Users now prefer and expect that information is available to them, anywhere, on any device. This is the typical behavior of services hosted by cloud providers such as Google Drive or Dropbox. However, hosting data in the cloud, especially if it is sensitive or voluminous, can be risky and expensive, and conventional on-premises storage products do not include features to enable convenient access and secure sharing of data by mobile users. Unique in the storage industry, Nexsan has incorporated enterprise mobility into the core operating system of its new family of Unity filers. Allowing such powerful new access mechanisms could be risky if not for careful attention to securing the data path between on-premises data and the mobile device, and for offering an option for a hardened archive that automatically and continuously protects files for accidental or deliberate attempts to modify or destroy them (e.g. Ransomware, currently a very serious threat).
It is a hard problem for several reasons. First and foremost, storage vendors appear to take the attitude that mobile users should be satisfied with logging into a corporate VPN and accessing file shares. Proof that they are not satisfied is in the explosive growth of unauthorized “shadow” IT services like Box.com, Google Drive, and Dropbox. Users are moving to these platforms in droves as they offer an intuitive interface that works whether or not networks are good enough for VPN, and allow convenient sharing with colleagues, or frankly, whomever. The fact that the organization may never obtain copies of the data for record keeping, compliance, backup, or auditing is of insufficient concern to the casual user just trying to get something done. Organizations have tried to legislate these services out of existence, with seemingly zero success. Nexsan’s view is that the only way to get users back to officially sanctioned IT mobility solutions is to provide a superior user experience, with standardized and familiar logins, huge capacity points, and an order of magnitude better performance when they are inside an organization’s facility. Furthermore, the user sees the same files in the same places, regardless of whether they are at their desk connected to a file share, or if they are browsing with their iPhone in a foreign country.
Of great importance is how the connections are established between mobile users and the on-premises storage system, to ensure that as a vendor Nexsan (nor anyone else of course) does not have access to the data in flight. The mechanism we use is rather like how Skype establishes connections – there is a “directory in the sky” which helps mobile client software find their corresponding on-premises Unity storage system(s). After the initial connection, there is an encrypted peer-to-peer path established between the mobile client and the Unity, and an Active Directory authentication handshake establishes what file systems and files the user should have access to. There is no need for a VPN, and users may cache files offline and upload changes when a connection is available. Unity comes with a license (at no additional charge) for unlimited numbers of iOS, Android, Mac, Windows, and Web clients in addition to the usual NAS protocols SMB and NFS.
The hardened archive option, which we call Unity Active Archive (UAA), is based on proven technology Nexsan has been marketing to specialized applications where ultra-high integrity is required such as banking records, police evidence, and medical imagery. UAA’s built-in resistance to file tampering or destruction gives you real-world protection against ransomware attacks.
Nexsan provides many of the benefits of cloud deployments of data collaboration solutions, without all the cost and risk. Our solutions, including a fair representation of all cost overheads, become less expensive than cloud storage between Year 1 and Year 2 (learn more in a detailed comparison). Users will be more productive, and less labor is required to pre-position files physically near to where the power users need them, before they need them.