online-storage-medium

This is the first in a series of posts about online file storage and sharing services.

For those not familiar, “online”, refers to a service accessed over an Internet connection, and is often referred to using the metaphor “cloud” services. The infrastructure required to deliver the online service is owned and managed by the service provider, which can be very attractive for a small business. In a future post, I will provide a brief comparison of the pros and cons of an online file storage and sharing service, versus purchasing a local file storage and sharing solution, such as a Windows File Server or Network Attached Storage (NAS) appliance.

This post will focus on the questions to ask when comparing between online file storage and sharing services.

I’ll provide a comparison of popular online services in the next post, including Dropbox, Box, and Microsoft OneDrive.

Finally, I’ll provide a post with my recommendation for an online storage service for small businesses without dedicated IT support.

The below table captures the questions that I think are important when selecting a file storage and sharing service. I have categorised these questions into mandatory, desirable and optional. This is important, as I will use the mandatory questions as the initial assessment criteria of an online service, before deciding to evaluate the desirable and optional questions. This avoids spending time on a full evaluation for a service that does not pass mandatory questions.

If a service provider passes the mandatory question phase, then evaluation will be based on the desirable questions.

Optional questions are acknowledged, but will not be used to make a final recommendation.

I hope the below table is useful if you plan to do your own evaluation of services, and apply your own definitions of question importance.

Consideration area Questions to ask
Setup

Mandatory considerations:

  • Is a 30 day trial available?

Desirable considerations:

  • Is the data transfer rate limited for bulk upload of initial files and folders?
  • What methods of payment are accepted?
  • How involved is the process to migrate files and folders?

Optional considerations: None

Personal functions

Mandatory considerations:

  • Are files kept in synchronisation if changes are made online, or if changes are made on a device?
  • What is the maximum amount of data that can be transferred or stored?
  • What is the maximum individual file size that can be transferred or stored?
  • Are full features available on iPad/ iPhone?
  • If the user already has access to the service for personal or other reasons, will your company data be kept separate?
  • Is there a maximum number of items that can be synchronised?

Desirable considerations:

  • Can the user select which folders to synchronise?
  • Are full features available on Windows Mobile?
  • Is a familiar Microsoft file and folder structure used?
  • Will open files synchronise to online storage?
  • If PC disk encryption is used, will changes to a file result in all files being re-synchronised?
  • Is a folder tree view available to help navigate to a destination folder?
  • Are there restrictions on the types of files that can be synchronised? (e.g. QuickBooks)
  • Is local file sync available to conserve Internet bandwidth?

Optional considerations:

  • Are full features available on Android?
  • Is it possible to have a one way sync to the cloud only? (this is helpful to provide back-up only copies that will not synchronise back to the original if changed)
  • Is it possible to create and edit files online?
  • Is it possible to stream video from the online stored file? (not the locally synchronised file)
  • Is it possible to preview photos viewed online? (rather than on the locally synchronised file)
Team functions

Mandatory considerations:

  • Can files be shared by sending links to other users in your company?
  • Can files be shared with external users? If so, is an account with the online provider required?
  • What is the largest file size that can be shared?
  • Can the file owner define permissions available on the shared file? (edit, read only)

Desirable considerations:

  • Can document tasks be assigned to others? (e.g. review, approve, update)
  • Are update notifications available for file or folder changes? (e.g. email or online activity feed)
  • How are potential conflicts of concurrent multiple updates on the same document managed?
  • Is there full text search available via online interface?
  • Can folders within a shared folder be shared?
  • Can folder ownership be transferred?

Optional considerations:

  • Can notes be appended against documents or folders? (e.g. description of latest updates, or suggestions on improvement).
  • Is there support to share your desktop or document with others?
  • Are website widgets available? (e.g. to share a document, or to accept document uploads).
Central admin functions Mandatory considerations:

  • Is a central management interface available?
  • Can individual user file and folder settings be centrally managed?
  • Can different storage quotas be allocated for users?
  • Can all content be searched and viewed centrally?
  • Can it be centrally defined which users can access which files or folders?
  • Can the permissions available to users to assign be defined centrally? (e.g. restrict, or allow, a user from granting edit rights to a folder or file to another users)

Desirable considerations:

  • Can folders to synchronise to users devices be defined centrally?
  • Can permissions be defined for a user group, and then users added to that group, to allow automatic allocation of access and permissions?
  • Are full central administration functions available to target for mobile devices users? (e.g. user owned Smartphone or tablet)
  • Is centralised reporting available? (who, when, what, by file and folder)
  • Can billing be managed centrally?
  • Can licences be centrally re-assigned if necessary?
  • Can an admin centrally add and remove users?

Optional considerations:

  • Can the online interface be company branded?
  • Is there a batch process to upload new users? (helpful for larger businesses)
Security Mandatory considerations:

  • Has the service been SSAE 16 Type 2 (or ISAE 3402 Type 2) audited in the last 12 months?
  • Is the service ISO 27001 compliant?
  • How comprehensive is the published security standard for the service?
  • Are previous versions of files available, if so, for how long?
  • If previous versions of files are available, can it be defined who has access? (users only, central admin only, or both)
  • Is it possible to mass restore file versions from a given date?
  • Can deleted files be recovered, if so, is there a time limit?
  • If deleted versions of files are available, can it be defined who has access? (users only, central admin only, or both)
  • Is it possible to mass restore files deleted from a given date?
  • Can users be added or removed from centrally?
  • Can user password complexity be defined?
  • Can user passwords be reset centrally?
  • Can passwords, including complexity, and expiry, be defined for links shared externally?
  • Is data at rest encrypted?
  • Is data in transit encrypted?
  • Does the online provider have access to read your files?

Desirable considerations:

  • Can sharing of a file or folder outside of a team be prevented?
  • Can user passwords be set to expire?
  • Can users be required to define their password on initial logon?
  • Is it possible to remotely remove files from a device if lost or stolen?
  • Is two factor authentication options available?
  • What is the published service availability?
  • Can files shared with external users be audited? (for example to see if still current or required)
  • Is it possible to restrict access to IP address ranges?

Optional considerations:

Application integration Mandatory considerations: NoneDesirable considerations: NoneOptional considerations:

  • Is Active Directory integration possible?
  • What third party applications can be integrated with?
  • Is integration with data loss prevention systems possible? (to assist managing regulated informations such as credit cards or medical records)**
Support Mandatory considerations:

  • Is email support available?
  • Is phone support available, if so, what are the hours of support?

Desirable considerations: None

Optional considerations: None

Ease of Use Mandatory considerations: NoneDesirable considerations:

  • How easy is setup?
  • How easy are personal functions to use?
  • How easy are central administration functions to use?
  • How easy are security functions to use?
  • How easy is support to use?

Optional considerations: None

Price What is the price for 5 users for 1 year?