How to securely web enable access to CIFS / SMB File Shares

One of the predominant use cases that many companies have is to enable file access to SMB file shares that live behind the corporate firewall , or indeed  are hosted on IaaS infrastructures (such as Amazon FSX or Azure Files), without the need for a VPN and without reconfiguring permissions whilst using Active Directory or LDAP for authentication and also ensuring that data is secure and compliance legislation is satisfied.

This has of course become even more of a requisite during the recent Covid-19 pandemic in which there is a pressing need to enabled. such access for remote workers.

Global storage Metamodel

Accessing files over CIFS/SMB network over VPN using a mobile network is possible but access can be patchy, clients apps limited and it is often extremely slow.

The File Fabric enables this using its built in CIFS / SMB connector. This blog post will step through how to web enable SMB file shares.

Continue reading “How to securely web enable access to CIFS / SMB File Shares”

Facebooktwitterredditpinterestlinkedinmailby feather

Storage Made Easy Adds Support for Backblaze B2 Cloud Storage

The Storage Made Easy Enterprise File Fabric™ platform now supports Backblaze B2 Cloud Storage as a first-class storage provider. It’s been one of our most requested storage providers. Many organizations are already using Backblaze for cloud backup and want other data and workflows to take advantage of low cost cloud storage.

This blog walks through setting up a Backblaze B2 provider, highlighting some of the nifty features as well as nuances and recommended settings.

Continue reading “Storage Made Easy Adds Support for Backblaze B2 Cloud Storage”

Facebooktwitterredditpinterestlinkedinmailby feather

Multi-Cloud Shared Team Folder Document Collaboration

One of the key, powerful features of the Enterprise File Fabric is the ability for teams to simply and easy  share and collaborate on files for the projects they are working on together, whatever the underlying local or cloud storage.  This can easily be teams that are located in the same building, within the same continent or even across the planet from one another.  The best part is that while the File Fabric can power this collaboration within an organization, it can also bridge the gap and securely allow teams across companies work on the same documents.

In this post, we’ll take a look at Shared Team Folders, allowing intra-organizational teams to work on the same file sets.  Future posts will look at link and folder sharing, when you need to collaborate inter-organizationally.

Continue reading “Multi-Cloud Shared Team Folder Document Collaboration”

Facebooktwitterredditpinterestlinkedinmailby feather

My Favourite Feature: The File Fabric Client Ecosystem

My name is Erik, I work as Director of Engineering, Storage Made Easy in the US. I want to share my favorite File Fabric feature with you. Some day’s life gets hectic, and it is not just work I am talking about. As you can use all SME features in a personal account, this post will focus on enterprise deployments.

As an IT department, it is hard to respond to every demand. First the users, there is some combination of “access anywhere”, “BYOD”, “VPN free”, “faster”, “bigger”, etc. Then as a manager your requirements are something like this: Continue reading “My Favourite Feature: The File Fabric Client Ecosystem”

Facebooktwitterredditpinterestlinkedinmailby feather

Top 10 things you should demand from your OpenStack Swift File Sync and Share vendor

OpenStack Swift file sharing

OpenStack Swift is more than an enabler to store large amounts of unstructured data. The massive scalability, geographic dispersion, and REST API Access are a way to achieve some compelling use cases, of which the most popular is undoubtedly file sharing.

In the past Enterprise File Share and Sync has been more traditionally associated with file-based storage platforms but as such storage platforms struggle to scale and don’t naturally lend themselves to be web accessible pairing Enterprise File Share and Sync with object storage solutions such as OpenStack Swift has become much more compelling for enterprises. Not only from an ease of use perspective but also from an ROI perspective.

This post looks at the “must have” features that should be demanded from an OpenStack Swift Enterprise Sync and Share vendor.

Continue reading “Top 10 things you should demand from your OpenStack Swift File Sync and Share vendor”

Facebooktwitterredditpinterestlinkedinmailby feather

Bash Vulnerability – shell shock fix

You may be aware that overnight a vulnerability was discovered that affects all Unix / Linux based operating systems that use the bash shell.

The details of this can be found at: https://access.redhat.com/articles/1200223

A vulnerability is just that. It can makes the system vulnerable to an exploit in certain scenarios but it does not mean that any Linux based system that uses bash has been or may have been exploited.

From details of the exploit we see that the way in which the SME appliance could have been affect is as follows:

Bug affecting Apache httpd server

Specifics of how it can affect:

“CGI scripts are likely affected by this issue: when a CGI script is run by the web server, it uses environment variables to pass data to the script. These environment variables can be controlled by the attacker. If the CGI script calls Bash, the script could execute arbitrary code as the httpd user. mod_php, mod_perl, and mod_python do not use environment variables and we believe they are not affected”

As the SME system uses user mod_cgi only with perl and does not spawn a shell it is not affected by this bug.

Bug Affecting Secure Shell

Secure Shell (SSH) is also affected if users can access the system over SSH and launch a bash shell. This is unlikely as if SSH access is unauthorised it is likely the system is compromised in any case.

We have already patched our own sites and IaaS instances when the bug was discovered and notified customers. If you are running a trial or any other version of the SME Appliance you can update the bash shell to remove the vulnerability using the below instructions:

What you should do to patch your Appliance

Log in as smeconfiguser
#after login su as root (if you do not have the superuser password please contact support@storagemadeeasy.com)
yum update bash

This will update the bash shell and remove the vulnerability.

If you have any questions or need any further help do not hesitate to contact support.

**Update 26th September**

With regards to this entry, posted yesterday, as Redhat has in the early AM released a further new patch with regards to ShellShock you should again update your SME Appliance with this patch.

To do this:

Log in as smeconfiguser
#after login su as root (if you do not have the superuser password please contact support@storagemadeeasy.com)
yum clean all
yum update bash

This will update the bash shell with the new patch.

It is possible that further patches will be released and you should monitor the situation from the below link to check if further patches are released and should be applied.

https://access.redhat.com/articles/1200223

From our side we have checked the SME Appliance and even though we do not believe we are affected by Shellshock, it is good security practice to have the latest patch given what was discovered and we strongly recommend to apply the further patch.

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Working with Amazon S3 data from a terminal over SFTP

We quite often assume that when working with Cloud data it will be from the web or from mobile “on the go” devices. To be fair this can often be the majority of cases, but the Enterprise throws up all sorts of different use cases and I thought it would be useful to go over one of the more esoteric ones.

One of the customers that use the Storage Made Easy on-premise Enterprise File Share and Sync Cloud Control product is a medical company. They use the SME product as a hybrid on-premise cloud product that is able to offer storage locally and on Amazon S3. Both sets of storage use the Amazon S3 API. The SME Appliance is able to make local storage accessible over an S3 compatible API and then off-board this storage to Amazon S3 as required. This meant that the companies scripts and applications could easily work locally and with Amazon S3 with very minimal configuration changes.

Hybrid Cloud S3 API

Their field staff quite often find themselves in a situation where, when working remotely, their only means of access is using a terminal ie. there is no direct web access and mobile devices are blocked and cannot be turned on.  In the past this meant that the consultant used to carry around CD’s / DVD’s in which information that may be required is burned off.

The consultants did however have direct  access to terminals which were internet enabled.   As the SME EFSS product also include a protocol gateway this mean it was possible to get direct terminal access to remote files using SFTP.

Cloud Storage SFTP

 

As the SME EFSS Gateway product integrated with the companies Active Directory services then terminal access was still using Single Sign On and the Active Directory credentials for each user access

User access can be obtained directly from the command line as per the example below..

Mac sftp google drive

Once authenticated the user can do a simple “ls” to get a file listing.

Mac SFTP

Once connected the view of the folder/files is available and can be worked with via the command line.

Mac SFTP S3

All access to the files are also logged and audited, including the username, the IP address and the types of interactions occurring, all part of a the HIPPA compliant process the customer implements. These reports can be exported and made available in excel to any compliance officer.

Summary:

Secure access to files and data can take many forms and in the Enterprise the edge cases also need to be catered for as well as the more common access use cases.

 

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud makes control of enterprise content silos key for Enterprises

As the Cloud permeates all aspects of business enterprises in particular are waking up to the cost benefits that Cloud can bring, from outsourced pay-as-you-go applications to cheaper and easier archival, to storage of non sensitive documents and data.

An often repeated truth is that Enterprises have 3 of everything. When I worked in the Middleware space it was not unusual to see one department using IBM WebSphere, another using WebLogic and yet another experimenting with JBoss. The same adage goes for enterprise content management.

In the not to distant past if I brought up Enterprise Content Management then it could be referred that I was only discussing Documentum, Alfresco, SharePoint or some CMIS type product, but in today’s world the term can also apply to documents stored on OneDrive, DropBox, Google Drive, Amazon S3 etc. Throw in CRM’s that store documents such as Salesforce and online project management tools such as BaseCamp and you start to grasp just how many independent content and documents silos that companies have to deal with.

This is bore out by a recent survey by AIIM called “Get more from on-premise ECM”. The highlights of that survey are:

50% of companies already use 3 or more storage solutions (this echoes prior research that SME also undertook.)

40% of companies are investigating cloud

This presents two large challenges to companies:

Accessibility of data – where is it ? which App ? Which data store ?

Governance of data – How do you you universally secure data and set polices across data silos and Apps ?

The Storage Made Easy EFSS Cloud Control Solution was built specifically to address these types of challenges.

Cloud Control

It supports over 45 private and public cloud stores and Apps, with an API for those not covered so it can pretty much connect to anything.

Cloud Connectors

Connecting to private and public content stores and Apps that functions as content stores, such as Salesforce, is a facilitator to make accessibility easier as when users search for a document the search is conducted across the content estate, not just in an App silo.

Also SME has an Enterprise connector to Apache Lucene / SOLR to enable deep search of file content from any desktop and any App. This not only increases the accessibility and availability of data, it also immeasurably increases worker productivity.

Governance of data is a thorn in the side of Enterprise IT when it comes to the storing of Cloud data and the NSA snooping scandal and recent celebrity photo hacking has not done anything to help the sensitivity of it. Cloud Governance and Control is firmly in the spotlight of Enterprise IT and more importantly Enterprise Management.

Often what you see from vendors is a “my cloud is better than your cloud” approach to this problem ie. a vendor adds one specific security feature and tries to use this to get companies to move their data or sensitive data to this solution. Alternatively a company can target one facet of Governance and Control, lets say encryption for example, and build their product and service on this one feature only.

The SME solution takes a more holistic approach to provide governance and control across the whole content estate. It does not try and get you to move your data to it (it’s data agnostic and does not store data) and it does not just work as a silo or offer one feature. It provides an integrated sensible approach to corporate content governance and control:

– It integrates with existing Active Directory or LDAP systems to provide a single-sign-on solution for identity management.

– It provides an encryption service to enable remotely stored data to be encrypted and only accessible with authorization.

– It provides secure file sharing and combines this with pre-set business policies. Files can be password protected and time expired and these can be applied as policies. For example you can choose to set a policy that all files have a 24 hour expiration time and which must require a password for sharing.

– It provides a comprehensive audit log of all file events for all content. For remote file shares it tracks the IP address of the remote users accessing the file.

– It provides GEO Locations restrictions to enable restrict or prevent access. For example if you have an outsource accounting company who require access to a particular folder you could restrict their access to being over a certain IP address and only from a web viewer.

– It has built in Bring Your Own Device controls that allow the setting of per user permissions with regards to web, desktop or mobile device access. It also works with Oracle Mobile Security and OpenPeak Sector in the event the company already has these BYOD controls in house.

– It integrates with what you have providing desktop cloud drives, plug in’s for Microsoft Office and Open Office as well as email plug in’s for file sharing.

Content Management, Cloud Governance and Collaboration is only going to get harder, not easier, as companies embrace new data stores and new applications that store data. To facilitate a productive, accessible, controlled experience the control points simply have to be joined up.

Facebooktwitterredditpinterestlinkedinmailby feather

Document Management is more than just managing documents – it is also securing them

Enterprise file share and sync

Document control and management is of vital importance to any organization. If sensitive information is sent outside of your company, once the documents have been sent electronically, control is lost and this can put files you shared at risk. They can be copied or forwarded anywhere in the world, in seconds.

For most businesses, the focus of their attention is on document management and on the organizational workflow and the storage of documents. Companies want to be able to integrate documents into a workflow and store documents in an organized and secure way that still allows documents to be found easily . Where the document is stored can frequently change. It could be SharePoint, it could be FTP, it could be on some external repository etc. Where the security process can fall down is when documents are shared externally or how they are available to be collaborated on.

The proliferation of employees bringing there own devices to work (BYOD and BYOC) and using preferred SaaS applications of their own choosing has led to corporate governance becoming even more of a challenge for those tasked with its enforcement as an increasing number of end users bypass corporate protocol.

Such ‘Shadow IT‘ can pose a significant security risk, as unapproved hardware and software that are used do not undergo the necessary security checks and the storage and dissemination of such documents is outside of corporate control.

solving shadow it problem

Storage Made Easy provides a unified Enterprise File Share and Sync solution, which works with a companies existing private and public data, presenting these files in a unified view.. It enables enterprises to not only securely sync, but also to securely share and work with files, wherever they need to go, even on devices that are beyond IT’s control.

IT benefits from a solution that gives them control, and users benefit as they have automatic access to documents and files from multiple data repositories, with robust security wherever behind the corporate firewall, or using any tablet, smartphone or PC.

Storage Made Easy uniquely provides:

• The ability to view, annotate, edit and sync almost any cloud or private file from almost any storage to any device.

• Internal and external collaboration features to work securely with anyone without losing control of enterprise data.

• Complete audit tracking to ascertain who accessed files, where form, and what action was taken.

• Provides a secure way for the organizations to collaborate with external partners using business workspaces.

• GEO Restrictions – restrict access to documents by IP address and by client. For example let an external sub office only have access to a folder from a specific IP address from the web browser (or any other client you nominate).

• Full Bring Your Own Device Support to restrict access to by employees by device type.

• Sophisticated permissions that unify permissions to different back end document storage and which can also be used with Active Directory or LDAP

• A way to solve the “DropBox” “bring your own cloud” problem be auditing such clouds even when documents are uploaded direct.

• A way to encrypt files stored on remote clouds which a key that is stored behind the corporate firewall this protecting remote sensitive data.

Secure document file sharing

In summary you do not have to choose between a homogenous and restrictive system or a lawless fenzy of different unapproved systems. The Storage Made Easy Enterprise file share and sync solution is storage agnostic. It is compatible with most private or public file sharing cloud data stores allowing users to continue using their preferred cloud storage provider while at the same time converging off-site and on–site private and public data. This allows a centralized point for corporate governance, thus providing a real solution to the Shadow IT and corporate governance problem.

Facebooktwitterredditpinterestlinkedinmailby feather

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions

Summary

Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

Facebooktwitterredditpinterestlinkedinmailby feather