Cloud Computing Use Case: Working with Amazon S3 data from a terminal over SFTP

We quite often assume that when working with Cloud data it will be from the web or from mobile “on the go” devices. To be fair this can often be the majority of cases, but the Enterprise throws up all sorts of different use cases and I thought it would be useful to go over one of the more esoteric ones.

One of the customers that use the Storage Made Easy on-premise Enterprise File Share and Sync Cloud Control product is a medical company. They use the SME product as a hybrid on-premise cloud product that is able to offer storage locally and on Amazon S3. Both sets of storage use the Amazon S3 API. The SME Appliance is able to make local storage accessible over an S3 compatible API and then off-board this storage to Amazon S3 as required. This meant that the companies scripts and applications could easily work locally and with Amazon S3 with very minimal configuration changes.

Hybrid Cloud S3 API

Their field staff quite often find themselves in a situation where, when working remotely, their only means of access is using a terminal ie. there is no direct web access and mobile devices are blocked and cannot be turned on.  In the past this meant that the consultant used to carry around CD’s / DVD’s in which information that may be required is burned off.

The consultants did however have direct  access to terminals which were internet enabled.   As the SME EFSS product also include a protocol gateway this mean it was possible to get direct terminal access to remote files using SFTP.

Cloud Storage SFTP

 

As the SME EFSS Gateway product integrated with the companies Active Directory services then terminal access was still using Single Sign On and the Active Directory credentials for each user access

User access can be obtained directly from the command line as per the example below..

Mac sftp google drive

Once authenticated the user can do a simple “ls” to get a file listing.

Mac SFTP

Once connected the view of the folder/files is available and can be worked with via the command line.

Mac SFTP S3

All access to the files are also logged and audited, including the username, the IP address and the types of interactions occurring, all part of a the HIPPA compliant process the customer implements. These reports can be exported and made available in excel to any compliance officer.

Summary:

Secure access to files and data can take many forms and in the Enterprise the edge cases also need to be catered for as well as the more common access use cases.

 

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Using Midnight Commander to work with Amazon S3, OpenStack, DropBox, OneDrive and almost any other Cloud

Midnight Commander is probably the most popular command line file manager in the world, and certainly for Linux distros. Its design was initially inspired by the classic two pane interface that was found in Norton Commander which was a DOS file manager (for those who remember !).

One of the unsung features of the Midnight Commander (also available on other platforms including phones (I used to use this on my old Nokia N900) and windows and mac) is that it can connect to server over FTP.

This is interesting from a Storage Made Easy viewpoint as although SME providers a full suite of Linux tools, SME also provider protocol interoperability as part of its Cloud Gateway features. What is this I hear you ask ? Well, simply put, it enables files you have stored on public or private storage to be accessible over any of the protocols Storage Made Easy exposes ie FTP, FTPS, WebDav, S3, SFTP.

SME Protocol Gateway

Midnight Commander supports the FTP protocol which makes it easy to get direct access to any storage that is added to a SME Account using the SME FTP cloud protocol adaptor. To do this:

Choose the Left or Right option
Choose FTP link
Enter connection to SME as follows:

username:password@storagemadeeasy.com

or if you are using the SME EU Server:

username:password@eu.storagemadeeasy.com

Midnight Commander FTP

The net result is a very easy way to bring the cloud into the linux desktop integrated with tools you already know and use. This can be used with the SME Personal CLoud plan, Business Team, and on-site enterprise editions of the product.

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Document Management is more than just managing documents – it is also securing them

Enterprise file share and sync

Document control and management is of vital importance to any organization. If sensitive information is sent outside of your company, once the documents have been sent electronically, control is lost and this can put files you shared at risk. They can be copied or forwarded anywhere in the world, in seconds.

For most businesses, the focus of their attention is on document management and on the organizational workflow and the storage of documents. Companies want to be able to integrate documents into a workflow and store documents in an organized and secure way that still allows documents to be found easily . Where the document is stored can frequently change. It could be SharePoint, it could be FTP, it could be on some external repository etc. Where the security process can fall down is when documents are shared externally or how they are available to be collaborated on.

The proliferation of employees bringing there own devices to work (BYOD and BYOC) and using preferred SaaS applications of their own choosing has led to corporate governance becoming even more of a challenge for those tasked with its enforcement as an increasing number of end users bypass corporate protocol.

Such ‘Shadow IT‘ can pose a significant security risk, as unapproved hardware and software that are used do not undergo the necessary security checks and the storage and dissemination of such documents is outside of corporate control.

solving shadow it problem

Storage Made Easy provides a unified Enterprise File Share and Sync solution, which works with a companies existing private and public data, presenting these files in a unified view.. It enables enterprises to not only securely sync, but also to securely share and work with files, wherever they need to go, even on devices that are beyond IT’s control.

IT benefits from a solution that gives them control, and users benefit as they have automatic access to documents and files from multiple data repositories, with robust security wherever behind the corporate firewall, or using any tablet, smartphone or PC.

Storage Made Easy uniquely provides:

• The ability to view, annotate, edit and sync almost any cloud or private file from almost any storage to any device.

• Internal and external collaboration features to work securely with anyone without losing control of enterprise data.

• Complete audit tracking to ascertain who accessed files, where form, and what action was taken.

• Provides a secure way for the organizations to collaborate with external partners using business workspaces.

• GEO Restrictions – restrict access to documents by IP address and by client. For example let an external sub office only have access to a folder from a specific IP address from the web browser (or any other client you nominate).

• Full Bring Your Own Device Support to restrict access to by employees by device type.

• Sophisticated permissions that unify permissions to different back end document storage and which can also be used with Active Directory or LDAP

• A way to solve the “DropBox” “bring your own cloud” problem be auditing such clouds even when documents are uploaded direct.

• A way to encrypt files stored on remote clouds which a key that is stored behind the corporate firewall this protecting remote sensitive data.

Secure document file sharing

In summary you do not have to choose between a homogenous and restrictive system or a lawless fenzy of different unapproved systems. The Storage Made Easy Enterprise file share and sync solution is storage agnostic. It is compatible with most private or public file sharing cloud data stores allowing users to continue using their preferred cloud storage provider while at the same time converging off-site and on–site private and public data. This allows a centralized point for corporate governance, thus providing a real solution to the Shadow IT and corporate governance problem.

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Storage Made Easy New feature: Access S3, DropBox, Google Drive and other Clouds from SFTP

Cloud Storage SFTP

Storage Made Easy have now made live a new SFTP protocol adaptor. SFTP is one of the two primary technologies for secure FTP networking, the other being FTPS, which Storage Made Easy already supports (along with FTP, WebDav, Secure WebDav and S3).

The primary reason we investigated implementing SFTP is due to a government POC in which access was required to secure AWSGov Cloud files from medical terminals. This was the primary requirement, but because Storage Made Easy works with almost any back-end Cloud. once added, it can be used as protocol gateway for any cloud mapped to an account, note that the Port is 2200

Below is an example of using the SFTP protocol to access a Storage Made Easy account using Transmit (a Mac App).

SFTP Dropbox

Once connected, all data and mapped clouds are accessible.

SFTP RackSpace Cloud Files

Access can also be done directly from the command line.

Mac sftp google drive

Once connected we can do an ls to get a file listing.

Mac SFTP

Once connected the view of the files is similar to our earlier UI view.

Mac SFTP S3

To find out more about the SME protocol gateway feature that is part of the SME solution please check out the below video.

SFTP Cloud files Access is available for Storage Made Easy IaaS or on-site users.

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

New Feature Added: Real Time Document Collaboration

Real Time Document Editing

We have added a new feature to the Storage Made Easy platform, real time document collaboration. This is available for team account or Enterprise File Share and Sync on-premise users. It enables real time document editing between team members when inline editing using the web document editor. It enables multiple users to open a document at the same time, and enables with everyone to contribute and/or review the document in real time.

This editing facility is available for any document in any cloud that is mapped to work with SME, be it public or private storage (for EFSS on-site users).

The below video shows the feature in action.

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions

Summary

Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Why must all Team Storage Accounts charge monthly ? – Meet the SME Lifetime Option

Storage Made Easy Lifetime Pricing

Most cloud storage plans that offer team pricing do so on a monthly basis using the typical SaaS pricing model where the simple calculation is:



No of Users * Monthly Price

Storage Made Easy also offers this plan but we realised when talking with customer that many companies would prefer to have the option of an alternative of what they term “perpetual” licensing.

This is the “old” software model in which licenses were procured on a one-time pricing “capex” basis and the only recurring costs was a monthly recurring “open” support and maintenance cost.

After numerous requests for such pricing for our online hosted team service we thought why not ? We can surely construct a model that works for companies who want a pricing model where the majority of the costs is up front in capex and the longer you use the service the more money you save.

Support enables access to SME support and Maintenance enables access to future product versions and this payment is mandatory for continued use of the service.

Support and maintenance is 22% of the initial purchase in year 2 and then year 3 and the thereon.

So how do we calculate this ? The algorithm used to calculate this yearly pricing for business team users is simply:

No users * $5 (monthly Price) * 12 (industry average customer churn)

This results in companies who use the service for longer than 12 months effectively using it for free thereafter other than the one time recurring annual 20% payment for support & maintenance.

Now lets look at some practical examples

Company with 15 users:

SaaS Cumulative Spend

12 Months 24 Months 36 months
      $900         $1800          $2700

Initial Payment (15*$5) = $75
Monthly Payment thereafter $75

Lifetime Cumulative Spend

12 Months 24 Months 36 months
      $900         $1098          $1296

Initial Payment (15*$5*12) = $900
Monthly Payment thereafter $0
Yearly Payment thereafter $198

Savings over 3 Year period

1 Year savings = 0
2 Year savings = $702
3 Year Savings = $1404

Savings go up the longer the time period and the more users deployed !

Are there any differences between the accounts ?

There is only one difference.

In the SaaS service each users gets access to 10GB storage per user (hosted on Amazon S3)

In the Lifetime service each user gets access to 5Gb storage per user (hosted on Amazon S3)

In each case the cumulative storage for all users can be used as a ‘pool’ and spread between users as per the Administrator quota policy.

Also each Company can add additional storage or services from any of the 40+ clouds that SME supports.

Features also included for The team service also includes in both lifetime and SaaS pricing options:

    - Encrypt sensitive data stored on remote cloud services with a private key
    - Integration with Active Directory (optional)
    - Full Audit and event history of all files
    - Access via FTP, WebDav or the S3 protocol to any cloud or service added
    - File versioning and locking
    - Folder permissions and ACL
    - Joined up collaboration
    - Secure file sharing

More details on features can be found on the SME features page.

All pricing information is on the SME Pricing page.

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to encrypt, secure and access sensitive cloud storage data

The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.

Amongst many other, one of the services that the Storage Made Easy Cloud service provides is an encryption service that can encrypt data uploaded to remote Cloud Storage. As SME supports around 45 cloud storage vendors this means that all of these are able to take advantage of private key encryption for some or all data. This private key is not stored by Storage Made Easy. If you lose it, or forget it, you cannot get access to your data.

SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:

- an initial Round Key addition
- Nr-1Rounds
- a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.

Once files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.

Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. For example the popular freeware file manager Total Commander has a free plugin to handle such decryption.

Standalone desktop decryption tools are also provided by Storage Made EAsy in the event encrypted files are downloaded direct from remote clouds rather than via the SME service. These tools enable the desktop decryption of files using the private key that was set on upload. These Apps are available for Mac, Windows and Linux Operating Systems from the SME Cloud Tools page.

What we have outlined so far is with regards to the Storage Made Easy SaaS hosted service but SME also provides this service as an on-premise Cloud Control service that can reside behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services.

The Storage Made Easy Cloud Encryption service is available to all SME users inclusive of free, Personal Cloud, Business Cloud and Enterprise Cloud

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Extending Remote Desktop with a Cloud Drive

Many service providers and companies offer Remote Desktop Services to enable companies to access their desktop remotely. Applications are installed for the users where user settings and data are saved to their profile.

We’ve had a few requests from companies and service providers now who wanted users to easily be able to access data on remote clouds (such as Azure, DropBox, Box, FTP, WebDav, Sharepoint Amazon S3 etc) from a remote desktop.

With Storage Made Easy, this is easily done as SME presents a WebDav entry point to all clouds that SME supports whether they support WebDav or not. This means the service provider needs only co-locate the SME software appliance (supplied as an OVF compliant file) in their network and add a simple script to the users startup. The script it:

NET USE * \\webdav.storagemadeeasy.com@SSL\DavWWWRoot
pause

This enables user to get a mapped drive to remote cloud storage as soon as they login to their remote desktop and to browse and access these files like any other data drive and is a simple solution for bringing remote clouds directly into a users remote desktop using a simple metaphor they understand, “a drive”.

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Storage Made Easy made easy provides free WebDav access to Clouds that don’t support WebDav

We are now giving away 150MB of free WebDav access to mapped Clouds to all SME free accounts. This is enough to access around 300 documents on Mobile devices per month and is enough for the average use of WebDav into Clouds such as DropBox, Google Drive, SkyDrive etc.

If you want to access more than just pay a one time $5 fee and get access to 2GB per month of WebDav for the life of your use of our service. If you want unlimited use then just sign up to be a personal cloud or business cloud user.

Also, all free accounts feature 5GB free storage on Amazon S3 and the ability to add up to 3 other Clouds that you wish to access.

PrintFriendly
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather