id2957620padlock100601087orig
Software & Web Development

Why ownCloud's CEO isn't worried about the death of Safe Harbor

Data sovereignty has become a hot-button issue ever since the EU's top court struck down the Safe Harbor agreement in October, and for many users of file-synchronization and sharing services, it poses a considerable problem. OwnCloud CEO Markus Rex sees it as more of an opportunity.

That's because OwnCloud -- which in many ways competes with the likes of Dropbox and Google Drive -- does file sync and share a bit differently from many of the better-known contenders. Most notably, it doesn't provide the storage: Customers can use whatever they want for that part of the equation.

What OwnCloud delivers is software giving users access to their data through a Web interface, sync clients or WebDAV while providing a user-friendly platform for viewing, syncing and sharing across devices easily.

It's essentially a self-hosted file-sync and share service, and it focuses on giving users control. Permissions, access control lists and compliance requirements are respected and can be met or configured at the file, object store or user level. Users have full control of their encryption keys, which are kept entirely separate from storage.

"We're really an abstraction layer," Rex said. "You get access to all your on-premises and off-premises files through an easy-to-use interface, and it's all under the CIO's control."

Europe has long had strict data-protection laws, and the Safe Harbor agreement was an attempt to ensure EU-level protection for European data processed in the U.S. It was deemed inadequate by the Court of Justice of the European Union, however, leaving many companies scrambling over cross-border issues.

Whereas providers such as Dropbox have been racing to set up European storage infrastructure in response, OwnCloud hasn't had do to any of that since it doesn't provide the storage component to begin with.

"It's very explicit: You own your own storage," Rex explained. "Companies just run our software behind their own firewalls."

Because OwnCloud is open source, the software is even available for inspection, should the need arise.

OwnCloud may be set apart to some extent by the fact that it's open source, but it's not alone in its ability to use on-premises storage as the central repository for enterprise file sync and share, noted Guy Creese, a research vice president with Gartner.

Citrix ShareFile, Egnyte, Novell Filr and Syncplicity also offer similar capability, Creese said.

Such services have been providing enterprise-class products for some time already, so "any concerns have long since been vetted by their users," noted Rob Enderle, principal analyst with Enderle Group.

"You pay a bit more, but you get a lot more control," Enderle explained. "Particularly if you are talking about sensitive or regulated data, that control becomes a requirement."

Since Safe Harbor's defeat in October, OwnCloud has seen an increase in the number of inquiries it's received, Rex said.

"It's tough for enterprises operating across national boundaries because the laws are all different -- at least for now -- and the legal environment is changing rapidly," said Roger Kay, principal analyst at Endpoint Technologies Associates.

Generally, if an organization is in charge of its own storage, it can set up its "depots" in each country according to its legal requirements, Kay pointed out.

"Of course, this is more expensive, since a single data center might be able to handle a whole region," he added. "But it's a best practice to spread data around among data centers anyway, for redundancy, efficiency of access and disaster recovery."

There is a slight risk if the system includes resources from multiple parties -- in this case, the EFSS and storage providers, Kay said. Specifically, "the interface between the two and with the enterprise customer may offer an exploitable weak link."

A fully integrated system could also run more smoothly.

Still, "if a company follows the rule 'keep the data in its country of origin,' it's in pretty good shape legally," Kay said. "There is a cost to that schema," but it may be less than the fines the company might face for not following such a regimen, he added.

OwnCloud's software has been downloaded some 7 million times this year -- roughly double last year's count. It claims more than 2.5 million users today. There's also an enterprise version offering features such as SharePoint integration, Oracle database support, a file firewall and a logging module with reporting. That version is priced starting at $9,000 per year for 50 users. OwnCloud currently boasts about 250 paying customers, the majority of which are split pretty evenly between EMEA and North America.

For CIOs wrestling with data-sovereignty questions, Rex has a few suggestions. First and foremost, "make a conscious decision," he said. "Watch out for your shadow IT, and don't let your traveling sales team decide your data privacy laws."

Second, "what really matters is where the encryption keys are stored," he warned. "Just because someone tells you the files are encrypted, if they have the keys, it's a bit pointless."

IDG Insider

PREVIOUS ARTICLE

« Microsoft delves deeper into Android with directory app for its own apps

NEXT ARTICLE

Microsoft to offer special version of Windows 10 for Chinese government »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?