BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Among the Windows 8.1 features getting buzz is one called Work Folders. It's a tool that allows users to sync files between multiple systems in real time (or near real time) and have access to these files even when they're not on the enterprise network.
Microsoft's new features in the Windows 8.1 update include some of the biggest operating system changes we've seen in years. Work Folders requires Windows Server 2012 R2, along with some rudimentary configuration steps. This involves enabling the Work Folders role on the server, creating a Sync Share, enabling network access via Server Message Block, and setting up client access via Control Panel/System and Security/Work Folders.
Once you have Work Folders in place, it's "to the cloud" with all information, all the time. Users simply place files in their Work Folders directory in Windows 8.1, and everything is automatically synced between systems via the Internet.
With traditional third-party cloud file-sharing services, in addition to the Web front ends themselves, administrators must pay attention to the security controls of the workstations that have access to these synced files. Are they patched? Do they have malware protection? Do they have strong passwords? Most importantly, are they encrypted?
Windows security is not as big of a deal with Work Folders because admins have these controls at their disposal right in the workstation and server OS -- many of which you're probably already familiar with. It's a great way to save money and use what you've already paid for.
More about the Windows 8.1 update and cloud file sharing
Five security features are new in Windows 8.1
Rapid Microsoft updates force IT to keep up
If cloud file sharing is good enough for the CIA, is it secure enough for you?
IT could gain tighter control over data, thanks to enterprise cloud file-sharing apps
Windows 8.1 tries to appeal to enterprise IT with security enhancements
Work Folders controls are available via direct firewall access, Web application proxy, Active Directory Federation Services and reverse proxy configurations, Work Folders security controls are highly customizable. With Work Folders, data is encrypted in transit, and you can choose to encrypt it at rest via Device Policy (or BitLocker, etc.) when creating Sync Shares, as Work Folder shares are called.
You can also choose to automatically lock the workstation screen and require a password -- in addition to all the other endpoint Group Policy controls at your disposal for domain-connected systems, such as User Account Control and AppLocker.
In addition, admins can enforce file-system wiping and configure whether file syncing takes place over cellular or metered connections. This Windows 8.1 update could be useful in relation to bring your own device (BYOD) programs.
Indeed, a core challenge with cloud-based services and BYOD is that users are calling more of the shots in many organizations. Do you continue down the path of least resistance and let users do their own things with sensitive information and third-party file-sharing services? Or do you setup a more controlled file-sharing environment with Work Folders?
Sure, Work Folders doesn't have all the bells and whistles such as the third-party OS support and mobile apps offered by other cloud-based file-sharing solutions. The thing is, most IT shops I see have minimal influence over cloud apps anyway. Why not set everyone up for success with Work Folders, which you know you can control from the get-go.
With cloud-based file sharing comes responsibility. If responsibility is missing, then you've got some pretty serious compliance, security and information risk problems on your hands. The good thing is that Microsoft has really simplified this process for you with the Windows 8.1 update. Users are going to be asking for this functionality, so you might as well prepare yourself and your business for the inevitable. Microsoft has even made it simple for you in these step-by-step instructions for setting up a Work Folders test environment.