Installing a Private Enterprise File Share and Sync Appliance on Windows Azure Compute Services


This blog post is a technical post outlining the steps needed to deploy the Storage Made Easy Cloud Control Gateway and Enterprise File Share and Sync solution on the Azure IaaS compute infrastructure.

Storage Made Easy provides a private enterprise file share and sync solution that can not only be used with Azure Blob Storage Data but which can also be used as a cloud security point to secure other storage points or sync and share solutions, such as Office365 and SharePoint. We call this Cloud Control and you can read more about it here.

Azure is a good choice for companies looking to utilize Public Cloud as it has very strong security and compliance framework:

– ISO 27001/27002
– SOC 1/SSAE 16/ISAE 3402 and SOC 2
– Cloud Security Alliance CCM
– FBI CJIS (Azure Government)
– PCI DSS Level 1
– United Kingdom G-Cloud
– Australian Government IRAP
– Singapore MTCS Standard
– EU Model Clauses
– Food and Drug Administration 21 CFR Part 11
– FIPS 140-2

What you will need

You will need to provide Azure resources which we’ll refer to with the following names:

SME Azure

Note: The storage account must be unique in the Azure region.

Note: In most script commands, you can use upper case letters and they will be converted to lower case. However, URLs may not be converted and all objects in Azure are in lower case – so use lower case in URLs.

Tools to Work with Azure

  • You will need Windows Azure PowerShell, described in:

    Follow the link titled “Microsoft Web Platform Installer”.
    Note: We use PowerShell because currently it is the only way to get a ReservedIP (which is an IP address which doesn’t change on every reboot).

  • To use PowerShell, you need a Microsoft desktop. [We have found it easiest to do this via an Windows 2012 Server VM in Azure, because it automatically validates your login with the Azure Active Directory].
  • To start PowerShell, run “Microsoft Azure PowerShell”.

As well as logging in to Active Directory, you need to set up your Azure subscription to do anything with Azure. Do this as follows:


This starts a web page for you to sign into your Azure account. Once that is done, you can download your “publishsettings” file, e.g. to the file “Downloads\…publishsettings”.

         Import-AzurePublishSettingsFile  Downloads\...publishsettings

This loads the “…publishsettings” file into your PowerShell session.
Note: If you don’t do this, most commands given below will fail.

The “publishsettings” commands only need to be done once if you have a single command. If you want to check use:


Azure Authentication

The Azure tools require you to be authenticated with Azure’s ActiveDirectory.

[Again, One way of quickly doing this if you are not using a windows machine is to start up a Windows Server 2012 VM in Azure and run the Azure tools from there. When you use Remote Desktop, the password you enter to connect to the Windows machine also authenticates you in Azure.]

Import The Appliance Virtual Disk (VHD)

The SME appliance is provided as a blob in the SME Azure storage blob area. You must copy it to your own Azure storage account.

We call the storage account you will use “mystorageaccount” for the purpose of these instructions, but be warned: the name must be unique across all of Azure, and “mystorageaccount” is already taken, so you will have to choose a new account name and remember to substitue it in the instructions.

So, in the Azure Web Pages, create your storage account (referred to as ‘mystorageaccount’).

Then create a storage container in the storage account (referred to as ‘mycontainer’).
In the mystorageaccount page in the Azure Web pages, copy the “StorageAccountKey” by clicking onthe RHS of the mystorageaccount line, then on and then copy the primary access key. This becomes the value of the “StorageAccountKey” parameter below (replace “Fun4oP1q…” with key you copied).

Execute these two PowerShell commands to copy the VHD blob to your account, to create the “SME261_20150216.vhd” virtual hard disk as a blob in your account.:

   $destContext = New-AzureStorageContext `
           –StorageAccountName "mystorageaccount" `
           -StorageAccountKey  "Fun4oP1q....=="
   $blob = Start-AzureStorageBlobCopy `

-SrcUri "" ` -DestContainer "mystoragecontainer" `
-DestBlob "SME261_20150216.vhd" `
-DestContext $destContext

As well as the “StorageAccount key”, you must change the “StorageAccountName” parameter in the first command and “DestContainer” in the second command.

The commands are split over multiple lines: the backtick (`) is the escape character: when used at the end of a line, the command interpreter joins the lines. If there is any whitespace after the backtick, it won’t work: it must immediately precede the new-line character.

The backtick, if misplaced, can lead to strange errors. As a result, what we do now is to copy these multi-line commands and then join the lines into one, eliminating the (`) characters.

Increase the size of the VM (if needed)

The size of the virtual machine as shipped is 20GB.

If you need more space, either immediately or when the machine gets larger, you can increase the VM size, up to the maximum allowed by Azure (currently 127GB), as follows:

  1. Shut down the VM if it is running.
  2. Export the VM Image to a file – this is a fixed-size VHD.
  3. Resize the VHD file, using either Hyper-V, or PowerShell ‘s“Resize-VHD” command (see Musumeci’s comment in this blog: us/documentation/articles/virtual-machines-create-upload-vhd-windows-server/).
  4. Copy the new VHD (“newVHD”) to Azure storage and attach it to the existing VM (“OldVM”) following how-to-attach-disk/#attachexisting.
    Note: Do not use the instructions in the article for initializing newVHD – this will erase the copy of the existing data, which we need later!
  5. Do steps 5-9 of to increase the newVHD filesystem seen by Centos.
  6. Import newVHD as a blob into Azure, create a VM image from it and create the VM from it. Choose the size of instance to run the VM that is appropriate to the newVHD size (e.g. >=A3 for >60GB VHD).

Create A VM Image:

You now need to create a ‘VM Image’, here called “myVMImage”.

The VM Image ties together the VHD and various configuration parameters that will guide the instantiatation of the VM. Only one VM Image can link to a VHD.

The PowerShell command is:

Add-AzureVMImage –OS Linux -ImageName myVMImage -MediaLocation ` "" ` -RecommendedVMSize Medium

Change the ImageName parameter if you want.

Acquire a Reserved IP Address

We recommend that you acquire a Reserved IP address.

Getting a Reserved IP address takes a bit more setup than just getting a standard IP address (‘VIP’ in Azure), but the big benefit is that the IP address remains with your account as long as you want it, whereas the VIP changes whenever you shut down and restart the VM. So, with a Reserved IP Address, you only need to set up your DNS records once.

This link describes the details: Type in the following command – changing the location to suit you, and the “ReservedIPName” parameter if you want:

    $ip = New-AzureReservedIP –ReservedIPName "SmeReservedIP" –Location "West Europe"

We use “West Europe” in the examples below. If your Azure account is in another location, change all Location paramters in the remaining instructions. You can get a list of the locations with:


You can use a physical IP address to access the SME VM. To see the physical IP address, you’ll have to do this:

    Get-AzureReservedIP "SmeReservedIP"

Create a Service:

These instructions create a “standalone” VM – there is just one VM in the “service”. (More complex setups have multiple VMs or web servers.)

We will use the service when we create the VM later. Creating it is very simple:

    New-AzureService "smeApp" –Location "West Europe"

The “Location” parameter must be the same as the location of the reserved IP. We use “smeApp” for as the name of the service: as we will see, the service name becomes the name of the VM. It is more useful to use the Appliance as the name, so we use smeApp here.

Create, Start and Stop the VM

Now we use the Service and ReservedIP in creating the IP address. This action implicitly binds the ReservedIP to the service; if you use another service and want a reserved IP, you will need to create another one.

   $vmConfig = New-AzureVMConfig -Name "SmeAppVmConfig" -InstanceSize Medium `
                -ImageName "smeapp-2.6.1-20150216" -HostCaching ReadWrite`
    $vm = $vmConfig | New-AzureVM -ServiceName "smeApp" `
                –ReservedIPName "SmeReservedIP"
    Stop-AzureVM -ServiceName "smeApp" –Name smeApp

The reason we have to stop the VM is for the next step, where we remove the automatically allocated endpoint and create the ones we expect.

Update Endpoints and VM, start VM

Now we adjust the PowerShell object “$vm” created above and then save its changes to Azure.

The SSH endpoint is attached to a public port other than 80, so we need to adjust that, and then add the HTTP endpoints. The “Get-AzureEndpoint” just dumps the status of the VM’s endpoints.

$vm | Remove-AzureEndpoint SSH
$vm | Add-AzureEndpoint -Name "SSH" -Protocol "tcp" -PublicPort 22 -LocalPort 22
$vm | Add-AzureEndpoint -Name "HTTP" -Protocol "tcp" -PublicPort 80 -LocalPort 80
$vm | Add-AzureEndpoint -Name "HTTPS" -Protocol "tcp" -PublicPort 443 -LocalPort 443
$vm | Get-AzureEndpoint -Name "HTTP2" -Protocol "tcp" -PublicPort 8080 -LocalPort 8080
$vm | Update-AzureVM

“$vm” is an object in PowerShell. Some commands require the definition of a parent “object”:

For example, the $vm is the parent of the “AzureEndPoint”. Piping the $vm object into these commands is easier than specifying the name in the ‘Add-AzureEndpoint’, ‘Get-AzureEndpoint’ and ‘Update-AzureVM’ commands.

And finally, we can start the VM:

Start-AzureVM -ServiceName smeApp –Name smeApp

Configuring the SME Server:

Now follow the setup instructions at:

These notes give you additional guidance on setting up the DNS etc. for Azure if you are not an experienced Linux networking engineer.

SME Server Hostnames Settings

SME Server Hostnames

The SME appliance has a built in protocol gateway that can serve different content using this protocols, even if the underlying storage does not support these protocols natively.

  • -  The ‘domain name’
  • -  S3
  • -  WebDAV
  • -  FTPS

For some Microsoft applications to work properly, the WebDAV URL must be “webdav” followed by the basic domain – and that is without an intervening “.”, so not “”.

You need to enter the “Domain Name” for all deployments. Enter WebDAV and S3 if you plan to use them (and you can redo this section later if you want to start using WebDAV or S3).

SME Server Network Settings

If you use a standalone VM in Azure as recommended, you do not need to set anything here:

SME Server Network Settings

SSL Certificate Settings

If you will be using the SME appliance for testing, then you can realistically use a self-signed certificate, as outlined in the installation guide. If you will be providing a public service to users who may want to be reassured of your server’s identity, then you should buy a certificate from a Certificate Authority (CA).

SME SSL Certificates

If you do use a self-signed certificate, this is considered a “weak” certificate. This means that the first time users access the SME appliance they will probably have to create an exception to allow the browser to proceed to the site, but subsequent accesses will proceed without any questions.

The examples above show how to construct the domain names so they can be covered by a single wildcard certificate, with a Common Name (CN) of “*”. This would not work if, for example, you had the S3 domain as “”.

The first box in the page shown above is the certificate: open the “.crt” file in a text editor, copy everything including the header (“—–BEGIN CERTIFICATE—–“) and trailer lines and paste into the box. For the second box, the private key, do the same thing but using the “.key” file.

For a self-signed certificate, you leave the last box – the CA Chain – blank.

Make sure to go back to the ‘Overview’ page to check that the Hostname and Certificate information show up propertly there. Then hit “Apply” and reboot the server.

Once you have installed the certificate, you will have to set up A records to point to the three domains. To test out the installation of the certificate before setting up the A records, you can point your desktop machine to the server by adding a line to /etc/hosts on Linux or on Windows “C:\WINDOWS\system32\drivers\etc\hosts”. Add a line like this to the end of the hosts file:

(On Windows, you will probably have to alter the file’s properties via: Properties/Security/Edit Button/Your UserId then ‘Allow’ permissions – modify,read,write).

Enterprise WebDAV:

Some organisations use virtual drives in Microsoft Operating Systems for day-to-day work. Although SME provides an installable network drive, Cloud folders can also be mounted as virtual drives using a common script, using this syntax:

net use x: "https://<<WebDavURL>>/<<providerFolder>>" <<password>> /USER:<<account>>

The user and password are the StorageMadeEasy credentials for the user. For example:

net use x: " Drive" secret /USER:CORP_ACCOUNT

Using WebDav in this scenario can also be done in a Kerberized manner, end-to-end.


We have stepped through a complete end-to-end guide of how to install the Storage Made Easy combined Cloud Control Gateway and Enterprise File Share and Sync solution onto the Azure Compute Services Fabric. If you wish access to the SME blob file to try this yourself then please contact us.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Announcing secure file sharing for Gmail Chrome users for public and private storage clouds

For those who use the Enterprise File Share and Sync service from Storage Made Easy they will know that as part of the Windows and Mac desktop tools that are provided that there is a n email toolbar integration into Mac Mail and Microsoft Outlook that enables users to securely share file links rather than file attachments.

Mac Sharefile plugin
Mac Email Screenshot

Windows Sharefile
Windows Email Screenshot

This support for secure email link sharing has now been extended for Chrome users using Gmail using the Storage Made Easy Gmail Plugin available from the Chrome web store.

Once added this provides a new toolbar entry when composing Gmail’s on Chrome:

Gmail Sharefile

Once selected this prompts the user to log into their SME Account, if SaaS, or the user can set their custom endpoint if using the SME On-Site Enterprise File Share and Sync solution:

Gmail Secure Links

Once logged in the user is presented with their mapped clouds:

Secure Gmail


From here files can be shared as links can be shared from any of the mapped cloud directories:

Sharing Files links on Gmail

If a cloud governance file policy has been set by the Cloud Administrator for the team account then  the details here will be pre-populated otherwise options can be chosen prior to link generation. After this when share is clicked, the link is added to the email:

Gmail shared files

When the link is shared, if Auditing is turned on within the SME Account, then the link generation will be recorded in the Audit log and once the remote user opens the link the remote IP address will also be recorded.

Audited file shared links


The SME Chrome extension works with any free/personal, team, or on-premise account and works with over 45 public/private cloud storage providers.

**Note: only team and on-premise accounts provide the Audit features
facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Storage Made Easy Improves Its Unified Web Cloud File Manager

Today we have upgraded the Storage Made Easy Web Cloud File Manager.

The Storage Made Easy Web File Manager is different to a lot of file managers that you see today as it is hierarchical in nature and resembles a true file tree (akin to windows explorer). It’s hierarchical nature enables it to easily work with and manoeuvre around large data sets.

Over the years we have had a lot of feedback from companies and users about how they would like to see the File Manager work and what features they would like and we’ve used this feedback to make improvements, which are outlined below:

Large Layout in inline Mode

The File Manager layout is now larger in inline mode taking more advantage of the screen space.

SME Cloud FIle Manager


The File Manager has been optimised for iPad / Tablet

A number of optimizations where done for working with the desktop Cloud File Manager on a tablet. The first is that it opens in full screen mode when being used on such devices. The second is that there are optimizations that make it easier to use such as being easily to widen / constrict the view on each pane. Also interactions have been optimized to work with touch events. The selection of files has also been made easier with checkbox selection options (these selection options are also available when using the FM from a PC).

Cloud File Manager iPad


Easier File Selection

A lot of feedback has been made to us about making file selection easier. To that end we have made it easier to select files by using a checkbox paradigm. Check boxes appear so that a file can be selected when the mouse is placed at the left hand side of a file.

Select Cloud Files


Image Previews

Image thumbnails can now be previewed as the File Manager is browsed.

Image Previews


Help Inline

The File Manager now contains help guides showing how to action the most common functions such as copy/paste:

Cloud How To Guide



Default PDF Viewer is now native

The default PDF viewer is now a native viewer rather than Google Viewer (although Google Viewer can still be used and be setup to be the default). This means the viewer sandboxes any data viewed in this way just to the SME service.

Cloud PDF Viewer


New Themes / Custom Themes

There are two new large themes for the File Manager a blue theme and a normal theme. The existing themes have been rename to “tiny”. Also now, for Appliance users, custom themes can be created. This will be available in the next Appliance version.

File Manager themes


The File timestamp to be used can now be selected

As SME is an abstraction between the remote cloud it works with more than one timestamp. Firstly it has its own concept of time, based on UTC, as to when a timestamp was modified through the SME service. Next it handles what the timestamp shows on the remote cloud service, and lastly it can show the local file time of a file uploaded to a remote service via SME (this may be different to the remote cloud time as some cloud services ignore the local file time and simply timestamp the file at the time it was uploaded to their service). Although all three are handled the user can now set which they want shown by default.

Cloud Timestamp


Edit on Hover

When hovering on a file, certain options are displayed for easy access. This has been enhanced so that files that can be edited, such as documents, text files etc can be edited by clicking the edit icon on hover.

Edit on Hover


Comments view is now collaborative / real time

When working in full file / comments view, if another user is also reviewing the same file and making comments then the comments will appear in real-time like an instant message

Cloud Collaboration

Search inline

The File Manager now features an inline folder search (rather than having to move out to the tabbed search). This is a quick search mechanism to search for files in folders and sub folders.

Cloud Search

 Favourites and Quick Upload placed at top of file tree

Favourites and Quick uploads have been placed at the top of the file tree for easy access. These can also be configured to be hidden.

Cloud Favourites


New way to copy / move files

Copy and Move can still be done by selecting files and drag and drop but now there are buttons and a wizard to make copy and moving files between folders or cloud services even easier.

Cloud Copy Move

There are also other numerous small changes and bug fixes but this post highlights the main functional changes.


facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Sharing Folders Securely from a Cloud File Server for almost any Cloud Storage.

We have introduced a new feature into the Storage Made Easy platform which enables cloud users to share external folders to other users who will not need a SME Account to gain access to those folders. The feature enables the creation of a secure shared link that is password protected and can be time expired.

The video below shows the feature in action.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Document Management is more than just managing documents – it is also securing them

Enterprise file share and sync

Document control and management is of vital importance to any organization. If sensitive information is sent outside of your company, once the documents have been sent electronically, control is lost and this can put files you shared at risk. They can be copied or forwarded anywhere in the world, in seconds.

For most businesses, the focus of their attention is on document management and on the organizational workflow and the storage of documents. Companies want to be able to integrate documents into a workflow and store documents in an organized and secure way that still allows documents to be found easily . Where the document is stored can frequently change. It could be SharePoint, it could be FTP, it could be on some external repository etc. Where the security process can fall down is when documents are shared externally or how they are available to be collaborated on.

The proliferation of employees bringing there own devices to work (BYOD and BYOC) and using preferred SaaS applications of their own choosing has led to corporate governance becoming even more of a challenge for those tasked with its enforcement as an increasing number of end users bypass corporate protocol.

Such ‘Shadow IT‘ can pose a significant security risk, as unapproved hardware and software that are used do not undergo the necessary security checks and the storage and dissemination of such documents is outside of corporate control.

solving shadow it problem

Storage Made Easy provides a unified Enterprise File Share and Sync solution, which works with a companies existing private and public data, presenting these files in a unified view.. It enables enterprises to not only securely sync, but also to securely share and work with files, wherever they need to go, even on devices that are beyond IT’s control.

IT benefits from a solution that gives them control, and users benefit as they have automatic access to documents and files from multiple data repositories, with robust security wherever behind the corporate firewall, or using any tablet, smartphone or PC.

Storage Made Easy uniquely provides:

• The ability to view, annotate, edit and sync almost any cloud or private file from almost any storage to any device.

• Internal and external collaboration features to work securely with anyone without losing control of enterprise data.

• Complete audit tracking to ascertain who accessed files, where form, and what action was taken.

• Provides a secure way for the organizations to collaborate with external partners using business workspaces.

• GEO Restrictions – restrict access to documents by IP address and by client. For example let an external sub office only have access to a folder from a specific IP address from the web browser (or any other client you nominate).

• Full Bring Your Own Device Support to restrict access to by employees by device type.

• Sophisticated permissions that unify permissions to different back end document storage and which can also be used with Active Directory or LDAP

• A way to solve the “DropBox” “bring your own cloud” problem be auditing such clouds even when documents are uploaded direct.

• A way to encrypt files stored on remote clouds which a key that is stored behind the corporate firewall this protecting remote sensitive data.

Secure document file sharing

In summary you do not have to choose between a homogenous and restrictive system or a lawless fenzy of different unapproved systems. The Storage Made Easy Enterprise file share and sync solution is storage agnostic. It is compatible with most private or public file sharing cloud data stores allowing users to continue using their preferred cloud storage provider while at the same time converging off-site and on–site private and public data. This allows a centralized point for corporate governance, thus providing a real solution to the Shadow IT and corporate governance problem.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Storage Made Easy New feature: Access S3, DropBox, Google Drive and other Clouds from SFTP

Cloud Storage SFTP

Storage Made Easy have now made live a new SFTP protocol adaptor. SFTP is one of the two primary technologies for secure FTP networking, the other being FTPS, which Storage Made Easy already supports (along with FTP, WebDav, Secure WebDav and S3).

The primary reason we investigated implementing SFTP is due to a government POC in which access was required to secure AWSGov Cloud files from medical terminals. This was the primary requirement, but because Storage Made Easy works with almost any back-end Cloud. once added, it can be used as protocol gateway for any cloud mapped to an account, note that the Port is 2200

Below is an example of using the SFTP protocol to access a Storage Made Easy account using Transmit (a Mac App).

SFTP Dropbox

Once connected, all data and mapped clouds are accessible.

SFTP RackSpace Cloud Files

Access can also be done directly from the command line.

Mac sftp google drive

Once connected we can do an ls to get a file listing.


Once connected the view of the files is similar to our earlier UI view.


To find out more about the SME protocol gateway feature that is part of the SME solution please check out the below video.

SFTP Cloud files Access is available for Storage Made Easy IaaS or on-site users.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

New Feature Added: Real Time Document Collaboration

Real Time Document Editing

We have added a new feature to the Storage Made Easy platform, real time document collaboration. This is available for team account or Enterprise File Share and Sync on-premise users. It enables real time document editing between team members when inline editing using the web document editor. It enables multiple users to open a document at the same time, and enables with everyone to contribute and/or review the document in real time.

This editing facility is available for any document in any cloud that is mapped to work with SME, be it public or private storage (for EFSS on-site users).

The below video shows the feature in action.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Accessing OpenStack, RackSpace, Google Drive, OneDrive, DropBox + more using Storage Made Easy and Transmit for Mac

If you have come across this post whilst researching how to access other storage clouds from Transmit then have a look at our Getting Started Guide to show you how you can register for a free account and get on with mapping your chosen Storage Cloud to the SME Cloud Gateway. When you are ready you can register for a free account here.

As many of you who use it know, CloudDav, from SME adds a WebDav layer over any Cloud, even if the underlying clouds do not support WebDav. SME does no however allow the native Mac WebDav client to connect direct because the performance of the native Mac WebDav client is notoriously abysmal for those with large amounts of files.

You can however choose to use other Mac clients to connect to the Cloud Providers that you have mapped to the SME Gateway. We highlighted Forklift as such a client in a prior post, and you can also choose to use Transmit from Panic.

Once you have CloudDav enabled you can choose to access your clouds, mapped via the SME Gateway, through Transmit. First choose to connect over WebDav as in the screenshot below:

Transmit DropBox

You can then choose to connect directly inside of Transmit or as a Virtual Drive that will appear in Finder.

Transmit  also has a very nice sync feature that will sync between folder structures. In this way you can sync files with Transmit and SME from different Cloud Storage Providers to your desktop.

Initial view before Sync

The Sync screen after choosing Sync

The Sync Simulation

SME CloudDav is available with every account, even free accounts, although on free accounts it is restricted to 150MB of use per month. The CloudDav protocol Adaptor is just one of the protocol adaptors that SME provides, the others being FTP, SFTP and a compatible S3 API. All protocol adaptors are available in the Storage Made Easy Enterprise edition as part of the Cloud Gateway which the SME Enterprise File Share and Sync is built upon.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions


Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to encrypt, secure and access sensitive cloud storage data

The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.

Amongst many other, one of the services that the Storage Made Easy Cloud service provides is an encryption service that can encrypt data uploaded to remote Cloud Storage. As SME supports around 45 cloud storage vendors this means that all of these are able to take advantage of private key encryption for some or all data. This private key is not stored by Storage Made Easy. If you lose it, or forget it, you cannot get access to your data.

SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:

– an initial Round Key addition
– Nr-1Rounds
– a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.

Once files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.

Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. For example the popular freeware file manager Total Commander has a free plugin to handle such decryption.

Standalone desktop decryption tools are also provided by Storage Made EAsy in the event encrypted files are downloaded direct from remote clouds rather than via the SME service. These tools enable the desktop decryption of files using the private key that was set on upload. These Apps are available for Mac, Windows and Linux Operating Systems from the SME Cloud Tools page.

What we have outlined so far is with regards to the Storage Made Easy SaaS hosted service but SME also provides this service as an on-premise Cloud Control service that can reside behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services.

The Storage Made Easy Cloud Encryption service is available to all SME users inclusive of free, Personal Cloud, Business Cloud and Enterprise Cloud

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather