OneDrive for Business – 6 Pros and Cons
With well over 300 million users worldwide, Microsoft 365 is arguably the most lucrative SaaS business in the world at the time of writing this blog post. The suite of software productivity tools is served from Microsoft’s cloud data centers worldwide, and comprises services that are essential for modern knowledge workers to operate. Services like e-mail, file sharing, collaboration, and conferencing are all part of the Microsoft 365 suite.
An oft ignored, but powerful, part of the suite, is the focus of our discussion today: OneDrive for Business. OneDrive is a productivity tool that allows file synchronization and sharing, which all enterprises need to equip their knowledge workers with. It comes with a generous amount of cloud storage space (1TB) per user and can be increased to as much as 25TB/user depending on the licensing plan one has with Microsoft.
An oft ignored, but powerful, part of the suite, is the focus of our discussion today – OneDrive for Business.
There are great (and not so great) things about OneDrive which businesses need to be aware of. Based on our experience here at Parablu in dealing with Microsoft 365 customers, I’ll list the top half-a-dozen of each kind.
1. Access anywhere / anytime
OneDrive is designed to provide users immediate access to their data no matter where they are, on any device. For instance, a user might start editing an MS Office document on their desktop at work, view it on their mobile device as they commute home, and seamlessly resume working on it from their MacBook that evening.
In fact, in order to be able to synchronize data beyond just what users store in their “OneDrive” folder, Microsoft allows synchronization of other folders on an endpoint with distinctive (and usually non-changing) names – like “Desktop”, “Documents” and “Downloads”. While this may place a penalty on network bandwidth by increasing the sync payload each time, it does allow users to synchronize data from a few other common locations where files are usually present.
2. Strong Security
With world-class data centers boasting state of the art security, you can be sure that your data is secure. Microsoft uses strong encryption to protect your data both during transit and at rest.
3. Easy File Sharing
Sharing a file is simple with OneDrive. Users can share files simply by right-clicking on a file and specifying an email address to share with. It is a more secure and efficient form of sharing as compared with email attachments and is not restricted by the same size limitations, etc.
4. Restrict access
As a security conscious organization, you can choose to place limits on which devices are allowed to synchronize files. If you wish to ensure that your employees are not synchronizing work files to a home computer or other unauthorized device, there are methods to place such restrictions. You can also decide which users are allowed to share files and what types of sharing they’re allowed to do (internal only, specific email domains, etc.).
5. Bandwidth limiting
It is possible for users to set a Kbps limit on how much bandwidth they’re willing to let OneDrive use for uploads and downloads. An administrator might also be able to apply a centralized policy to limit upload rates as a % of available throughput.
6. Files on Demand
This is a neat feature which allows users to conserve storage space on their endpoints. Users can choose to have most of their data resident only in the OneDrive cloud, and have only specific files which they prefer to ‘pin’, be downloaded to their endpoints. This allows users with relatively small disk drives on their devices to still store large amounts of data in OneDrive without requiring the data to also be simultaneously resident on their endpoints.
1. Security, yes. But Privacy?
While OneDrive is certainly secure because of the strong encryption Microsoft applies on your data, there are still questions about how much privacy you can expect. Since Microsoft performs the encryption, they also hold the ability to decrypt data if required. As an analogy, this is a bit like storing your valuables in a safe deposit box inside a bank, but letting the bank have a copy of the keys to that safe deposit box.
While Microsoft does have policies to prevent their employees from accessing user data, there is no technological barrier, as far as we’re aware, that can prevent this from occurring. And as a multi-national organization, Microsoft is required to comply with demands from various governments for access to customer data – which they are usually asked to provide in decrypted form.
So, while your organization may find it acceptable to keep certain types of data in OneDrive perhaps there is other data you may choose not to store there.
2. Data belonging to employees who leave
Once an employee leaves, and their M365 license is relinquished, Microsoft is under no obligation to store their data long-term. Microsoft allows a period of time during which it is the organization’s responsibility to recover the employee’s data and make a persistent copy. Usually, this time ranges from 30 days to 3 months, but if you wish to recover data that belonged to an employee who left your organization – say, a year ago – OneDrive will not normally be able store that for you.
Be sure to have a policy or make alternate arrangements (such as a backup) to ensure that you don’t lose access to important data when you need it most.
3. Special character limitations
OneDrive also has some unfortunate limitations on the data that it can synchronize and store. In addition to characters not allowed by NTFS, OneDrive has additional characters that it finds objectionable when found in file and folder names. So, your users may find that certain files and folders which have legally valid names on their endpoints are unable to synchronize to OneDrive, unless appropriately renamed.
4. Path sizes
OneDrive also places a limit on the fully qualified length of a filename (including its path). While your users’ endpoint devices may also have NTFS-enforced limits on folder depth, they may realize that the allowed folder depth on OneDrive is considerably smaller. This is because the OneDrive URL in the form “https://-my.sharepoint.com/personal/…” may also count towards the path length and reduce the usable size.
5. Limits on Synchronization
OneDrive, which is based on Microsoft’s SharePoint software, has limits on how many items can be synchronized. As of the time of this post, Microsoft warns against synchronizing more than 300,000 files using OneDrive and warns of low performance once the 100,000 file threshold is breached. There are also limits on file sizes (250GB) and how many files can be uploaded or downloaded in a single operation.
6. OneDrive mistaken for a backup
Because of OneDrive’s ability to synchronize data and make secondary copies in the cloud, some organizations believe it can serve as a backup for their user endpoints. This is a strategy fraught with risk – because while OneDrive is a great file synchronization solution, it lacks many of the essential capabilities of a backup solution.
For one thing, OneDrive’s coverage is limited to just a handful of folders on your user endpoints – basically the OneDrive folder, and if you choose to enable them, the other Known Folders. If your users store data anywhere else on their system (like say the D:\ drive), OneDrive cannot really make a copy of that data.
Also, OneDrive has its own rules about what it will synchronize. Apart from the special character and path limitations we described above, OneDrive synchronizes PST files sparingly. Because of the bandwidth impact PST files may cause, OneDrive chooses to synchronize them infrequently. Also, OneDrive cannot handle files which are locked for use, so if a PST file is in-use by Outlook, such files are simply skipped over by the OneDrive sync client.
Backups of business data also need to provide protection against unforeseen eventualities such as a ransomware attack or malicious user deletion. An important property of an enterprise-class backup is something called ‘immutability’ – which means that an external program or user shouldn’t be able to tamper with or delete data in the backup archive. But OneDrive, being a synchronization solution, falls short of this requirement by its very nature. A user’s endpoint, if infected by ransomware, will rapidly synchronize the bad changes to the copy of data in OneDrive as well. Similarly, if a disgruntled user, intent on causing damage, wishes to delete all their data in OneDrive – it is quite easy for them to do so. There is no barrier separating these acts from the “backup” copy of data in OneDrive.
Backups of business data also need to provide protection against unforeseen eventualities such as a ransomware attack or malicious user deletion
It would be wise to keep the above limitations in mind and set appropriate expectations when rolling OneDrive out to your organization.
At Parablu, we work with a number of M365 customers and help them protect data on their endpoints, as well as their data in M365. We also have a patented approach by which you can leverage your investment in OneDrive, overcome several of the above limitations, and allow your users to use OneDrive securely.
If you wish to learn more, just write to us at email@example.com
At Parablu we build solutions focused on protecting enterprise data. Parablu’s BluVault and BluSync™ solutions are designed to enable robust data backup and secure file sharing. Our patented integration with Microsoft 365 and OneDrive for Business also means that you can deploy our solutions and leverage your existing OneDrive storage. Sound interesting? Reach out to us and learn more.