Mention the phenomenon called Shadow IT — and someone will likely mention Dropbox. 

Shadow IT happens when departments or individual employees use technologies that aren’t sanctioned by IT — something that has been increasingly easy to do since cloud-based services arrived. And Dropbox is often the service of choice.

Employees, left to their own devices, provision Dropbox file sharing folders, often violating company policy.

Why don’t employers stop this wild and flagrant behavior?  The simple answer:  Dropbox just works better than many enterprise solutions.

Your Cloud, Minus the Shadow

In recent months, Dropbox added administration features that business users require to help protect intellectual property and maintain distribution rights. 

But in the meantime, the developers of an open source project called ownCloud (with a small “o”) have been building a service that businesses can deploy on their own premises — or, more recently, in their own public cloud spaces.

OwnCloud constructs a Dropbox- or Box-like front end for a file sharing system that works simply and directly, using browser-based controls and easy-to-comprehend mobile apps. 

These “files” go beyond documents in a folder on a hard disk. They include documents in SharePoint, complex data objects stored using SWIFT or Amazon’s S3, objects in databases such as SQL Server or MySQL, and even (ironically enough) files stored in Dropbox and Google Drive.

It’s an effort at building the functionality that business users expect from mobile apps, into a server that the business owns, operates and controls.

“If you’re the end user looking at this, you see your files distributed across all of your devices as if they were the same on all those devices,” said Matt Richards, ownCloud’s vice president of products, during a recent company webinar.  “You can access them, work with them, make changes — they will be synced. You can share them with other people, and those other people will also see their files on their devices, when and where they need them.”

Sync and Share, Without Shame

Syncing takes place with Windows- and Mac-based desktop agents, just as with Dropbox, Google Drive, and OneDrive. 

But you’re not shown some directory tree or a map of the Internet where various documents are stored. Just as with a commercial cloud app, server location is essentially irrelevant to you — you're shown only the files to which you’re entitled, and perhaps the folders users create for organizing them.

You authenticate yourself with ownCloud through a single sign-on mechanism.  This way, if your documents are stored all over the planet — say, in SharePoint and Dropbox and Amazon S3 — you still see one single storage pool.

With the new ownCloud 8, you can create an anonymous File Drop point — a URL to which anyone can upload files. 

As Richards pointed out, this could be extremely useful for a tech support service.  By clicking on a URL, a customer can start uploading a log file or a photo of a service problem without having to log onto ownCloud or anyplace else.

Browser-Based Policy Management

The latest commercial version of ownCloud, announced last week, adds a feature called “File Firewall” that lets admins compose policies for storage, access, and distribution without having to use a text editor.  A step-by-step wizard collects all the elements of the rule together, and ensures proper syntax.

And with each new release, ownCloud gets a little more adept at this feature: storage federation. Essentially, it’s the ability for any group of ownCloud servers to share space with each other, with policy-based controls.

Richards explained it like this:  When cloud platforms first became public, they were central destinations for multiple tenants into one cluster of servers.  Salesforce is a good example. 

After management began asking, why can’t we have that kind of access in our own data centers, cloud platforms such as OpenStack were created.  “But really, they were isolated islands — small versions of the public cloud,” he said.

OwnCloud’s version of federation creates a view of storage comprised of all the clouds in the sharing group: a public cloud, for all intents and purposes, incorporating these private cloud instances.

The upshot here concerns the file controls:  Once you apply policies to a file being shared, those policies continue to be enforced even when the file is shared among users of different federated clouds.  So if you create a document that self-destructs on a given date, it will continue to do so.

“They can sync it, interact with it, access it on mobile — do all the things they could do with a file normally,” said Richards.  “But that file actually is managed and controlled on my server, which means my policies apply, my administrator controls the file, my data residency requirements are covered.”

The master copy of the document is retained on the corporate server; only the virtual link to it is shared. This opens up possibilities for future file sharing while maintaining privacy policies and compliance guidelines.

During the webinar, Richards told a story about users who subscribe to ownCloud Standard edition, prior to considering a move to the Enterprise edition with all the policy controls. 

“What we’ve found is that typically, after using ownCloud for six to twelve months, our customers start asking questions: ‘I have all this SharePoint.  Why do I need that?’”