The COVID-19 pandemic has forced millions to work from home.

In the tech industry, we call home computers and home networks unmanaged endpoints - unmanaged because we don’t control those devices and we have no idea how they’re configured.

There’s a whole bunch of risk that comes with unmanaged endpoints:

1. The operating system of home computers are often neglected. They could be lesser versions of Microsoft Windows or MacOS and haven’t received critical updates or patches.

2. The software or settings that we introduce into corporate environments to safeguard our computers aren’t implemented with unmanaged endpoints.

3. Disaster recovery options on unmanaged endpoints is challenging because data may be stored on the local hard drive of these machines. There may not be any data backups.

4. Privacy and confidentiality of corporate data may also be at risk because, again, such data is stored on an unmanaged hard drive. Who knows if the local admin password on the PC is set to a reasonable level as to disallow root-level access.

5. The use case of home machines are very different from business machines. There’s likely to be more risky behaviors (browsing, downloading, installing by end users) associated with these endpoints taken on by teenagers and children.

6. The networking equipment - like the home router and wifi access point - likely hasn’t been patched, updated, or even its root password rotated from its default setting.

And all of this spells big trouble for the small business.

The challenge is to transform these unmanaged assets into managed ones, and, to inspect the networking environment for potential risks and, well, you know … do something about it!

We help small business use technology better. That includes three critical solutions to help protect small business while distance-working.

1. Ongoing Endpoint Monitoring and Protection.

2. Online Backups.

3. Remote Support.

Our Endpoint Monitoring and Protection software reports vulnerabilities back to us so we can take corrective action. It turns an unmanaged endpoint into a managed one. It helps identify areas where the operating system may be vulnerable, or, when somebody installs a risky program. It also includes an antivirus, anti-malware, safe browsing, and intrusion protection system that counters typical threats to a user’s machine.

Our Online Backup solution is all about recovering the company’s data in addition to the user’s data while they’re using their own PC for company business. In the event of failure or if their machine is hit by a ransomware, we can recover the user’s data to a restored machine.

Our Remote Support is part of what we offer. It’s a human eye to look at the user’s network and can make recommendations to improve their security posture. We can red-flag issues that are unmitigated risks so that they can be dealt with; otherwise, we can help safeguard the remote employee with a few simple changes. And of course, if the user gets in a jam with their tech, we’re there to help so they can get back to work.

In all, our approach is to mitigate risk to the small business and to the employee by taking preventative measures. Instead of just reacting to failure - hoping that everything is okay with an unmanaged asset - we help our clients move beyond hope. We help small businesses have confidence in their ability to function and serve their customers.

That’s how we add value.

R

So yah - how does File Stream know to use your Google Drive?

Well, when it runs for the first time, Google Drive File Stream asks a G-Suite user to sign in.

The act of signing-in is the process by which File Stream is then authorized to access to the user’s Google Drive.

Once authenticated, File Stream will present a redirected drive with a My Drive folder labeled G: in Windows; it’ll be represented as a device within the Mac O/S.

The My Drive folder is the root of the user’s Google Drive and - generally - the content placed in My Drive is private to the user.

Where G-Suite Basic users will only see their own My Drive folder, G-Suite Business users would see their My Drive folder and their G-Suite domain’s Shared Drives (formerly known as Team Drives). Only the G-Suite Business license has access to Shared Drives.

When File Stream is active, it creates a runtime stub that appears in the system tray of a Windows computer; a small white and gray triangle near the computer’s clock displayed in the lower right side of the screen. On a Mac, File Stream’s runtime stub appears in the upper toolbar towards the right.

In both cases, the stub will look grayed-out if the user needs to sign in. Clicking on the stub will produce a login challenge that will re-authenticate File Stream. If the stub is blue then the user is currently logged-in.

The user’s credential is cached in the form of an oAuth token and is active for a period of time or until the token is revoked. Then the user would have to sign back in again. If the user rotates their G-Suite password, they would need to sign-in again to create a new oAuth token.

While logged in, the computer user has access to the Google Drive of the signed-in G-Suite user.

Hopefully they’re the same person! The person using the computer is using their account with File Stream and that login information is stored behind the Windows or Mac user account.

If not, the user will notice that the File Stream stub has an option to “switch user” or “disconnect” to reconnect File Stream under another user account.

File Stream cannot connect to multiple user accounts or Google Drives at one time.

Okay you’ve likely seen both of these products. So what’s the diff?

Google Drive can be used by both non-commercial (free Gmail) and commercial (G-Suite) users. And in Google’s mind, these two types of users require different things out of a cloud storage solution.

Understanding Google’s assumptions about these two classes of users helps explain why there’s a schism in the product-line and not just one huge universal application for Mac’s and PC’s called Google Drive.

Non-Commercial Users - Google Drive Backup and Sync

Now, Google presumes that non-commercial users just need a convenient way to back-up files on their computer and that’s what Google Drive Backup and Sync does.

When a file is added to the user’s desktop (or any folder of their choice), the user’s data is instantly backed-up to the user’s Google Drive. When a file is changed on the computer, it’s sync’d with Drive; if a file is changed in the cloud, then it’s sync’d with the computer. Those files then follow the same rules as any other file found in the user’s Google Drive.

So this is a common backup and sync process. It offers some degree of convenience in that users can access their critical files anywhere through Google’s ecosystem - even through the Google Drive App, for example.

However, Backup and Sync’s main purpose is disaster recovery. If the PC gets lost, stolen, or destroyed, all the user would need do is install Google Drive Backup and Sync again and their critical files would be restored to their new machine. Easy peasy.

Still, we can’t ignore Google’s business model when examining this product. Backup and Sync is an up-sell opportunity for Google. The more data a user is backing up through Backup and Sync, the more cloud storage they’ll need, the more storage they have to buy, and the more storage that’s populated with juicy consumer data, the more it can use that data for marketing (remember: non-commercial users are offered a free application for a reason). Like many things on the Internet, Google is offering a utility that extends value and convenience to their users at the price of their privacy.

Commercial Users - Google Drive File Stream

Google Drive File Stream works a bit differently.

It creates a virtual disk drive that redirects to the user’s Google Drive. In this case, the file isn’t actually stored on the user’s computer or sync’d when there’s changes. File Stream just presents files in a way so that they can be streamed to the user on demand from the cloud.

This makes a lot of sense in corporate environments.

For starters, corporations tend to have many more files than what a typical PC could store on its own disk drive. Backup and Sync is impractical for this purpose since its function is to synchronize files between the PC and the Google Drive; so much corporate data would quickly fill up the hard drive of a PC especially in the age of SSD’s (Solid State Drives).

Secondly, corporations have a security concern. They don’t want to leave files on uncontrolled endpoints (like PC’s) where they could be read or copied. Corporations want to rotate a user’s password and deny access; File Stream allows for that.

Thirdly, Goggle presumes that the non-commercial user doesn’t need to share their files to others in real time, unlike the corporate world where two or more people may be trying to access the same file at once. There needs to be a means of managing file contention for binary files like Word, Excel, PowerPoint or PDF files, and that’s only provided by Google Drive File Stream.

Finally, corporate users have centralized file shares that they want to make available to their team. File Stream gives the user access to the G-Suite domain’s Shared Folders.

When to Use Both

Practically, the G-Suite user could use both applications - Backup and Sync to protect the data on their local hard drive and File Stream to access their Google Drive and their company’s Shared Folders. G-Suite users are covered under a different End User License Agreement that retains the confidentiality and privacy of their data, unlike non-commercial users.

That’s not a bad strategy for the G-Suite user, particularly if the user doesn’t have any other form of file backup on their computer and if the user wants to centralize their cloud activities to Google and leverage that storage investment.