existing NTFS permissions and folder structures without manual reconfiguration.
Healthcare
What is HIPAA compliance?
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that establishes standards for protecting sensitive patient health information. The HIPAA Security Rule requires covered entities and business associates to implement administrative, physical, and technical safeguards to protect electronic Protected Health Information (ePHI). Compliance involves implementing encryption, access controls, audit logging, workforce training, and formal policies governing how PHI is handled, stored, and transmitted.
Why is HIPAA important for healthcare file sharing?
Healthcare organizations routinely share files containing Protected Health Information—patient records, lab results, imaging studies, billing data, and clinical notes. Every time PHI is transmitted or made accessible remotely, HIPAA's technical safeguards must be in place. Using non-compliant tools like consumer file sharing services can result in unauthorized disclosures, triggering mandatory breach notifications, HHS investigations, civil monetary penalties, and reputational harm to the organization.
What types of patient data must be protected under HIPAA?
HIPAA protects all individually identifiable health information in any form—electronic, paper, or oral—that relates to past, present, or future physical or mental health conditions, the provision of healthcare, or payment for care. This includes medical records, diagnoses, treatment plans, prescription information, lab and imaging results, insurance and billing records, appointment histories, and any data that could be used to identify a patient in combination with health-related information.
What are HIPAA file sharing requirements?
HIPAA's Security Rule requires that file sharing systems protect ePHI through: encryption of data in transit and at rest, access controls ensuring only authorized users can view PHI, unique user identification so activity can be attributed to individuals, audit logging of access and modification events, automatic session termination after inactivity, and encryption or other safeguards when transmitting ePHI over public networks. Business associates providing file sharing tools must also sign a Business Associate Agreement (BAA).
How can healthcare organizations prevent data breaches?
Healthcare organizations reduce breach risk by enforcing multi-factor authentication for all remote access, applying least-privilege NTFS permissions so staff can only access data their role requires, enabling comprehensive audit logging to detect unusual access patterns, disabling unnecessary file download and sync capabilities through DLP settings, keeping PHI on organization-controlled servers rather than third-party cloud platforms, and regularly reviewing access rights to ensure departed employees and contractors are promptly deprovisioned.
How does two-factor authentication support HIPAA compliance?
HIPAA's Security Rule includes person or entity authentication as a required implementation specification. Two-factor authentication (2FA) satisfies this requirement by ensuring that access to ePHI requires both something the user knows (a password) and something they possess (an authenticator app or hardware token). MyWorkDrive supports MFA via SAML 2.0 identity providers including Microsoft Entra ID with Conditional Access, as well as a built-in TOTP option for organizations without a federated identity provider.
What is Zero Trust access for healthcare files?
Zero Trust access for healthcare files means never implicitly trusting any request to access PHI based solely on network location or previously established sessions. Every access attempt must be authenticated, the user's identity and device posture verified, and access granted only to the specific files that user is authorized to view—logging all events. MyWorkDrive implements Zero Trust principles by enforcing authentication per session, respecting NTFS least-privilege permissions, and providing full audit trails for all file access activity.
Can cloud or hybrid solutions be HIPAA compliant?
Yes, cloud and hybrid deployments can be HIPAA compliant when the right safeguards are in place. The key requirements are that PHI is encrypted in transit and at rest, access is properly controlled and authenticated, audit logging is enabled, and a Business Associate Agreement is in place with any cloud service provider that handles PHI. MyWorkDrive can be deployed on-premises, on a cloud VM in a HIPAA-eligible environment (such as AWS or Azure with BAA), or in a hybrid configuration, with PHI remaining on infrastructure you control.
Can healthcare organizations deploy MyWorkDrive without migrating data?
Yes. MyWorkDrive installs on or alongside your existing Windows file server without requiring any file migration or restructuring. Your existing folder organization, NTFS permissions, and clinical workflows remain unchanged. IT teams configure authentication and access, and clinicians and administrative staff can immediately begin accessing files remotely through the web client or mapped drive—no data movement, no downtime, no disruption to existing EHR or practice management integrations.
Why choose MyWorkDrive for HIPAA-compliant file sharing?
MyWorkDrive is designed for organizations that need HIPAA-compliant remote file access without moving PHI to third-party cloud storage. It provides TLS encryption, MFA, NTFS-based access control, comprehensive audit logging, DLP controls, and BAA availability—all on infrastructure you own and control. Unlike consumer cloud platforms, MyWorkDrive keeps PHI on your servers, eliminates third-party data custody risk, and supports the full range of HIPAA technical safeguards within a single, easily deployable platform.
Data Sovereignty
What is data sovereignty?
Data sovereignty is the principle that data is subject to the laws and governance frameworks of the country in which it is stored or processed. Organizations handling sensitive data must ensure their files remain within jurisdictions whose legal frameworks meet their compliance obligations—and that foreign governments, courts, or third-party providers cannot access data without proper legal authority. Data sovereignty is especially important for government agencies, regulated industries, and multinational organizations subject to GDPR, data localization laws, or sector-specific regulations.
How is data residency different from data sovereignty?
Data residency refers to the physical location where data is stored—a specific country, region, or data center. Data sovereignty goes further by encompassing the legal jurisdiction and control rights over that data, including who can access it and under what circumstances. An organization can achieve data residency (files stored in a specific country) without achieving data sovereignty if those files are held by a cloud provider subject to foreign laws, such as the U.S. CLOUD Act, which can compel disclosure regardless of where data physically resides.
Can MyWorkDrive keep files in my country or jurisdiction?
Yes. Because MyWorkDrive is software you deploy on your own infrastructure, you have complete control over where files are stored. You can install MyWorkDrive on servers located in any country or data center of your choosing—on-premises, in a local colocation facility, or on a virtual machine in a cloud region within your jurisdiction. No file content ever passes through or is stored on MyWorkDrive's own infrastructure, so your data sovereignty requirements are entirely within your control.
What deployment options does MyWorkDrive offer for sovereignty?
MyWorkDrive supports fully on-premises deployment on your own Windows Server hardware, deployment on virtual machines in any cloud region (AWS, Azure, Google Cloud, or private cloud), and hybrid configurations where files are stored on-premises with MyWorkDrive providing the access layer. All options keep file content entirely within your chosen infrastructure. MyWorkDrive acts only as an access and authentication gateway—no file data transits MyWorkDrive's own servers.
Which storage types can MyWorkDrive connect to (SMB, NAS, Azure, S3)?
MyWorkDrive can connect to Windows file shares (SMB/CIFS), including shares hosted on Windows Server, NAS devices that support SMB, Azure Files SMB shares, and file systems on Windows VMs in any cloud environment. This broad storage compatibility means organizations can use MyWorkDrive regardless of whether their files are on physical servers, NAS appliances, or cloud-hosted storage—all while keeping data in their chosen location without any proprietary storage format lock-in.
Can I edit Office documents without Microsoft 365?
MyWorkDrive's Office Online editing feature requires a Microsoft 365 subscription with Office Online Server or integration with Microsoft's WOPI-compatible Office Online service. However, organizations that do not use Microsoft 365 can still access, manage, download, and upload Office files through the MyWorkDrive web interface—editing would require opening the file in a local installed application. Organizations seeking browser-based editing without Microsoft 365 may also consider integration with Collabora Online as an alternative.
Do I have to migrate files to use MyWorkDrive?
No. MyWorkDrive is designed to work with files exactly where they are. You install MyWorkDrive on or near your existing Windows file server, configure authentication, and users immediately have remote access to the existing file structure. There is no data migration, no reformatting, no folder restructuring, and no disruption to existing workflows or applications that access the same file shares locally. Your data stays in place—MyWorkDrive simply adds a secure remote access layer on top.
Can external users access files without copying them out?
Yes. MyWorkDrive allows administrators to create secure, scoped sharing links for specific files or folders that external users—clients, partners, auditors, or contractors—can access through a web browser without needing a MyWorkDrive account or VPN. Files are streamed directly from your server to the recipient; no copy is stored on MyWorkDrive infrastructure. Administrators can configure link expiration, password protection, download restrictions, and access logging for all external shares.
Can MyWorkDrive integrate with Active Directory or SAML identity providers?
Yes. MyWorkDrive integrates natively with on-premises Active Directory and Microsoft Entra ID (Azure AD), and supports SAML 2.0 authentication with any standards-compliant identity provider including Okta, OneLogin, Ping Identity, ADFS, Shibboleth, and Google Workspace. This means users authenticate with their existing organizational credentials, and administrators manage access using the identity infrastructure already in place—no separate user directory or credential management needed.
Is remote access possible without a VPN?
Yes. MyWorkDrive provides remote file access over standard HTTPS, so users can connect from any browser or device without installing or configuring a VPN client. Authentication is handled through your identity provider, and all file transfers are encrypted with TLS. This eliminates the complexity, performance limitations, and broad network-access risks associated with VPN-based remote access, while giving users a seamless experience from any location or device.
Edit Office Online
What is MyWorkDrive Office Online editing?
MyWorkDrive Office Online editing integrates with Microsoft Office Online (via WOPI) to let users open and edit Word, Excel, and PowerPoint files directly in their browser from within the MyWorkDrive interface. Edits are saved back to the file on your server in real time—no downloading, editing locally, and re-uploading required. This brings a cloud-like collaborative editing experience to files stored on your own infrastructure.
Can I edit Word, Excel, and PowerPoint files in a browser?
Yes. Through the MyWorkDrive integration with Microsoft Office Online, users can open and edit .docx, .xlsx, and .pptx files directly in the browser using the full Office Online editor—the same technology that powers editing in SharePoint and OneDrive. No desktop Office installation is required on the client device, making it easy for remote employees, contractors, or users on shared or managed devices to edit documents without installing software.
Do files stay on my server when edited online?
Yes. When a user edits a file through MyWorkDrive Office Online, the file remains on your server at all times. The WOPI protocol streams only the necessary content between your server and the Office Online rendering service—no permanent copy of your file is stored in Microsoft's cloud. Changes are written back directly to the file on your server as the user edits, ensuring full data residency and sovereignty compliance throughout the editing session.
Can multiple users co-author files at the same time?
Yes. MyWorkDrive Office Online supports real-time co-authoring, allowing multiple users to edit the same Word, Excel, or PowerPoint file simultaneously. Changes from each user appear in near real-time for all other active editors, just as they would in SharePoint or OneDrive. This enables distributed teams to collaborate on documents stored on their own servers without any of the data ever leaving their environment.
Do I need desktop Office installed to edit online?
No. Office Online editing through MyWorkDrive runs entirely in the browser using Microsoft's Office Online service. Users do not need Microsoft Word, Excel, or PowerPoint installed on their device. This is particularly useful for users on Linux, Chromebooks, tablets, or corporate-managed devices where installing desktop applications is restricted or impractical. A Microsoft 365 subscription with appropriate licensing for Office Online is required at the organizational level.
How is file security ensured during editing?
All communication between the user's browser, MyWorkDrive, and the Office Online service is encrypted using TLS. Access to files for editing is gated behind MyWorkDrive authentication—users must be authenticated and have appropriate NTFS permissions before a file can be opened. Editing sessions are scoped and time-limited, and the WOPI protocol used for the integration does not expose raw file access credentials to the Office Online service.
Can I control who can edit or view files?
Yes. Access for editing is controlled through your existing NTFS permissions and Active Directory group memberships. Users with read-only permissions will be able to view files in Office Online but not save changes, while users with write permissions can edit. Administrators can also configure MyWorkDrive share settings to restrict editing at the share level, and DLP settings can be used to disable editing entirely for certain user groups or file types.
Is online editing compliant with HIPAA, GDPR, and CMMC?
MyWorkDrive Office Online editing can support compliance with HIPAA, GDPR, and CMMC when properly configured. Files remain on your servers, WOPI interactions are encrypted, access is authenticated and permission-controlled, and editing events are logged. For HIPAA, ensure a BAA is in place with both MyWorkDrive and Microsoft (for Office Online usage). For CMMC, verify that your deployment environment and Office Online configuration meet the applicable CMMC level's access and transmission requirements.
Is auditing and logging available for edited files?
Yes. MyWorkDrive records audit log entries when users open files for editing through Office Online, including the user identity, timestamp, and file path. This ensures that editing activity is captured alongside other file access events such as downloads, uploads, and shares, giving administrators and compliance officers a complete picture of all interactions with sensitive documents stored on the server.
Can I use online editing without moving files to the cloud?
Yes. This is one of MyWorkDrive's core capabilities. Files remain on your own servers throughout the editing session—the Office Online integration uses the WOPI protocol to render and edit files in the browser without permanently storing them in Microsoft's cloud. Organizations that have data residency or sovereignty requirements, or that are simply not ready to migrate to SharePoint or OneDrive, can offer browser-based Office document editing to their users while keeping all data on their own infrastructure.
Select a category on the left to view answers.