In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions

Summary

Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

Facebooktwitterredditpinterestlinkedinmailby feather

How to encrypt, secure and access sensitive cloud storage data

**Updated 1st July 2016*

The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies’ talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.

One of the features that Storage Made Easy provides is an encryption feature that can encrypt data uploaded to remote (and local) Cloud Storage. SME supports 50+ cloud storage vendors, which means companies are able to take advantage of private key encryption for some, or all data, across cloud storage providers.

For individual users of our cloud SaaS services SME  uses a key entered by a user to encrypt data, but  the key is not stored on the SME hosted service. If the key is lost, or forgotten, then when trying to subsequently access the file the user will not be able to gain access to the file as the correct key phrase will not be known.

For companies that use the SME SaaS hosted service team Admins specify a key that uses a similar mechanism but is applied to all users. Unlike the personal encryption the key phrase is either stored encrypted by the SME service, or it can be stored with a self hosted Vault instance.

For enterprise users who self-host the SME service then the key is can be stored on the service behind the corporate firewall or again it could use the open source Vault software on a key server.

Encryption file SME

SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. A random initialisation vector is generated when the user supplies an encryption key. The cipher Rijndael consists of:

– an initial Round Key addition
– Nr-1Rounds
– a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.

Data_SecurityOnce files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Web, Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.

Encrypted file phone

 

If the file is accessed direct from the underlying storage then it will not be able to be used as it will be encrypted and without being opened via the SME service, either hosted or on-premises, it will not be able to be un-encrypted. This makes sensitive data stored on remote servers ultra-secure.

The SME also on-premises Cloud Control service resides behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services for additional security.

SME Encryption

The Storage Made Easy Cloud Encryption service is available to all SME users inclusive of free, Personal Cloud, Business Cloud and Enterprise Cloud

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Extending Remote Desktop with a Cloud Drive

Many service providers and companies offer Remote Desktop Services to enable companies to access their desktop remotely. Applications are installed for the users where user settings and data are saved to their profile.

We’ve had a few requests from companies and service providers now who wanted users to easily be able to access data on remote clouds (such as Azure, DropBox, Box, FTP, WebDav, Sharepoint Amazon S3 etc) from a remote desktop.

With Storage Made Easy, this is easily done as SME presents a WebDav entry point to all clouds that SME supports whether they support WebDav or not. This means the service provider needs only co-locate the SME software appliance (supplied as an OVF compliant file) in their network and add a simple script to the users startup. The script it:

NET USE * \\webdav.storagemadeeasy.com@SSL\DavWWWRoot
pause

This enables user to get a mapped drive to remote cloud storage as soon as they login to their remote desktop and to browse and access these files like any other data drive and is a simple solution for bringing remote clouds directly into a users remote desktop using a simple metaphor they understand, “a drive”.

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Automatic notifications of new or changed iWork Numbers documents stored on Google Drive

We had an interesting Use Case recently in which the requirements were as follows:

The Company in question had a Google Apps Account and therefore used Google Drive for their Storage. They had a number of iWork Numbers documents that were modified by their team members whilst on the move using iWork and iPad’s. Currently their process was editing the files, and then trying to send the resultant file via email to other team members. Due to file size some files were not received and in general the email server was quickly eating up storage. What they cam to SME for was to figure out how they could refine this process.

With Storage Made Easy the process became much simpler. Firstly the company subscribed to a Cloud File Server SaaS Account. The SME Cloud Admin then added the companies Google Drive account to be accessible via SME and invited other team members to be part of the Cloud File Server. On the Folder(s) in question the Cloud Admin simply set permissions so that relevant team members had access and added a notification rule specific to keynote file to ensure that all subscribers to the shared folder received an email notification on new files or updates to existing files. As per our prior article on Twitter and SMS Gateways on these changes to file events SME can easily generate instant SMS notifications.

As Storage Made Easy enables WebDav above any Cloud added to it then Google Drive becomes instantly accessible via WebDav. For the Company this means that they can simply open and create new keynote files directly in Keynote from their shared Google Drive folder and then on completion simply save them back. The very act of doing this generates a file event on completion which send an email and/or SMS to users subscribed to the shared folder vastly simplifying the process.




Another added benefit to the company is the complete end-to-end joined up audit tracking they get on all Google Drive documents:

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Annotating PDF files on Amazon S3 (and other clouds) from an iPad with audit tracking

One of the legal companies that use the Storage Made Easy on-premise Cloud File Server Appliance had a recent request that we felt was worth exposing as we can see it could be a common use case.

The company has legal and para-legal resources that had the need to be able to annotate PDF’s whilst away from the office using their iPad’s.  The legal data is stored on an EU Amazon S3 instance  and the SME Cloud File Server Appliance is used to provide  single sign on with the internal Active Directory Server whilst also providing granular permissions and auditing services for full document tracking.

A key point for the company was that any PDF document editing would be able to be done on the move from an iPad, saved back to the S3 Cloud from the iPad, and also that any changes were audit trackable. and users were instantly notified of changes. The SME Cloud on-premise Cloud Appliance, which unifies public and private data sources, as well as providing a full audit trail for all file interactions was used to satisfy this requirement in the following way:

– SME Cloud Appliance was already installed on-premise behind the corporate firewall
– The companies own EU S3 Account had been added as a Cloud to be monitored from the Appliance
– Auditing of any file events was set
– Access to the S3 files was available via the WebDav protocol using the users Active Directory username / password as Active Directory SSO was enabled via the Appliance
– As S3 files were available via WebDav the iAnnotate iPad App could be used to login and annotate files as outlined below.

Setting up access to Storage Made Easy from the cloud appliance is done as follows:

1. First setup a new WebDav cloud connection

2. Enter the SME WebDav Details

3. Connect

4. After Annotating the document then simply save it.

5. On completion the annotated document is saved back to Amazon S3 (or any other WebDav Cloud it was access from).

All interactions that occur are also fully audited with the remote IP Address, username, and document details and these are available as part of the Audit logs provided by the SME Appliance that can be exported as a .cvs or excel and / or can be archived.

Facebooktwitterredditpinterestlinkedinmailby feather

How to sync files from Google Docs, SkyDrive, S3 and other Clouds with your BlackBerry Playbook

As we recently posted details about our HTML5 client for the BlackBerry Playbook we thought it would be useful to outline how you can sync files from any number of Clouds with your Playbook.

For this walk through we will be using a third party tool for the Playbook called Mobile FTP and the SMEStorage CloudFTP protocol adaptor. This solution will work with any free, personal or business Cloud File Server Account that has the Protocol Adaptor added to their account.

First purchase the Mobile FTP App for your Playbook and install it (t is £1.00)

Next setup the SME CloudFTP protocol adaptor connection in the App. This enables the SMEStorage Clouds you have mapped to your account to be accessible over FTP even if they don’t natively support FTP.

This will result in a new bookmark called SME FTP

At this point all your files are acessible through MobileFTP on the Playbook simply by selecting the bookmark and connecting

You can download files or upload them to the various cloud using the Mobile FTP App

Now we will set up Sync. First we need to create a bookmark of the directory we wish to sync within the Mobile FTP App. We wil choose a folder called ‘Android Docs’ that is hosted on Google Docs.

We will name the Bookmark “Docs to Sync”.

Now we’ll go back to the root of the Mobile FTP and edit the Sync example to change it for sync bookmark we just created:

We changed the name to “SME Sync GDocs” and chose the boomarked directory “Docs to Sync” as the directory to sync with the root of the SD Card. Now we can simply run the sync.

Once the sync is completed the nested directory structure and files are available from the SD card on the Playbook. We can re-run the sync when we wish to pick up any changes, and we can add as many sync profiles, to as many different clouds, as we wish.

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud Computing Use Case: Editing Google Docs, Office365 and DropBox files in iWork on the iPad

We recently did a roll out of our Cloud File Server service to a company of just under 150 people. The primary driver of this was federating data sources, governance and auditing of data, and the ability to edit files directly on iWork on the iPad.

For this use case we’ll concentrate on the latter, enabling ubiquitous document editing on the iPad using the Apple iWork product which encompasses Pages, Keynote and Numbers.

The company is a technology company in which different parts of the businesses use different Cloud Services. The core business admin and management uses Office365. Google Docs is used by the sales team, primarily as a way to share Google Docs files easily with their customers and prospects, whom they found to be predominately Google Docs users. DropBox is used by the tech team who like the ability to have replicated to all their code, tech papers etc instantly to any device.

Interestingly, whereas you would think this disparate use of similar Cloud storage services is an edge case, we find it is not. The storage vendor names may change, but the disparate number, of what appear to be, similar services remains.

When questioned about why they don’t use the other in-house services each team had a different USP as to why:

Tech Team: “With DropBox I don’t have to remember to bring my files. They are always with me”

Admin / Management: “Office365 works and Syncs with what I use like my Outlook task list and calendar”

Sales Team: “most of our customers use Google Apps, so sharing files with the Google Group we have setup for Sales is the best way to get new deals / propositions to them”

One thing this company has jointly bought into was iPad’s. They all used them and their preference was to use Apple iWork as their document editor as they liked it’s simplicity, ease of use, and WYSIWYG features. The problem was it did not work with any of their Cloud products.as it only supported iCloud, MobileMe and WebDav.

The company in question had already bought into the SME Cloud File Server. It enabled them to audit files above all the clouds they used and provide Organisation Shared folders that worked above a “set” of Clouds, giving them a single view on disparate resources.

As the SME Cloud File Server also supports a WebDav protocol adaptor above any Cloud, something we call CloudDav, then it became very easy for all the teams to create, load, edit, and save documents to either Google Docs, Office365, or DropBox.

The steps to achieve this were simple:

1. Launch Pages, Numbers or Keynote

2. Click the ‘+’ button and choose ‘Copy from Webdav’ (assume a doc is to be loaded)

3. Enter https://Webdav.storagemadeeasy.com as the server address and your smestorage username and password as authentication. This will then load the file tree and the clouds available to the account.

4. Tap on a document to load it and start editing

5. When finished just choose the “Copy to WebDAV” button and it will be saved.

In this way documents in Clouds not supported by iWork can be edited and saved.

 

Facebooktwitterredditpinterestlinkedinmailby feather