Apple's .Mac comes close to offering professionals secure shared data and remote desktop access without the hassle of VPN. Microsoft Live Mesh hopes to take it all the way.

Old-schoolers will tell you that there are only two places your important data should live: on your meticulously secured network behind a paranoid firewall, or at Iron Mountain. One must heed the old schoolers, for they shall keep the bitemarks off your backside, but their advice must be tempered with modern reality. Having data live exclusively within your domain presents thorny operational problems when two or more people need to get at it. If you want to selectively share files with temporary staff, business partners, external software testers, or employees who are on the road, you've got to find a way to publish it with a combination of easy access and tight security.

If you've shared business data that can't easily be placed in a shared Exchange folder by putting it in a password protected zip file and stuffing it in your Yahoo! Briefcase or its like, you'd hardly be the first. Nor would you be the first to stay on the phone with that remote user until they verified receipt of the file so that you could delete it immediately. You're wise to assume that data hosted on free, public, consumer online services will prove inaccessible, will transfer to its broadband-endowed recipients at modem speed, or fall into the wrong hands.

While it makes IT break out in hives, professional users also need remote access to their desktops. Whether it's to run applications that are locked to that machine by license, or to make a quick Saturday check on a time-consuming task, or to pull out files that are wisely (or unintentionally) not publicly shared, there are some things that can only be accomplished at the desks at which professionals spend so little of their time. It is a truly dicey matter when an employee works at home. When they're traveling, or, ironically, in the office for meetings or such, they routinely turn their desktops into servers that stand naked on residential DSL and cable modem networks, neighborhoods that make Detroit look like Utopia by comparison.

If you think you can impose security requirements on these users, you're dreaming. Users will always take the path of most convenience, and where users' remote access is concerned, IT can't possibly craft a more convenient solution than the forwarding of file sharing and VNC ports through their home or branch office routers.

VPN is the prevailing standard for safety, but that's effective only for services that live behind your firewall. It's wholly impractical, and sometimes difficult and unwise, for off-site users, contractors, and branch offices to VPN into your corporate LAN to share data. And if you have charted a course by which workers at hotels can use your corporate VPN to connect to desktops in their home offices, you've got too much time on your hands.

Apple's US$99/year .Mac service has the makings of an interesting solution to the desktops-as-servers conundrum. It sets up a virtual volume, called an iDisk, that appears as a desktop icon on Windows and Mac clients. The iDisk client that's launched when you click on the desktop icon is a convenience. iDisk uses WebDAV, a secure and mature, if sluggish, standard for access to remote file hierarchies. It's a capital notion, because any changes to files are immediately visible to all users subscribed to a given iDisk, and the iDisk client lets users use Windows' Explorer or OS X's Finder to move files around, as though the iDisk were a local disk. iDisk also automatically synchronizes remote files to a local folder, so that when you open your iDisk while you're offline, you can still access your files. When you're back on the Net, changes you've made are shipped to your remote iDisk and visible to other authorized users.

iDisk is clever and simple, but it shows both its age and its consumer-targeted nature. As I said, it's slow, owing to SSL encryption and HTTP's unsuitability to chatty protocols. Although changes to an iDisk are visible to all online users, there is no notification scheme to alert users that a shared volume's contents have changed and nothing like file versioning to prevent changes submitted by multiple users from overwriting each other. .Mac's 10GB storage pool, which is expandable for a fee, is roomy enough, but Apple subjects all users to limits that have been imposed to guard against the whims of adolescents. There is a monthly transfer limit of 100GB, but if you use 50GB of that in the first two weeks of a month, Apple shuts down your account. My suggestion to Apple is that transfers among .Mac users should be unlimited. It would help distinguish .Mac's US$99/year service from Gmail and flaky free personal file hosting services, and it would make it worthwhile for companies to buy .Mac accounts for their users.