In-Depth
How To Configure and Secure SkyDrive Pro in SharePoint 2013 and Office 365
Securely share documents in the cloud using the latest version of Microsoft's flagship collaboration and content management system.
SharePoint 2013 offers substantial usability improvements, most notably enhanced search, social and business intelligence integration. However, a key feature that's new to SharePoint 2013 and its cloud counterpart Office 365 is often misunderstood. SkyDrive Pro is the new document repository for Microsoft's collaboration platform.
SkyDrive Pro is a critical addition to SharePoint 2013. It lets you synchronize specific document libraries in SharePoint to your desktop and interact with them locally or online. As the use of tablets, smartphones and multiple computers fueled by the "bring your own device" movement, SkyDrive Pro promises to become an increasingly more important component of SharePoint and Office.
Many compare SkyDrive Pro to Dropbox for the enterprise. However, many IT decision-makers are reluctant to condone the use of Dropbox and services like it fearing for document security. They should know that SkyDrive Pro is a different story.
One likely reason for the confusion over the SkyDrive Pro feature in SharePoint 2013 and Office 365 is the name. It is actually due to change at some point following a trademark settlement with British Sky Broadcasting Group earlier this year. Also SkyDrive Pro has nothing to do with SkyDrive, the public cloud offering for storing files and other content. That service is more analogous to Dropbox. SkyDrive Pro is a program installed as part of Office 2013 and available as a standalone desktop install. It lets you synchronize document libraries or even Sites with your computers.
Microsoft introduced the concept of SkyDrive Pro with the shared workspace in SharePoint 2007 when it was called Office Groove 2007. With the 2010 release, Microsoft called it SharePoint Workspace, which gave you a little more flexibility when synchronizing files. It still felt too heavy for the average end user, though. Given the popularity of cloud-based storage solutions like Dropbox, Microsoft decided to bake a similar experience into SharePoint 2013 and Office 365 (Figure 1). There's no visible application to open, as it has been integrated directly into Windows Explorer.
The difference with SkyDrive Pro is your files aren't stored somewhere in the cloud with basic document management. Instead they're stored within your SharePoint platform, using its features like versioning, content approval and many more alongside this simple file synchronization application.
Configure SkyDrive Pro
The beauty of SkyDrive Pro is it requires little work to configure. All you need to do is make sure it's installed. Thankfully it has a very small footprint, but you should anticipate disk size accordingly as files will start getting synchronized and thus take space on the computer.
SkyDrive Pro will be already installed as part of your Office 2013 deployment. You can also download and install the standalone SkyDrive Pro Windows client. It's also available as an MSI download if you need to deploy it using Group Policy or Microsoft System Center Configuration Manager (SCCM).
Once SkyDrive Pro is installed on your employees' computers, whenever a user clicks the Sync button (Figure 2) from the SharePoint Site or document library, it will begin the synchronization process with the installed SkyDrive Pro client. You can also synchronize with any SharePoint library manually from the options of your installed SkyDrive Pro application (Figure 3).
Document Security
So we know what SkyDrive Pro is and how we can configure it to synchronize our SharePoint content to our computer. While there hasn't been any specific configuration relating to document security, rest assured it's there. Definitely one of the strongest selling points to SkyDrive Pro is that documents are securely stored in SharePoint.
SharePoint makes its case as a collaboration and content management platform for small, medium and large environments regardless of whether this is on-premises or on the cloud with Office 365 and SharePoint Online. By putting documents in document libraries in a SharePoint Site, we benefit from all the features associated to these documents including:
- Versioning
- Content approval
- Workflows
- Check in/Check out
- Metadata
Because SkyDrive Pro is simply synchronizing these files, you can still benefit from these SharePoint features for your documents. This is more useful and secure than established cloud file storage services like Dropbox.
To secure content, you start with an important choice. Depending on your company and its regulations, having the option between on-premises and cloud to store these documents already makes a huge difference. Take services like Dropbox for example. The documents live only within folders inside this cloud service. You can't have those documents stored on your servers only and give your employees the ability to use the same Dropbox-like features to sync files. That's where SkyDrive Pro stands out. Once you've decided where these files will reside between on-premises or in the cloud, you'll then need to secure the actual files in the document library.
Establishing Access Rights
To manage security on files synchronized with SkyDrive Pro, it's best to manage the security at the entire site level first and drill down to the library level if required. SkyDrive Pro will only synchronize files and folders to which your users have access in the library. SharePoint 2013 introduced the concept of sharing for security and authorization of documents. You shouldn't create new permission levels if planning to use SkyDrive Pro to synchronize afterwards. It might not understand this new level of authorization.
As you see, there's no real configuration necessary as SkyDrive Pro is really using existing SharePoint infrastructure and security applied to these document libraries when synchronizing to users' computers. Securing your documents for SkyDrive Pro really is more of a SharePoint security job rather than a SkyDrive Pro setting. But what about the actual transfer of files from my SharePoint on premise, for example to a laptop connected to a hotel's Internet connection.
Microsoft has released some information related to security considerations and recommendations in this TechNet article ("Plan for SkyDrive Pro in SharePoint 2013," technet.microsoft.com/en-ca/library/dn232145.aspx). This explains that communication between the SharePoint server and the SkyDrive Pro client is actually not encrypted unless using the HTTPS protocol. Through a Group Policy setting, you can enforce a rule that will deny the SkyDrive Pro client from synchronizing unless it's connected via the HTTPS protocol.
Then there's the matter of securing synchronized content on the computer itself. You need to plan for this ahead of time because it can require a lot more effort if you do it after you've already configured synchronization connections. When synchronizing for the first time, you can specify the disk upon which you'd like to store your Synchronized files (Figure 4) by clicking "Change."
This would be the perfect opportunity to store the files on a Bitlocker-encrypted drive. However, there's no real way to enforce or prepare this for your users. They'll have to make sure they select the right location to store their files.
Sync Considerations
Most of the work takes place in SharePoint Sites and document libraries. Security will have to be managed there. Once it's installed on the users' computers, SkyDrive Pro will make the synchronization possible on the drive specified before the first sync. It's also important to consider the lack of encryption between SharePoint and the client when connected via HTTP.
Once the files are synchronized on the disk, you'll have to ensure the disk has the necessary encryption available for your business needs. This can be done using BitLocker encryption, for example.
Another important consideration is that documents aren't removed from the computer once synchronization is no longer available or deleted. Of course, the Sync feature with SkyDrive Pro can always be disabled as well, either for many lists and libraries using a PowerShell command line or individually document library by document library in their advanced settings.
Though SkyDrive Pro itself is just the synchronization tool, plan ahead by implementing the proper level of security controls that meet your organization's requirements. Understanding what SkyDrive Pro is and can do should alleviate any fears related to using SharePoint Online.
About the Author
Benjamin Niaulin is Geek and SharePoint MVP at Sharegate, a boutique SharePoint development firm in Montreal. He's a certified trainer who travels the globe to help simplify the use of SharePoint.