Document Management is more than just managing documents – it is also securing them

Enterprise file share and sync

Document control and management is of vital importance to any organization. If sensitive information is sent outside of your company, once the documents have been sent electronically, control is lost and this can put files you shared at risk. They can be copied or forwarded anywhere in the world, in seconds.

For most businesses, the focus of their attention is on document management and on the organizational workflow and the storage of documents. Companies want to be able to integrate documents into a workflow and store documents in an organized and secure way that still allows documents to be found easily . Where the document is stored can frequently change. It could be SharePoint, it could be FTP, it could be on some external repository etc. Where the security process can fall down is when documents are shared externally or how they are available to be collaborated on.

The proliferation of employees bringing there own devices to work (BYOD and BYOC) and using preferred SaaS applications of their own choosing has led to corporate governance becoming even more of a challenge for those tasked with its enforcement as an increasing number of end users bypass corporate protocol.

Such ‘Shadow IT‘ can pose a significant security risk, as unapproved hardware and software that are used do not undergo the necessary security checks and the storage and dissemination of such documents is outside of corporate control.

solving shadow it problem

Storage Made Easy provides a unified Enterprise File Share and Sync solution, which works with a companies existing private and public data, presenting these files in a unified view.. It enables enterprises to not only securely sync, but also to securely share and work with files, wherever they need to go, even on devices that are beyond IT’s control.

IT benefits from a solution that gives them control, and users benefit as they have automatic access to documents and files from multiple data repositories, with robust security wherever behind the corporate firewall, or using any tablet, smartphone or PC.

Storage Made Easy uniquely provides:

• The ability to view, annotate, edit and sync almost any cloud or private file from almost any storage to any device.

• Internal and external collaboration features to work securely with anyone without losing control of enterprise data.

• Complete audit tracking to ascertain who accessed files, where form, and what action was taken.

• Provides a secure way for the organizations to collaborate with external partners using business workspaces.

• GEO Restrictions – restrict access to documents by IP address and by client. For example let an external sub office only have access to a folder from a specific IP address from the web browser (or any other client you nominate).

• Full Bring Your Own Device Support to restrict access to by employees by device type.

• Sophisticated permissions that unify permissions to different back end document storage and which can also be used with Active Directory or LDAP

• A way to solve the “DropBox” “bring your own cloud” problem be auditing such clouds even when documents are uploaded direct.

• A way to encrypt files stored on remote clouds which a key that is stored behind the corporate firewall this protecting remote sensitive data.

Secure document file sharing

In summary you do not have to choose between a homogenous and restrictive system or a lawless fenzy of different unapproved systems. The Storage Made Easy Enterprise file share and sync solution is storage agnostic. It is compatible with most private or public file sharing cloud data stores allowing users to continue using their preferred cloud storage provider while at the same time converging off-site and on–site private and public data. This allows a centralized point for corporate governance, thus providing a real solution to the Shadow IT and corporate governance problem.

Facebooktwitterredditpinterestlinkedinmailby feather

Egnyte on Europe – a response

Patriot Act SnowdonWe see that Egnyte has been making statements about Box and their lack of an EU data center (whilst at the same time promoting their own).

Egnyte seems to be wanting to put the point across that prospects may prefer to use Egnyte as opposed to Box as they have a data center in Amsterdam. We believe there are a few additional points that should be highlighted with regards to Egnyte’s comments:

The Patriot Act – The Patriot Act is the white elephant in the room as in a nutshell it provides a legal framework for the US Government to have the right of search and seizure of data that is stored outside of the US where a US company is US incorporated. There are various articles on the Patriot Act such as this one from ZDnet and a quick Google Search will provide many more. This has of course gained more prominence since Edward Snowdon and the PRISM revelations. Even though Egnyte will have an EU presence it is still a US Inc. company bound by the laws of the United States.  Of course it is only fair to point out that non US companies can still be compromised but the EU provides more protection and there are new European data protection directives being introduced that will strengthen this.The point is not just about “Data crossing the pond” it is about who could potentially have access to that data, and how.

Protection US stored data – US stored data can still be protected. There are various ways to do this using tools such as TrueCrypt and BoxCryptor which we covered previously and in the case of Storage Made Easy, we act as a Cloud Control point for all public / private data so, if you wish, you can encrypt all data being stored on Box or any other service with a private key and this can made transparent to team users. More on that here.

For many EU companies it’s about private data not data centre data: The PRISM / Snowdon / Snooping issues have damaged confidence in a lot of companies about where they store their data, especially sensitive data, especially in the US or with US companies. Storage Made Easy is a UK Limited company that provide a complete behind the firewall Enterprise File Share and Sync Cloud Control solution. It works with your existing private and cloud stored data putting the control back in the hand of the companies. It can be entirely run in a companies data center or trusted IaaS infrastructure or entirely on-premise i.e.. completely the companies choice, and that is the key word here “choice.”

Facebooktwitterredditpinterestlinkedinmailby feather

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions

Summary

Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

Facebooktwitterredditpinterestlinkedinmailby feather

Everything is a Storage Cloud now – the commoditization of Storage into Apps

20131031-210708.jpgOne of the more interesting trends of the recent developments in Cloud Computing is how we define “What is a storage cloud” . This used to be easy – it was an FTP or a WebDav Server. Even 3 or 4 years ago this was still relatively easy, it was DropBox, or SugarSync or Box etc. Now however, the lines are becoming a little blurry. We are seeing many application services offering the ability to store documents.

For example BaseCamp, the project management service lets you store files as do other project collaboration services, however I doubt any of these services would like to be categorized as “storage”.

SalesForce is another good example. It’s a CRM service right ? Well, yes but it can also be used to store files and in fact it is promoting this ability as a “first class feature” from what was called Chatter but which has now been rebranded to SalesForce Files.

The list of examples are endless Jive, Yammer, Evernote, a plethora of services that offer file storage specific to the use case they satisfy within a company.

Dedicated Applications of this nature provide file storage as a bi-product of their service and for many companies, large and small, policing this sprawl of data is challenging enough without employes doing their own thing with Bring Your Own Cloud.

We believe that this trend will continue to accelerate apace and it is why we at Storage Made Easy have been concentrating on “joining up” these different data stores and providing unification, management and control across what are effectively many independent silos of Applications and Data. The more cloud services that offer ways to Interact with and store files the worse the sprawl gets.

Storage Made Easy Cloud Control

In fact this “joining up” of data sprawl and the reason it is important to get right, and the results of ignoring it, will be a feature of our very next blog post.

Facebooktwitterredditpinterestlinkedinmailby feather

Why you, and not your storage vendor, need to manage your file encryption

20131026-075806.jpg

Many file sharing vendors offer at encryption at rest but the the real question is do they let you manage your own encryption key?

Ask yourself these questions?

– Are you comfortable not controlling your own file encryption?
– Do you have sensitive data you wish to store in the cloud that you do not want to have your file sharing vendor have access to?
– Do you have data that absolutely must have controlled encryption from a legislative view point?
– Do ypu trust your vendor not to provide a ‘back door’ to the NSA?

Storage Made Easy:

– Offers private key encryption in which the private key is not stored on its hosted platform for all users (including free users).

– Let’s you encrypt data stored on any remote cloud including Box, DropBox, Amazon S3 etc

– is a UK company that has servers located in the US and in Europe in which no data is shared between the two

– Can provide a completely on-premise solution for Cloud Control and unified joined up file sharing that encompasses all public and private corporate data.

SME puts encryption of your files in your hands not your vendors !

For further information please download our security white paper and see our previous blog post on encrypting files.

Facebooktwitterredditpinterestlinkedinmailby feather

How to encrypt, secure and access sensitive cloud storage data

**Updated 1st July 2016*

The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies’ talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.

One of the features that Storage Made Easy provides is an encryption feature that can encrypt data uploaded to remote (and local) Cloud Storage. SME supports 50+ cloud storage vendors, which means companies are able to take advantage of private key encryption for some, or all data, across cloud storage providers.

For individual users of our cloud SaaS services SME  uses a key entered by a user to encrypt data, but  the key is not stored on the SME hosted service. If the key is lost, or forgotten, then when trying to subsequently access the file the user will not be able to gain access to the file as the correct key phrase will not be known.

For companies that use the SME SaaS hosted service team Admins specify a key that uses a similar mechanism but is applied to all users. Unlike the personal encryption the key phrase is either stored encrypted by the SME service, or it can be stored with a self hosted Vault instance.

For enterprise users who self-host the SME service then the key is can be stored on the service behind the corporate firewall or again it could use the open source Vault software on a key server.

Encryption file SME

SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. A random initialisation vector is generated when the user supplies an encryption key. The cipher Rijndael consists of:

– an initial Round Key addition
– Nr-1Rounds
– a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.

Data_SecurityOnce files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Web, Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.

Encrypted file phone

 

If the file is accessed direct from the underlying storage then it will not be able to be used as it will be encrypted and without being opened via the SME service, either hosted or on-premises, it will not be able to be un-encrypted. This makes sensitive data stored on remote servers ultra-secure.

The SME also on-premises Cloud Control service resides behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services for additional security.

SME Encryption

The Storage Made Easy Cloud Encryption service is available to all SME users inclusive of free, Personal Cloud, Business Cloud and Enterprise Cloud

Facebooktwitterredditpinterestlinkedinmailby feather

Storage Made Easy: Reflections on 2012 and looking forward through 2013

Now that 2012 has drawn to a close and we are in mid January we thought it would be useful to reflect on what we have seen through our own business as trends and pointers, look at some of the things we have done over the course of the last year and finish by looking at what Storage Made Easy brings into 2013.

Key Trends:

A key trend for our business was a switch from online personal and SMB clients to more direct channel and corporate clients using our hybrid Appliance. The work we are doing with Huddle on the channel side and Xtime and Finser on the direct side are great examples of this trend. From July our business moved from a model of online Personal / SMB SaaS to Direct Corporate / Channel sales utilising our hybrid on-premise cloud appliance. Pre July the revenue split was 90:10 online SaaS and today the model is 10:90 weighted towards the direct business/channel revenue stream. We see this as a key indication that :

a. Larger companies want to ‘own’ their own data and are focused on making their storage integrate with what they already have such as their existing identity management systems (in many case Active Directory) and existing structured data systems.

b. Companies want to stop staff using un-authorised services and have come to the conclusion that they need to put structures in place to not only prevent this but to offer an alternative.

b. Companies are focused on the data legislation and governance of structured data so that they can track all file events, a mandatory requirement for certain verticals, such as government and healthcare for example.

c. The ability to search across disparate data sets easily and also on the move is becoming more and more important for companies as they try to make productive use of their core corporate asset, their data !

Our Focus for 2013:

Our Focus for 2013 is going to be as follows:

1. Simplifying our pricing proposition. The result of this will be visible over the next few weeks. We have tried to be as flexible as possible with what we provide to users but we find that this can result in users being paralysed by the paradox of choice so we will be making these much easier to understand.

2. Concentrating on formally launching our on-premise cloud Appliance. Having done a limited release launch in 2012, we will be shortly making available the ability to download the Appliance direct from our site.We have spent a fair bit of time re-designing the installation procedure with regards to networking, https keys etc,  to make it easy to install and get going. Below is an overview of the Architecture of the SME Appliance.

3. Enabling easy IaaS deployments so that users and companies can easily deploy their own personal or company cloud onto IaaS infrastructures. We already do this for Linode  but we will be expanding this to Amazon EC2 (and maybe one other provider we cannot discuss yet) and making the whole process an easier click through process.

We had a great growth year in 2012 and we look forward to continuing that in 2013.

 

 

Facebooktwitterredditpinterestlinkedinmailby feather

IBM Bans DropBox. Here is why you don’t need to follow suit

You may have missed it but IBM recently banned their 400,000 user based from using DropBox and other services like it. Jeanette Horan, IBM’s chief information officer, said that the restrictions has been in place since a review of IBM’s BYOD policy.  A great article underlining the reasons IBM made this policy change can be found in this Information Week article from Kevin Casey.

“The risk of allowing BYOC is inherent in any organization that owns confidential or critical information, which I would assume is every corporation in existence”

however how do you enforce it ?

“There’s also that minor matter of enforcement. IBM has the wherewithal to practice what it preaches, but when IT and financial resources are already spread thin, trying to keep people from sending corporate files to their personal Gmail accounts might be an exercise in futility.”

Enforcement of policy is of course a good question and one that we are happy to expand on. What IBM are really describing is the issue of what is being termed as “Cloud Sprawl” ie. the plethora of online services that can be responsible for not only information leak, but also prevent cohesive company information visibility. We have blogged about this previously.

The SME Cloud Appliance  and service is the enabler for governance and control of different Cloud Storage providers, such as DropBox, and of SaaS Services, such as BaseCamp for example. There are specific controls built into the Appliance to enable IT to govern how access is granter to information and also specific controls to not only restrict access but audit access:


This can audit access of all cloud storage types including personal clouds (if it is decided to allow them in the organisation). The auditing is granular and logs each event type and IP address of any file or resource interaction:
class

User login can groups can be controlled by Active Directory integration and Access permissions can be set against groups/roles across all information resources:

As we have shown, the Cloud File Server Appliance is a mechanism for IT within SMB’s and other companies to keep control of diverse information clouds and SaaS Cloud services whilst still promoting things such as BYOD and can be used as a SaaS hosted service or can be obtained as a Virtual Machine and hosted in-house.

Facebooktwitterredditpinterestlinkedinmailby feather

Encrypting Cloud Files on Android, BlackBerry, Windows Phone and iPad / iPhone

One of the issues that becomes apparent with more users choosing to work from mobile phones and tablets is the issue of security. Sometimes these devices can end up in the wrong hands and when that happens it is reasonable to take precautions about how can open and gain access to files you have stored in the Cloud.

The secondary security concern can be with Cloud the Providers themselves. Users often want to protect certain  files on the actual Cloud where they reside, and to that end they can want to use encryption independent of the Cloud Provider.

This particular use case can be solved by using the Cloud encryption service that SMEStorage provides. This features is provided to free, personal, and Cloud File Server users.

Encryption works when users upload files from SMEStorage web or desktop access Client, to any of the 35 Cloud Storage and Saas Providers that SMEStorage supports. Users connect over SSL and assign files a key phrase to file that are uploaded. This key phrase is not stored anywhere on the SME service, and files are encrypted as they stream through the SME service to the remote Cloud Provider.

When web, windows / Mac / Linux, or iOS, Android, WP7 or BlackBerry mobile clients are used to try and access an encrypted file then a password prompt will be presented and the file will be unable to be accessed until this key phrase is entered. If the files is share using a file share link then anyone who then tries to open the file will also be required to enter the key phrase before accessing the file.


SMEStorage uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:

– an initial Round Key addition
– Nr-1Rounds
– a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2 to the power of 127 applications of Rijndael.

Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. For example the popular freeware file manager Total Commander has a free plugin to handle such decryption.

Facebooktwitterredditpinterestlinkedinmailby feather