Dump the file server: Why we moved to the SharePoint Online cloud [review]
It's no secret that my company had its own internal usage relationship with Google Apps go sour in the last half year. As our mobility, security, and feature needs continued to grow, at least in my eyes, Google seemed too focused on appeasing education and other niche sectors. As such, they've been leaving healthcare and other business verticals behind.
Is Google Apps necessarily a bad product? Not by a long shot. I just see Office 365 as a slightly better shoe: one that fits snug like a glove for our needs. And it's not just our company that has made the move from Google Apps to Office 365. To be honest, we get about 1-2 inquiries each week with customers who are looking to move in a similar direction.
If you're interested in reading about all of the reasons for my public flogging against Google Apps, please peruse my former piece that went into full detail about all the things that Office 365 resolved for us.
For this article, I wanted to focus on an important aspect of our move to Office 365, and that was our adoption of SharePoint Online as our sole document file server. I know, how passé for me to call it a file server as it represents everything that fixes what plagues traditional file servers and NASes.
Let's face it: file servers have been a necessary evil, not a nicety that have enabled collaboration and seamless access to data. They offer superior security and storage space, but this comes at the price of external access and coauthoring functionality. Corporate IT departments have had a band-aid known as VPN for some time now, but it falls short of being the panacea vendors like Cisco make it out to be.
I know this well -- I support these kinds of VPNs day to day. Their licensing is convoluted, they're drowning in client application bug hell, and most of all, bound by the performance bottlenecks on either the client or server end.
And similarly, file servers that are maintained well provide excellent return on investment. But in the small-midsize business realm I support, this is rarely the case. From little to no anti-malware protection, down to nonexistent patching routines. Too many organizations treat their file servers like a one-time investment, when they are really long term investments. Cloud storage, at least in theory, is meant to solve both of the above ills.
I previously wrote about how my company used to juggle two distinct file storage systems. We had Google Drive as our web-based cloud document platform, buts its penetration didn't go much further than its Google Docs functionality. That's because Google has a love-hate relationship with any Office file that's not a Google Doc. Sure, you can upload it and store it on the service, but the bells and whistles end there. Want to edit it with others? It MUST be converted to Google's format.
And so we had to keep a crutch in place for everything else that had to stay in traditional Office formats, either due to customer requirements, complex formatting, or other reasons. That other device for us was a simple QNAP NAS box with 1.5TB of space.
We've recently replaced it with a spare Dell PowerEdge server, but the device has been relegated to hosting only those files which are not cost effective to move to the cloud yet: client PC backups and raw multimedia from training we do. But we don't have to touch those files very often. In the case of PC backups, they usually go into storage and stay put for 30 days until we can safely delete them. And our training recordings are also just backups, as we place most of the content onto our YouTube channel.
I've been comparing all of the other players in this cloud storage market for some time now, as other clients have been asking for help making the move. We liked Google Drive's real time collaboration functionality, but the way it treated non-Docs files was pretty pitiful. Dropbox for Business provides the best headroom for growth, but it's starting monthly price is too much to swallow. And Box and Egnyte don't bring much more to the table besides bona fide cloud storage and sync; SharePoint Online offers a rich ecosystem that we can grow on.
For the purpose of running our day to day business needs, SharePoint Online has taken over for both Google Drive and our former NAS alike. We don't have to convert items to and from Google Docs anymore just to collaborate. We have as good, or better, permissions in SharePoint compared to Google Drive. And the search power in SharePoint is disgustingly accurate, providing the accuracy and file previews that we were used to on Google Drive.
Was SharePoint a pick-up-and-go solution like Drive? It definitely forced us to put some elbow grease into the initial setup, but the reward on the backend has been extremely gratifying in light of the daily pains we had with our GDrive-NAS hybrid scenario.
It may not be a solution for everyone, but it definitely fits the bill for us.
What the Heck is SharePoint Online?
First off, let me clarify the product I am referring to in this article. SharePoint comes in two primary flavors now, with some important differences between each. Many people throw around the names interchangeably but they are different beasts, and as such, I am not going to continue propagating that mistake.
- SharePoint Online (SPO): This article focuses squarely on this edition of the product. SPO is the cloud hosted product from Microsoft that comes bundled with various Office 365 plans, but can also be purchased standalone. It always gets the latest and greatest features first, and requires zero maintenance by the end user.
- SharePoint 2013 (SP): This edition is meant to be installed either on-premise or on a cloud server like within Windows Azure. It's used primarily by large organizations with IT staffs to match. I wouldn't recommend this edition to any company under 300 users.
That pretty much sums up the two products. For all intents and purposes, if your organization is looking at SharePoint Server 2013 on-premise, a lot of the contents of this article may not apply. SharePoint Online is first and foremost a cloud solution that has additional tie-ins with Office Online products, OneDrive, etc that may or may not exist in the on-premise version of the product. Seeing as our company doesn't have much experience with this edition, we will only mention it in passing.
The areas that SharePoint Server 2013 excels over SPO are contained within aspects such as connecting multiple instances of the product in a server farm environment, storing large amounts of data without incurring cloud storage fees, and other Enterprise centric needs. Plain and simple, I have yet to run into a small or midsize business that was not better suited by the SPO edition of SharePoint.
Describing SharePoint Online in a single sentence is very tough to do, because like Google Drive, it serves multiple purposes in its latest iteration. It's a cloud file server (the focus of this piece). It's a content search hub. It can run public websites and internal intranets. It can help handle complex document workflows. You can even run Access databases on it.
A lot of people are interested at how it compares to Google Apps' offerings. I say it like this: SharePoint Online is a Google Drive and Google Sites mashup on considerable steroids.
I'll be completely honest and let it be known that I had nothing but contempt for SharePoint until last year's release with the revised Office 365 suite in late January 2013. Not only was the cloud edition of the product too convoluted for most people, but the on-premise version was an even greater nightmare. It's not that it didn't provide the functionality people wanted; it was just a beast to setup and maintain over the long term.
And the biggest downfall of the prior editions? Most access to SharePoint data was relegated to the web browser, meaning that Dropbox-style access that people have grown accustomed to over the last half decade was only a pipe dream. For a service company like mine, that is out in the field more than half of the workweek, browser-only access to files was a non-starter.
I can finally work as I wish, in-browser or in Office 2013 -- or both at once. My entire company "file server" is synced via OneDrive for Business to my Thinkpad, and likewise, I can edit any files in a browser via Office Online apps. It's a nirvana that Google Drive almost afforded us, if it weren't for Google's distaste of traditional Office files. It's good to know you can have your cake and eat it too.
Microsoft released SkyDrive Pro last year, which has since been transformed into the renamed OneDrive for Business just recently. The tool not only allows you to access your personal "My Docs in the Cloud" (which starts at 25GB per user now) but more importantly, for organizations moving their file servers to the cloud, it lets them sync up to document libraries.
You may be curious at what a document library is. And that's a good question, because the way that SharePoint organizes storage is a bit different than most other providers. Since SharePoint is built around a collaboration and search focused backbone, it requires more structure to how data is placed into the service.
Much of this hums behind the scenes and is never seen, but the basic concepts are important because too many people think that you can just dump data straight into SharePoint Online and make it work like a file server.
- Site: This is the uppermost boundary tying together an administrative set of data. Think of a site the glue that holds together any kind of data you can place into SharePoint (web pages, lists, files, images, etc).
- Document Library: There can be an unlimited number of document libraries in a site. For most organizations we work with, the default Team Site is where we build out all needed document libraries. Think of these as logical filing cabinets that will store collections of related data like docs, images, etc. You can related document libraries to how we use shares on traditional file servers -- most data on a share has a common relation or functional purpose.
- Files and Folders: This is what most end users care about, and these can be freely created, moved, and locked down within a document library. There is a small set of file types that cannot be placed into SharePoint Online which you should be mindful of.
As you can see, there are some conceptual building blocks that have to be taken into account when building your SPO "file server in the cloud". While Microsoft advertises OneDrive for Business as being able to serve this purpose simply on its own outright, this is slightly askew marketing at its best.
Microsoft doesn't bring this very point front and center: that OneDrive for Business without document libraries cannot allow for mass sets of files to be shared in a file-server style environment. You know, the way we are used to working with shares, where large collections of files can be dumped into folders and as long as someone else has permissible access to the files, they can view/edit/etc them?
OneDrive Without Document Libraries DOESN'T Replace the File Server
OneDrive for Business DOES allow you to share files, but unless you specify every single person individually on files you are sharing, the items will not be seen in their "Shared with Me" view. This is one of the first roadblocks that I had to fight when I tried to test out SkyDrive Pro last year. There is not much information online that alludes to this, as Microsoft's marketing engine wrongfully assumes that people don't wish to continue thinking of their files in a server-centric approach.
Our company usually works with clients on setting up the basics for getting document libraries separated, OneDrive configured, and all other aspects that pertain to a post-server lifestyle in the cloud. There are a lot of concepts to wrap your mind around, and I won't dive into them in detail here.
The biggest thing to remember is that OneDrive for Business, on its own, does NOT function as a file server in the cloud. That power is solely available through Document Libraries in SPO.
I'll go into other aspects of how SharePoint Online and OneDrive work together further down.
Cost: How do the Biggest Names Compare?
Anyone planning on ditching their file server is probably quite interested in the recurring cost of making such a move. Customers have been pegging me with this question for some time as well. For the sake of writing this article, I decided to do some fact finding to put my various notes and emails on this topic with clients in a definitive one-stop format. I created a master spreadsheet that outlines all major aspects between the top five contenders (in my opinion) in the cloud file server market.
I want to make it clear about the different editions of each product that I used to compare against the other names. For SharePoint Online, I decided to base my pricing at the standalone Plan 1 level for the sake of simplicity. I know that SharePoint Online is a part of many Office 365 plans (we use E3 ourselves, which has it) but then the pricing will not be accurate against all the others since Office 365 provides a lot more than just cloud storage.
A similar decision was made for Google Apps; I did NOT account for any edition besides the Business and Education edition which are the two most prevalent editions. For Dropbox, I decided to use the Business edition since that is best suited to organizations moving off the free version. Box Business and Egnyte Office were also similarly chosen targeting small to midsize offices.
How do the different providers stack up? Here's my pricing breakdown that is valid as of March 23, 2014:
SharePoint Online clearly wins out much of the pricing category against the others due to Microsoft's insistence to offer SPO as an ala-carte product, not an all you can eat buffet that other names represent (especially Dropbox for Business). The fact that Microsoft offers additional SharePoint Online tenant storage pricing at only $0.20USD per gigabyte is a winning differentiation, as all the other provides insist on forcing "storage packages" down your throat.
Google is the most forgiving of the rest of the pack, but still not as friendly towards smaller businesses that want to start small and piecemeal their storage needs as they grow.
Dropbox for Business offers an attractive base storage plan that is truly unlimited, but you pay dearly for that bragging right: you have to bring at least 5 users onto the plan, at a cost of $15/person per month. That means you can guarantee that you won't be spending any less than $900USD per year, even if your office of 15 people only needs 200GB of storage space. Not my kind of way of doing business, honestly.
Google also has an attractive offering, with pricing for the year starting at $60 (if you pay by the month; yearly prepaid accounts get $10 off). They give each person 30GB of Drive storage space, but be mindful that this is deceiving because Google considers their space shared between Drive, Picasa, and Gmail. So if you have a 20GB inbox and another 2GB of photos on Picasa, you're only left with what's leftover (in that case, about 8GB).
Google forces storage upgrades in packs that have different pricing, with the cheapest starting at $4 for 20GB extra per month. The price per gig cost on that comes out to the same amount that Microsoft charges on its piecemeal offering of $0.20 per gig per month. Competitive, but I still think Microsoft's approach of allowing single gigabyte upgrades is much friendlier for small organizations.
It's important to have a look at the sample monthly costs I stacked up across the board. These represent what average sized smaller organizations would be spending on cloud storage with each provider. I didn't offer up multi Terabyte samples because this is not representative of what organizations we work with look like. You can run those numbers for your needs, but for the sake of comparison, I offered three different user size counts along with various storage needs.
The savings that SPO represents is fairly drastic across the board, and I would only assume it to be even greater if you pair your needs with an Office 365 plan level, that discounts pricing for all included services appropriately. But seeing as I am not interested in comparing apples to oranges here, our comparison sticks with SharePoint Online Plan 1.
You can make your own conclusions before moving into any of these providers' clouds, but unless you have huge sums (1TB plus) of data to move up, SPO is going to be an attractive option for most companies. Otherwise, Dropbox for Business or Google Drive may be your better bet.
Calculating exact pricing per month for SharePoint Online is a bit tougher to do, since the way that storage is handled can be a bit confusing. Microsoft pools a baseline 10GB of space your entire company, and then adds on an additional 500MB for each extra user you have on your account. 2 users represent an extra gigabyte of space, and so on. This distinction must be made when trying to find how much it would cost to move your data into their cloud, since otherwise you may overcompensate with additional storage unnecessarily.
Features in SharePoint Online vs The Rest
Even though I didn't do so, you can easily draw an imaginary line between Google Drive and Dropbox for Biz on the chart below. I see SPO and Google Drive representing rich platforms that do much more beyond just storing and syncing files. The others are just that: cloud storage entities that are merely throwing oodles of raw datacenter HDD space at customers.
You may not be interested in being able to edit your Office files in a web browser, build an intranet, or collaborate with others in real time on your docs (not just "share" them in the traditional cloud sense). But as time goes on, I tend to find clients yearning for these functions more and more. The cloud storage arena isn't even that mature yet; I find it to be quite young, in fact. But I think Google Drive and SPO are leading the pack in the arena of functionality and expandability, in ways that Dropbox, Box and others just can't touch.
Here are some of my favorite aspects about SPO and what ultimately led me to the platform:
- Browser-based Office Online apps: I'm not even opening my Microsoft Office about half the time now to make quick edits to files on our SPO doc libraries. Office Online apps are browser based versions of all the core Office apps (Word, Excel, etc) that can be used in Google Chrome, my browser of choice. No other cloud storage suite aside from Google Drive offers anything like this.
- Real-time coauthoring of files: Another item that ties into Office Online apps, but can be used from the 2013 Office desktop apps too. If you know and love Google Docs, this is just that but for Office files (docx, xlsx, pptx, etc) that you we all have grown accustomed to. No need to upload and convert as Google forces you to. Office Online can seamlessly edit these files with multiple people at the same time. I wrote about how this looks in a previous post.
- Network recycle bin: While I am having a hard time finding a second level backup solution for SPO still (hoping that the Spanning will introduce something like they have for Google Apps) I find much comfort in the fact that SPO offers network recycle bins across all content placed into the product. I can retrieve any mistaken deletions, or malicious ones, with a few clicks.
- Unlimited file versioning: While it's not 100 percent practical to turn on unlimited versioning, you can do so if you truly want to. At FireLogic, we go back 25 major versions right now. For us, that's plenty of headroom for any mistakes made and fits our needs well.
- Easy sharing capabilities: Rarely do I attach documents to emails anymore. I'm usually creating links from SPO or inside my Office 2013 apps, and including them inline within emails. It reduces email file bloat, and best of all, ensures that clients ALWAYS see the latest version of a given file. No more reply after reply hell with file attachments.
- Seamless integration with Office 2013: While my reliance on desktop Office is being reduced with each Office Online update, I still live in Office when at the office, or onsite and internet is sparse. I can grab SPO sharing links from any core app, and even work in a co authoring manner from within the apps.
- Lync integration with SPO: My company used to hobble between Hangouts, Google Chat, Google Voice, etc in Google Apps. When we moved to Office 365, we ditched that hybrid setup for a unified Lync Online experience. In SPO doc libraries, we can not only see who edited files last, but start a chat with them right from the web browser in a Lync window. Small touch, but I enjoy it.
There's a lot that SPO brings to the table, and a lot of it ties back to Office 365 as you can tell. The two are made hand in hand for eachother. I'm not saying that a company that uses SharePoint Online in its vanilla form, detached from 365, won't have a great experience. It's just that you will have that icing on the cake if you are tying it all together in 365-land.
One of the first things I was worried about in a post-Google Docs life was: how great is the coauthoring experience? I will admit that Google has a certain polish on their product which Office Online is still working towards. If your users will be 100 percent relying on Office Online apps for their coauthoring needs, they will run into relatively few speed bumps.
Things get a little buggy sometimes when you are working with people across desktop apps simultaneously with Office Online users. I think Microsoft still has a work in progress here. Word 2013, for example, plays quite well with Word Online when coauthoring in real time. Word 2013 relies on autosaves to push updates into the desktop side, while Word Online is saving and updating in near real time. I guess this is one of the downsides of desktop apps; their legacy dependencies were not intended for a real time coauthoring future.
Excel 2013 is by far the stickiest experience for us. For example, our office manager could have an Excel file open from SPO through OneDrive (for example, our payroll calculations sheet) and I try to open the same document on my computer in Excel 2013. I can't make any edits to the file until she closes it. It seems that Excel 2013 is not up to par with the coauthoring changes in the other desktop apps; perhaps it's one of the tougher apps to get updated. The same limitations don't exist in Excel Online, naturally.
OneDrive for Business is a pretty feature filled add in that works just like the personal edition, but most importantly, provides for the syncing of one's personal OneDrive area, and allows for document library syncing. All of our company staff are allowed to sync doc libraries they have permission for to their laptops/desktops. There is an option in SPO to disable OneDrive sync capability, but it's a one size fits all solution: you can't disable it for individual users only. I'm hoping Microsoft will be changing that as customers are asking about that too.
One notable missing piece in the OneDrive for Business family is the presence of a Mac client. My coworker who is an avid Mac-only user gives me grief about this every week, so it's something I wanted to ensure that you know about. We have been getting around this limitation for Mac users by having them use Office Online, but this is not always ideal. For example, there are many times where my staff are onsite and need to access client records in SPO in local only mode due to network changes being worked on by us.
While some people can rely on always-accessible internet, as a tech consulting firm, we're knee deep in situations where this is not necessarily the case all the time. Having local Office access through OneDrive for Biz on my Thinkpad is a lifesaver, and I do feel bad for my Mac colleague. Luckily, Microsoft let loose at SharePoint Conference 2014 that this is changing:
There are solid rumors that the new Office for Mac 2015 will be hitting later this year, and I fully expect OneDrive for Business for Mac to launch with the new suite. The above screen was grabbed from a Microsoft employee that is already running the Alpha version of the app. (Image Source: SharePoint Conf 2014)
When it comes to mobile and desktop app availability, Microsoft is probably in last place in this regard. And it's relatively surprising to me, especially in the lacking of a native client for Windows Phone 8 at this point. The other providers have covered both sides of the desktop, and are covering most of the mobile sphere -- and in the case of Box, they have a mobile app for EVERY ecosystem including BlackBerry. Impressive.
It's not a deal killer for our company, or me personally. We're a heavy Windows shop, as are our clients, and the fact that 95 percent of SPO's capabilities are capable of being handled in the web browser, this is a fairly solid cross platform answer right now. But I know today's world is so app-driven, and this is not good enough. Microsoft's answer to the app dilemma has been "it's coming" for the last year or so, and I'm hoping there is some meat at the end of the stick soon.
As a Windows Phone user, the app equation has been bittersweet especially from Microsoft. While there is a native OneDrive app for Windows Phone, it doesn't touch any documents or shared files in SPO or OneDrive for Business. And the "Office" app on Windows Phone allows me to view recent documents I've opened on my desktop or web browser, but I can't browse my SPO folders in any legible way. It's an odd situation that just needs to be fixed.
I also want to touch on permissions briefly in SPO. If you are coming from a Windows Server based environment, rest assured that Microsoft did not drop any balls here. While best practices always recommend you stick with assigning users to groups and setting permissions in this manner, you can setup per-user granular permissions on any file or folder in a document library. Read only, editor, limited viewing, and many more permission levels are there at your disposal. There's not much I was able to do in a Windows file share environment that SPO cannot handle.
Search is also something that SPO handles with ease. Google Drive had excellent file crawling capabilities, and I was expecting nothing from SPO. It definitely delivers! SPO search can crawl any data that is readable within a file, including metadata, and even allows you to view file previews prior to opening an item if you are unsure if that is what you were looking for. Since SPO is a platform that runs near exclusively within SQL Server behind the scenes, it's not surprising that data crawling is so easy for it.
Which leads me to my next point regarding the use of SQL Server in SPO. While SPO is definitely a speedy product, I think it still has some room for better performance. I think Google Drive has a bit of extra pep to it when you put both head to head, especially in some file opening instances or performing searches.
To this effect, it's not far fetched to believe that Microsoft will be implementing its new SQL Server 2014 product to power SPO, which is already showing 30 times the performance improvements compared to SQL Server 2012. Seeing that Microsoft is migrating SPO into Azure, I wouldn't be shocked if SQL Server 2014 was powering all or most of SPO by this time 2015 or sooner.
Another aspect of having such a reliance on SQL Server is the fact that, right now, Microsoft is not yet encrypting all data in SharePoint Online. At least not per what I can find publicly online. While most of the rest of Office 365 already has full encryption for all communication to information in transit and at rest (email and Lync, notably) SPO is still awaiting such a security enhancement.
Microsoft's datacenters are pretty serious affairs, but this graphic puts the nuts and bolts in an entirely different light. You can view the in-depth walkthrough on how all this works from this SharePoint Conference 2014 session. The amount of redundancy and copies that exist for any of your data at any given time are impressive. (Image Source: SharePoint Conference 2014)
The problem with running an entire ecosystem is that you have to utilize something called TDE (Transparent Data Encryption) which allows for real time encryption/decryption of data from SQL databases. Implementing such tech for SPO across the board must present a real strain on datacenter resources, but if Microsoft is serious about having SPO reach into the highly regulated sectors (HIPAA, government, financial, etc) they have to get full encryption implemented into SPO from end to end -- not just for endpoint communication into the platform.
On the uptime and support front, Microsoft offer the same guarantees as they do for the rest of Office 365. Three Nines of uptime (99.9 percent) and 24/7 phone support from their call centers. All of this is backed up by a public SLA which is similar to one that Google offers for Google Apps. It's interesting to note that the other players make references to SLAs they offer to some clients, but none of them publish their SLAs publicly for viewing. I'm not saying they have anything to hide, but I think they should evaluate their level of transparency once over.
Limits in SharePoint Online & OneDrive for Business
No platform is without its intricacies, and SPO isn't any different. SPO has some limits in the way that it handles files, the storage space it doles out, and other aspects about its operation. Customers ask me about these all the time, so I'm bringing them front and center up against the other big providers.
SPO is a slightly different beast compared to the other providers in that it considers storage space on two different levels. The first is individual storage space per-user that is accessible for each person in their personal OneDrive for Business. This is the effect of their "My Docs in the cloud" that I referred to earlier. Secondly, there is a concept of tenant (or pooled) storage that applies to document libraries and sites in general. Think of this space as the "bucket" which is pulled from for your file server in the cloud in the form of shared folders.
Microsoft just upped these limits, and allows for OneDrive personal space and site collections to hit 1TB in size, and best of all, overall tenant storage for your entire account has no limit now. Redmond is serious about getting SPO in a position to not only compete on value-added features, but on raw storage sizing as well, up against the likes of Dropbox and Box.
Two other limits that I will make light of are the 5000 document per library sync limit when it comes to OneDrive for Business. This is where proper document library planning comes into play, so that you aren't dumping 10K files into a single document library and having your users complain that they are missing half of the old file server. This limit is much smaller than the limit for how many files your personal space in OneDrive for Biz can sync, which is 20,000 items. Microsoft outlines all of these limits online for the curious.
I will call Microsoft out on the lowly per-file size limit they have in SPO, which is 2GB per file. In light of Dropbox having no limits, and Google Drive capping out at 1000GB per file now, it's tough to see why Microsoft can't work on upping this limit. I know that the limits of SQL Server behind the scenes may have some effect on this, but SPO needs to pick up the game if it wants to outshine the others.
We're not storing super large files like this on SPO, and instead rely on our traditional server for these needs. But as cloud storage continues dropping in price, and file size limits continue rising in SPO, I can see a day potentially when we will drop our legacy file server needs entirely.
You have full control over file versioning in SPO, and can technically place no cap on this in the SPO admin center. But be warned: version history does eat into your storage quota, so allowing unlimited version history is not really recommended. Nor would I think this to be practical for any organization. If you have greater versioning needs, perhaps set a limit of 50 or 60 versions back and also enable minor versioning, but refrain from using the unlimited setting. Your storage quota will thank you.
Security & Privacy in Cloud Storage
This is a tough discussion to have with some clients. There is usually a mental mountain to climb when it comes to believing that the cloud could actually have better security in place than what a company can place behind its own locked doors. But more often than not, I do find this to be the case. Piecing together how this is the case tends to be the tricky part.
Luckily, SPO is backed by some heavy artillery from Microsoft's concrete datacenter privacy and security commitments. Redmond has been working very hard on convincing the most stringently regulated industries that their data is safe in Microsoft's cloud. We didn't make the move for our data lightly either: we keep confidential client records, internal company data, marketing information, and other items on SPO now. We're also regulated by HIPAA since we are a business associate for numerous clients who are considered HIPAA covered entities.
Here's a glance at all of the security/privacy safeguards that Microsoft and the others have met so far:
Out of all the entities on the list, Microsoft arguably has the best resume when it comes to security compliance standards. And while they have not achieved FedRAMP for Office 365/SPO yet, their Azure datacenters have reached this high benchmark as of last year, and have stated in public documents that they are working towards the same for 365/SPO sometime in 2014.
A lot of our clients have been making moves to Office 365 for meeting HIPAA compliance needs, and it's a given that SPO has this covered. Not only can you use SPO for ePHI in the form of traditional Word or Excel documents, but you can also build database driven Access apps on SPO. This is a great, integrated manner to leverage database functionalities without spending more on separate similar apps like the dreaded Filemaker I so love to hate.
I will point out that NO provider has met PCI DSS (Payment Card Industry Data Security Standard) compliance yet, which would allow you to store customer credit card information in their cloud. Just like with FedRAMP, Microsoft has received PCI compliance on their Azure cloud infrastructure network, but this does not entail SPO or Office 365. This will probably come hand in hand with SPO getting Transparent Data Encryption for its SQL backbone.
Of the rest of the providers, I think that Dropbox and Egnyte have quite a mountain to climb still in order to reach the same levels of what Google and Microsoft have carved out. Most notably, Dropbox has yet to receive HIPAA compliance, which means the healthcare industry has no choice but to stay far away from arguably the first innovator in cloud desktop sync.
Coupled with the granular permissions that can be setup on document libraries, I find SPO to be a near 1:1 replacement for what traditional file servers provide, given that you aren't regulated by FedRAMP or PCI. Those two earmarks aside, SPO's security paradigm is pretty top notch, especially up against the competition. For the price point SPO comes in at per user, the amount of security afforded cannot be beat.
SPO Still Has Room to Improve
Microsoft has a real gem on its hands with SPO. Is it perfect? Not by a longshot. I've denoted some of the gripes we have with it. With as many announcements as Microsoft has been making around OneDrive and SPO in the last few months, it's fairly safe to say that Redmond is serious about growing SPO into a powerful part of its cloud portfolio.
The app layout, especially on the Mac side, needs to get resolved. Office for Mac 2015 is just around the corner, and I'm dearly hopeful that Onedrive for Biz for Mac is bundled in with this release. The treatment Microsoft has given Lync on Mac is rather pitiful thus far, and they are repeating a similar path with SPO on all fronts aside from Windows. Judging from what I saw at SharePoint Conference 2014 (shown above), fingers are still crossed.
I also believe that OneDrive's tendency to get clogged up when it comes to file syncs at times needs to be improved. Microsoft isn't alone in these bugs; Dropbox and Google Drive have just as many instances where the gears just get clogged and you need to force a sync or clear out sync issues. This is probably one of the biggest roadblocks to desktop sync apps presenting a problem free experience. For now, it's a relatively smooth ride that requires some diligence along the way.
And I must question Microsoft's intention to keep the barrier to entry on SPO relatively higher than what it is on Dropbox or Google Drive's side. As I mentioned, without document libraries, moving a file server up to SPO is a disaster waiting to happen. But implementing document libraries properly still requires a fair amount of technical planning and foresight, something which consultants like myself need to assist with. Why can't Microsoft make SPO doc libraries as accessible in setup and operation as OneDrive for Business is when it comes to a user's personal files? Does it have to be this hard to get started?
Don't take my stance the wrong way. I fully believe that the time and energy investment in setting up SPO reaps its rewards many times over the further you leverage the product. Between Office Online, OneDrive, coauthoring, search, and the cheap piecemeal storage offered, SPO is an entity that doesn't have any other direct competitor, toe to toe considering all that it provides, aside from Google Apps.
Some of the biggest objectives for Microsoft in new SPO features for the next year or so: Android tablet support, tighter integreated communications, better desktop app to Office Online feature fidelity, and more. (Image Source: SharePoint Conference 2014)
But I guess it comes down to what your organization is truly looking for. If all you want is a never ending dumping ground for cloud storage, Dropbox for Business may be your better bet. If you're after the best in class coauthoring experience and are willing to forego Microsoft Office support, Google Drive may serve you slightly better. However, add up the sum of all your parts, and SPO stands above the rest in my professional opinion.
Are there good alternatives to going with a cloud provider like SPO if it doesn't meet the security regulations you're bound by, or other roadblocks? Most definitely, but I think both options are a decent amount more expensive up front. One option we have been routinely pushing is going with a Windows Remote Desktop Services experience for hosting files internally, while providing seamless outside access. This allows you to keep your file needs internal on-premise, but ditch the VPN yet offer a much faster experience.
Another good option that is out there is by using a Windows Azure server instance to host your file server in the cloud. The monthly costs on this approach are naturally higher, as you are asking Microsoft to host a virtual server on your behalf, but the security, speed, included Windows Server licensing, and low maintenance levels (not to mention no electricity usage!) are definite upsides. You can then connect to your cloud file shares over WebDAV and have a system that mimics near 100 percent what a traditional file server can do, with all the prowess of traditional Windows AD permissions.
With any potential move to a modern cloud powered solution, there are always trade-offs to consider. Is your organization willing to forego hefty up-front costs in exchange for a more gradual cost schedule? Have you considered looking at what your various TCO alternatives look like? Is your necessary security baseline going to be met by your intended cloud provider? Will the cloud be able to offer the storage space you need for the price you can afford?
All good questions to consider. If you're interested in seeing SPO and OneDrive in action, I highly recommend you have a look at the webinar I made last last year touching on most major points of the product. It should give you some functional insight as to how this may look for end users.
Is SharePoint Online the right cloud ecosystem for your organization? That's for you to decide. I personally find it to provide the most compelling argument of all the storage clouds out there, but you'll have to weigh your pros and cons to see if it fits the bill.
I will leave you with this: if your company is already on, or thinking of going to, Office 365, then SPO should be an almost no brainer. Not only does it tie into the same common ecosystem for your users, but it will most likely offer the cheapest option in your transition to the cloud.
Cheapest isn't always best, but in this case, stereotypes definitely don't apply.
Derrick Wlodarz is an IT Specialist who owns Park Ridge, IL (USA) based technology consulting & service company FireLogic, with over eight+ years of IT experience in the private and public sectors. He holds numerous technical credentials from Microsoft, Google, and CompTIA and specializes in consulting customers on growing hot technologies such as Office 365, Google Apps, cloud-hosted VoIP, among others. Derrick is an active member of CompTIA's Subject Matter Expert Technical Advisory Council that shapes the future of CompTIA exams across the world. You can reach him at derrick at wlodarz dot net