White Paper

citrix.com

Jump start mobile productivity with MDM and secure file sharing XenMobile & ShareFile - a complete and secure mobility solution

Citrix XenMobile and Citrix ShareFile meet the complex needs of your mobile workforce with a complete, integrated and secure enterprise mobility solution—with a consumer-like experience people love. Both products are included in XenMobile Enterprise.

White Paper

citrix.com

XenMobile and ShareFile

2

Today’s mobile workforce depends on the ability to work and collaborate anywhere, with seamless access to all the resources their work involves—including both apps and data—on any device they use. For IT, the challenge is to provide this access while maintaining security and control. While mobile device management (MDM) helps you secure devices, it’s only part of the solution; complete mobile productivity also requires secure mobile email and the ability to access, sync and share data on any device people use. Most importantly, to win full adoption and prevent people from using non-secure personal apps instead, your enterprise mobility solution has to combine advanced features designed for business with a consumer-like experience they’ll love.

Citrix® addresses the secure mobile data access challenge with Citrix XenMobile®, a leading enterprise mobility management solution, and Citrix ShareFile®, a secure enterprise file sync and sharing service that meets the mobility and collaboration needs of users and the data security requirements of the enterprise. Available together as part of the XenMobile Enterprise license, these products let people sync, share, open and edit data in corporate apps on any device they use while IT maintains security and control.

The challenge of empowering mobile users secure access to data Mobility is no longer limited to niche use cases or groups—it’s now a fundamental requirement for people throughout the enterprise. Today, 61 percent of information workers work outside of the office, and the number of telecommuters will increase by nearly two-thirds over the next five years1. As people use more types of devices to access the apps and information their work relies on, and gain the ability to use personal devices and apps for work, IT faces new challenges to ensure security and control.

1Forrester Research, Business Technographics Application and Collaboration Workforce Survey, Q4 2013; Forrester Research, 2013 Mobile Workforce Adoption Trends, Feb. 4, 2013.

White Paper

citrix.com

XenMobile and ShareFile

3

Overturning traditional strategies based on network security and complete corporate control over app and device provisioning, these new ways of working are keeping many IT professionals up at night; 67 percent of technology decision makers say the lack of data protection capabilities on mobile devices concerns them2.

As a first step to close this gap and enable secure access to data on mobile devices, IT typically implements MDM to get control over devices and check them for jailbreaking, rooting and other security risks. However, MDM does not provide IT with full control over the data itself. For example, if a tablet user receives a file attachment using a native email client and subsequently stores the file on the device, the file may not be encrypted. If an attachment is extremely large, the user may not have the patience to wait for it to download to the tablet and may continue working without it, sacrificing the value it could have provided. Worse yet, if the device is employee-owned, when the user leaves the company, IT may not have the ability to remove the file without deleting the employee’s personal data.

Native email clients on mobile devices can hamper enterprise productivity as well. Designed for personal use by consumers, these apps lack important enterprise-class features like the ability

to add attachments to meetings and other calendar events, and to forward calendar invites to colleagues.

Users often try to get around the gaps in their enterprise mobility toolset by turning to personal cloud services like DropBox. As a matter of fact, 70 percent of companies know or suspect their employees are using consumer file sharing services without IT’s knowledge or control3. This creates many problems:

• Any data or files copied to the device itself won’t be encrypted. When these vendors say they provide security, they’re only talking about data in the cloud—not on devices.

• Any file stored in a personal service is out of IT’s control, so you can’t control or audit who it’s shared with or how it’s accessed.

• Data on lost or stolen devices is exposed to compromise. If an employee leaves the company, IT can’t go in and delete his files.

The popularity of these public cloud services makes them hard to root out of the enterprise—any IT alternative has to be at least as convenient and simple to use, or people will reject it.

Many MDM vendors offer file sharing solutions, but these typically fall short of enterprise requirements, with weaknesses such as:

• No option to store data on premise, in the cloud or a hybrid of both. According to a recent study by Enterprise Strategy Group, more than two-thirds of IT professionals using pure cloud-based online file storage are extremely interested in storing some or all data on-premise4.

• No ownership of document preview, editing or annotating technologies. Most vendors OEM this technology, which makes them dependent

2Forrester Research, Business Technographics Application and Collaboration Workforce Survey, Q2 2013.3Enterprise Strategy Group, ESG Research Report, Online File Sharing and Collaboration: Security Challenges and Requirements, August 20124Enterprise Strategy Group, The Demand for Hybrid Online File Sharing Solutions, February 2014

White Paper

citrix.com

XenMobile and ShareFile

4

on a third-party vendor for this critical capability. This approach increases costs for customers and leaves the vendor at the mercy of another company’s technology roadmap.

• No support for virtual desktops, making it more difficult for users and organizations to save money on storage costs.

• No Microsoft Outlook or secure email client plug-ins, and no Windows Explorer or Mac Finder integration, leaving users without key features to enhance convenience and productivity.

• No ability to connect securely and directly to content in Microsoft SharePoint® and network shares in its original location. Many file sharing services require the additional step of migrating or syncing SharePoint and network drive data for mobile access. Similarly, most solutions also lack the ability to connect to literally any enterprise content management (ECM) solution and allow full access, editing and save for content in its original location.

• No or limited ability to connect to personal cloud services. IT has no simple way to migrate existing corporate data in personal file sharing services into the enterprise solution, or to take a flexible approach to where and how users can store specific types of data if allowed by corporate policy.

• No large file size support. With design files, 3D graphics and video, and other large files often reaching into the dozens of GB, this is a significant limitation of the solution’s utility.

Perhaps most critically, these solutions fail the user experience test—and as a result, won’t prevent people from continuing to use consumer file sharing services instead.

What’s needed is a solution that meets the data access and sharing requirements of the enterprise—with made-for-business features that combine a high level of data security with a high-quality experience that users love to ensure full adoption.

Meeting user and IT requirements with a Citrix XenMobile solution that includes Citrix ShareFileXenMobile provides complete MDM and MAM capabilities for secure enterprise mobility management. IT can provide single-click access to mobile, web, data center and Windows apps from a unified app store, including integrated productivity apps with a great user experience. IT gains identity-based provisioning and control of apps, data and devices, automatic account de-provisioning for terminated users and selective wipe of lost devices. Application-level controls include data encryption, password authentication, secure lock and wipe, inter-app policies and micro app VPNs. XenMobile also provides business-grade secure email, browser and calendar apps to avoid the security gaps that can be introduced by consumer-grade apps.

Citrix ShareFile Enterprise Edition is a secure and robust enterprise data sync and sharing service that empowers users to share data with anyone and sync data across all of their devices. ShareFile seamlessly integrates with workflow tools such as Outlook and provides a rich user experience on any device to enhance productivity. Unlike consumer file sync and sharing tools, ShareFile provides management and control functionality that allows IT to deliver a secure service and store enterprise data in optimal locations to meet corporate data policies and compliance requirements. ShareFile is a powerful service that is simple for IT to manage and can be fully integrated with existing security infrastructure and policies. ShareFile also allows IT to leverage and mobilize existing investments such as network shares, SharePoint or any other ECM system with the ShareFile StorageZone™ SDK.

Available as single package, XenMobile Enterprise with ShareFile Enterprise addresses the full range of enterprise mobility

White Paper

citrix.com

XenMobile and ShareFile

5

requirements with the seamless, high-quality experience people demand—and the security IT needs. IT can:

• Empower users with Instant access to data, synced across all devices

• Improve collaboration and productivity through secure file sharing

• Meet corporate security and compliance standards with a secure service

• Deliver an enterprise-class service that meets workflow and productivity needs

• Retain control and deliver a managed service• Provide access to data wherever it’s stored, on

or off premise, including existing data sources• Secure and manage mobile apps and devices

with granular policies to support every use case• Improve user productivity with enterprise-

grade mobile apps designed for business

A consumer-like experience to ensure full adoptionShareFile helps IT wean users from personal file sync and sharing services by offering an enterprise solution that’s just as simple to use. ShareFile is specifically designed to provide a brilliant and intuitive experience on mobile devices, including a mobile-optimized web site as alternative way to access data. The offline feature allows users to access and edit their data on the go without interrupting workflow productivity. Single sign-on access to apps and data provides users with the ability to view, sync and edit their data as they roam across devices.

ShareFile also goes beyond personal services with capabilities designed for business, including:

• Mobile access to files stored in network shares, SharePoint or any other ECM system with the ShareFile StorageZone SDK

• Check-out/check-in for SharePoint files• A built-in mobile content editor, owned

directly by Citrix through the acquisition of ByteSquared, that lets people:

• Automatically sync folder contents for offline editing

• Edit Microsoft Word, Excel and PowerPoint documents offline

• Mark up PDF documents with text, arrows, shapes and drawings

• Support for large files up to 100 GB • The ability to sync files regardless of where they

are—server, desktop, laptop or mobile

Integrations with popular productivity tools enable a seamless experience to further enhance productivity.

Windows Explorer/Mac Finder integrationUsers can copy and send files directly from within the ShareFile library inside Explorer or Finder.

Workflow integration with Microsoft Outlook• Attachment conversion—Seamless integration

with Microsoft Outlook converts attachments into links and simplifies large file sharing both within and outside the organization.

• Large file support of up to 100GB—This feature overcomes the attachment size restrictions for sending large files and eliminates potential bounce-backs from the receiver’s email server.

• File request—Users can request files from co-workers or third parties by providing a link where the other party can upload attachments.

• Better control and visibility—Simple-to-use tools let people track usage, request logins, expire links and other key features to help control and secure file access.

Microsoft Office 2013 integrationOnce added to any Office app, ShareFile will be available across all the others as well. People can save documents directly into their ShareFile folder from the app’s native menu.

Mobile access to existing data repositoriesThe StorageZone Connectors feature allows IT to extend mobile access to existing data

White Paper

citrix.com

XenMobile and ShareFile

6

repositories. StorageZone Connectors let IT create a secure connection between the ShareFile service and user data stored in existing network shares and SharePoint. This innovative capability makes it easy for end users to securely access their work documents on mobile devices through the ShareFile apps. When accessing the data residing on Microsoft SharePoint, users can check out, edit, save and then check-in documents from their mobile device.

Seamless access to third-party cloud storageUsing ShareFile Personal Cloud Connectors, IT can enable a one way connection to personal file sharing services such as Box, Microsoft OneDrive, GoogleDrive and Dropbox to enable users to move their corporate data into ShareFile. IT can also choose to enable a two way connection to these services to facilitate collaboration with 3rd parties who have

standardized on one of these file sharing services, providing enterprises with the flexibility to determine how and where users store files. No matter where data is stored, ShareFile’s mobile content editor feature provides users with a convenient way to modify Microsoft Office files and PDF files and then save them back to their original location.

Integrated for seamless mobile productivityIntegration and single sign-on between XenMobile and ShareFile enable people to attach files from their ShareFile repository to emails in the Citrix WorxMail™ secure enterprise email client without having to first download the file to their mobile device—and without having to log into ShareFile during the workflow. Users can also embed a ShareFile link in their XenMobile calendar invite for meeting attendees to access documents.

White Paper

citrix.com

XenMobile and ShareFile

7

Automated account provisioningXenMobile with ShareFile makes it simple for IT to manage access to file sync and sharing accounts. XenMobile can create and disable ShareFile user accounts automatically as users join and leave the organization, ensuring that new employees have the tools they need to be productive while eliminating the security risks posed by orphaned accounts or those belonging to people who should no longer have them.

Optimization for virtual environmentsThe on-demand sync capability of ShareFile is specifically designed for pooled and hosted shared virtual desktop environments, including those powered by Citrix XenDesktop® and Citrix XenApp®. On-demand sync drastically cuts network load, bandwidth requirements and storage costs.

SecurityXenMobile and ShareFile provide complementary security capabilities that let IT empower complete enterprise mobility while ensuring security for corporate data on any device people use.

Data protection and secure access control with ShareFileEnterprise directory integration • ShareFile supports integration with Active

Directory via SAML or XenMobile. Two-factor authentication can be added for a higher level of security.

User and IT reporting• Users can receive reports on file sharing

activity within their workspaces. For IT, ShareFile provides comprehensive capabilities to track log and report on user file access, sync and sharing activity, including the date, type, place and network address of each user event.

• Access control policies

• Users can be granted download-only access or full upload/edit/delete rights at the folder level.

• IT has the option to request a login with defined password complexity for each user account, restrict the number of downloads available to a given user, restrict upload and download permissions for users added to team folders, and expire links to files whenever desired.

• IT can also restrict access based on network location and blacklist or whitelist email domains to control data sharing.

• IT can limit access to the Sync feature for specific users—for example, for those with managed or corporate devices.

Data security• Data is protected both in transit and at rest.

Files are transferred through ShareFile over a secure SSL/TLS connection and are stored at rest with AES 256-bit encryption.

• Through the Passcode Lock feature, IT can leverage the mobile device’s encryption capabilities and enforce encryption for all ShareFile data on the device.

• Customer-managed ShareFile StorageZone in Microsoft Azure allow businesses to benefit from the elasticity and flexibility of the cloud while maintaining ownership of their own encryption keys—an advantage typically only available on-premise.

StorageZonesWith the StorageZones feature, organizations can manage their data on-premise in customer-managed StorageZones or in Citrix-managed StorageZones—secure cloud options available in multiple worldwide locations—or use a mix of both. With Citrix-managed StorageZones, customers can choose between Microsoft Azure and Amazon Web Services enterprise-class data centers. IT is able to build its own solution with a customized storage model leveraging the benefits of both Citrix-managed and customer-managed StorageZones.

White Paper

citrix.com

XenMobile and ShareFile

8

StorageZones enable optimal user performance by giving IT the ability to store data in close proximity to the user. With customer-managed StorageZones, IT is able to place data in the organization’s own datacenter to meet unique data sovereignty and compliance requirements. Customer-managed StorageZones can be easily integrated with an organization’s existing infrastructure as they are designed to support any CIFS-based network share and Microsoft Azure binary large object storage. The option to store data in multiple locations also allows IT to build the most cost-effective solution for their organization.

Application-level and device-level security with XenMobile Enterprise • Device- or application-level password• Device- or application-level encryption• Selective or full device wipe• Secure application delivery• Micro app VPN • Prevent copy/paste between apps• Disable direct app access to camera or

microphone hardware• Prevent apps from printing data to AirPrint-

enabled printers• Allow an app to run only from inside the

enterprise network or to require a wifi connection

• MDX toolkit to secure custom or third party apps• Secure browser, email, calendar and contacts

Addressing enterprise mobility use cases with XenMobile and ShareFileXenMobile and ShareFile provide a complete solution to address key enterprise use cases.

Enabling secure file sharing without email attachments Native email clients often lack the ability to encrypt attachments downloaded to mobile devices, leaving corporate information vulnerable. There is also no way to selectively reclaim downloaded attachments that should

no longer be available to a user—for example, those shared with a contractor for an engagement that has ended, or with an employee who has left the organization. ShareFile lets you collaborate effectively with anyone, without the risks posed by uncontrolled email attachments. Instead of sending the file itself, people can send a link to the file in their ShareFile folder, with full control over who can view them, whether they can be edited and other factors. The link can also be set to expire to restrict access to specific periods of time.

The benefits of secure file sharing go beyond security. For users, large email attachments no longer clog in-boxes or consume email storage quotas, and even large files can be shared easily without being stopped by email server restrictions. For IT, large attachments no longer occupy expensive Tier-1 email server storage, and can reside instead in lower-cost NAS or cloud storage.

Diverting employees from non-secure consumer file sync servicesSolving “the Dropbox problem” is a top priority for IT organizations. While other enterprise file sync & sharing products fail to win adoption due to poor user experience or limited business features, ShareFile combines a high-quality user experience with enhanced capabilities designed for business, including the ability to sync files regardless of where they are—server, desktop, laptop—as well as integrations with other enterprise applications and productivity tools. By bringing file sync & sharing back under IT’s control, with full security, policy enforcement and auditability, ShareFile helps IT protect corporate data and maintain compliance.

Supporting board meetings while preventing leaked informationCEOs need to be able to share information with board members while ensuring that sensitive content doesn’t fall into the wrong hands. With

0614/PDF

Corporate HeadquartersFort Lauderdale, FL, USA

Silicon Valley HeadquartersSanta Clara, CA, USA

EMEA HeadquartersSchaffhausen, Switzerland

India Development CenterBangalore, India

Online Division HeadquartersSanta Barbara, CA, USA

Pacific HeadquartersHong Kong, China

Latin America HeadquartersCoral Gables, FL, USA

UK Development CenterChalfont, United Kingdom

About CitrixCitrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.citrix.com.

Copyright © 2014 Citrix Systems, Inc. All rights reserved. Citrix, XenMobile, ShareFile, StorageZone, XenApp, XenDesktop and WorxMail are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies

White Paper

citrix.com

XenMobile and ShareFile

9

ShareFile, all the documents for a board can be automatically loaded onto each member’s device as they arrive, configured selectively by IT for read-only access, and restricted to a containerized app as needed. Especially sensitive documents can be set to disappear automatically from the device as soon as the member leaves the room.

Reclaiming files at the end of a contractor engagementThird-party collaboration can be especially problematic for enterprise security, as IT is unable to control or manage devices used by external team members. With XenMobile, IT can create and manage a separate container on these users’ devices to contain all apps and data related to the engagement. At the end of the engagement, IT can easily wipe the container without touching other content on the device to ensure that no corporate data stays behind. Links to ShareFile documents can be set to expire as well.

ConclusionMDM is an essential capability to enable secure enterprise mobility, but it’s only the beginning. To close the security gaps introduced by consumer-grade email and file sharing apps—and give people the business-oriented features they depend on to be fully productive—your enterprise mobility management solution needs to include enterprise-grade file sync and sharing. Citrix XenMobile Enterprise Edition includes Citrix ShareFile Enterprise Edition to enable people to sync, share, open and edit data in corporate apps on any device they use while IT maintains security and control. A high-quality user experience people love, including seamless integration with popular productivity tools, helps you ensure full adoption and divert users from un-secure consumer apps. Granular, multi-layer security helps IT protect corporate information wherever and on whatever device people use it. Supporting key use cases throughout the organization, XenMobile with ShareFile is an essential element of your mobile workspace strategy.