File Fabric integration with external Vault Key Server by HashiCorp (Part 2)

Welcome to Part 2 of our File Fabric integration with Vault by HashiCorp blog.  In part 1, we discussed the benefits of integrating your Storage Made Easy appliance with your Vault instance as well as a walk through of setting up the integration between vault and File Fabric.  In this follow-up blog we will look at some use cases and also demonstrate how to setup your Vault instance ready for integration with your Enterprise File Fabric.

(more…)

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

File Fabric integration with external Vault Key Server by HashiCorp (Part 1)

The primary purpose of the File Fabric encryption feature is to protect  a users/companies files on local and remote storage resources, such as Object Storage, Dropbox, Google Drive etc, and to achieve this in an easy and seamless manner.

When files are encrypted in by the File Fabric, users cannot access or share them directly from the storage service. The files need to be accessed through the File Fabric web or app clients because the key to decrypt the data is stored, encrypted, on the File Fabric server instance.

(more…)

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Creating a Secure Encrypted Data Room Utilising Amazon S3 in 10 minutes

The Storage Made Easy solution can be used for many functional use cases. One of these use cases which we will discuss in this blog post is that of a secure encrypted data room.

(more…)

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to encrypt, secure and access sensitive cloud storage data

**Updated 1st July 2016*

The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies’ talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.

One of the features that Storage Made Easy provides is an encryption feature that can encrypt data uploaded to remote (and local) Cloud Storage. SME supports 50+ cloud storage vendors, which means companies are able to take advantage of private key encryption for some, or all data, across cloud storage providers.

For individual users of our cloud SaaS services SME  uses a key entered by a user to encrypt data, but  the key is not stored on the SME hosted service. If the key is lost, or forgotten, then when trying to subsequently access the file the user will not be able to gain access to the file as the correct key phrase will not be known.

For companies that use the SME SaaS hosted service team Admins specify a key that uses a similar mechanism but is applied to all users. Unlike the personal encryption the key phrase is either stored encrypted by the SME service, or it can be stored with a self hosted Vault instance.

For enterprise users who self-host the SME service then the key is can be stored on the service behind the corporate firewall or again it could use the open source Vault software on a key server.

Encryption file SME

SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. A random initialisation vector is generated when the user supplies an encryption key. The cipher Rijndael consists of:

– an initial Round Key addition
– Nr-1Rounds
– a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.

Data_SecurityOnce files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Web, Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.

Encrypted file phone

 

If the file is accessed direct from the underlying storage then it will not be able to be used as it will be encrypted and without being opened via the SME service, either hosted or on-premises, it will not be able to be un-encrypted. This makes sensitive data stored on remote servers ultra-secure.

The SME also on-premises Cloud Control service resides behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services for additional security.

SME Encryption

The Storage Made Easy Cloud Encryption service is available to all SME users inclusive of free, Personal Cloud, Business Cloud and Enterprise Cloud

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather