Today we have upgraded the Storage Made Easy Web Cloud File Manager.
The Storage Made Easy Web File Manager is different to a lot of file managers that you see today as it is hierarchical in nature and resembles a true file tree (akin to windows explorer). It’s hierarchical nature enables it to easily work with and manoeuvre around large data sets.
Over the years we have had a lot of feedback from companies and users about how they would like to see the File Manager work and what features they would like and we’ve used this feedback to make improvements, which are outlined below:
Large Layout in inline Mode
The File Manager layout is now larger in inline mode taking more advantage of the screen space.
The File Manager has been optimised for iPad / Tablet
A number of optimizations where done for working with the desktop Cloud File Manager on a tablet. The first is that it opens in full screen mode when being used on such devices. The second is that there are optimizations that make it easier to use such as being easily to widen / constrict the view on each pane. Also interactions have been optimized to work with touch events. The selection of files has also been made easier with checkbox selection options (these selection options are also available when using the FM from a PC).
Easier File Selection
A lot of feedback has been made to us about making file selection easier. To that end we have made it easier to select files by using a checkbox paradigm. Check boxes appear so that a file can be selected when the mouse is placed at the left hand side of a file.
Image thumbnails can now be previewed as the File Manager is browsed.
The File Manager now contains help guides showing how to action the most common functions such as copy/paste:
Default PDF Viewer is now native
The default PDF viewer is now a native viewer rather than Google Viewer (although Google Viewer can still be used and be setup to be the default). This means the viewer sandboxes any data viewed in this way just to the SME service.
New Themes / Custom Themes
There are two new large themes for the File Manager a blue theme and a normal theme. The existing themes have been rename to “tiny”. Also now, for Appliance users, custom themes can be created. This will be available in the next Appliance version.
The File timestamp to be used can now be selected
As SME is an abstraction between the remote cloud it works with more than one timestamp. Firstly it has its own concept of time, based on UTC, as to when a timestamp was modified through the SME service. Next it handles what the timestamp shows on the remote cloud service, and lastly it can show the local file time of a file uploaded to a remote service via SME (this may be different to the remote cloud time as some cloud services ignore the local file time and simply timestamp the file at the time it was uploaded to their service). Although all three are handled the user can now set which they want shown by default.
Edit on Hover
When hovering on a file, certain options are displayed for easy access. This has been enhanced so that files that can be edited, such as documents, text files etc can be edited by clicking the edit icon on hover.
Comments view is now collaborative / real time
When working in full file / comments view, if another user is also reviewing the same file and making comments then the comments will appear in real-time like an instant message
The File Manager now features an inline folder search (rather than having to move out to the tabbed search). This is a quick search mechanism to search for files in folders and sub folders.
Favourites and Quick Upload placed at top of file tree
Favourites and Quick uploads have been placed at the top of the file tree for easy access. These can also be configured to be hidden.
New way to copy / move files
Copy and Move can still be done by selecting files and drag and drop but now there are buttons and a wizard to make copy and moving files between folders or cloud services even easier.
There are also other numerous small changes and bug fixes but this post highlights the main functional changes.
Document control and management is of vital importance to any organization. If sensitive information is sent outside of your company, once the documents have been sent electronically, control is lost and this can put files you shared at risk. They can be copied or forwarded anywhere in the world, in seconds.
For most businesses, the focus of their attention is on document management and on the organizational workflow and the storage of documents. Companies want to be able to integrate documents into a workflow and store documents in an organized and secure way that still allows documents to be found easily . Where the document is stored can frequently change. It could be SharePoint, it could be FTP, it could be on some external repository etc. Where the security process can fall down is when documents are shared externally or how they are available to be collaborated on.
The proliferation of employees bringing there own devices to work (BYOD and BYOC) and using preferred SaaS applications of their own choosing has led to corporate governance becoming even more of a challenge for those tasked with its enforcement as an increasing number of end users bypass corporate protocol.
Such ‘Shadow IT‘ can pose a significant security risk, as unapproved hardware and software that are used do not undergo the necessary security checks and the storage and dissemination of such documents is outside of corporate control.
Storage Made Easy provides a unified Enterprise File Share and Sync solution, which works with a companies existing private and public data, presenting these files in a unified view.. It enables enterprises to not only securely sync, but also to securely share and work with files, wherever they need to go, even on devices that are beyond IT’s control.
IT benefits from a solution that gives them control, and users benefit as they have automatic access to documents and files from multiple data repositories, with robust security wherever behind the corporate firewall, or using any tablet, smartphone or PC.
Storage Made Easy uniquely provides:
• The ability to view, annotate, edit and sync almost any cloud or private file from almost any storage to any device.
• Internal and external collaboration features to work securely with anyone without losing control of enterprise data.
• Complete audit tracking to ascertain who accessed files, where form, and what action was taken.
• Provides a secure way for the organizations to collaborate with external partners using business workspaces.
• GEO Restrictions – restrict access to documents by IP address and by client. For example let an external sub office only have access to a folder from a specific IP address from the web browser (or any other client you nominate).
• Full Bring Your Own Device Support to restrict access to by employees by device type.
• Sophisticated permissions that unify permissions to different back end document storage and which can also be used with Active Directory or LDAP
• A way to solve the “DropBox” “bring your own cloud” problem be auditing such clouds even when documents are uploaded direct.
• A way to encrypt files stored on remote clouds which a key that is stored behind the corporate firewall this protecting remote sensitive data.
In summary you do not have to choose between a homogenous and restrictive system or a lawless fenzy of different unapproved systems. The Storage Made Easy Enterprise file share and sync solution is storage agnostic. It is compatible with most private or public file sharing cloud data stores allowing users to continue using their preferred cloud storage provider while at the same time converging off-site and on–site private and public data. This allows a centralized point for corporate governance, thus providing a real solution to the Shadow IT and corporate governance problem.
We have added a new feature to the Storage Made Easy platform, real time document collaboration. This is available for team account or Enterprise File Share and Sync on-premise users. It enables real time document editing between team members when online editing using the web document editor. It enables multiple users to open a document at the same time, and enables with everyone to contribute and/or review the document in real time.
This editing facility is available for any document in any cloud that is mapped to work with SME, be it public or private storage (for EFSS on-site users).
The below video shows the feature in action.
**Updated 1st July 2016*
The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies’ talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.
One of the features that Storage Made Easy provides is an encryption feature that can encrypt data uploaded to remote (and local) Cloud Storage. SME supports 50+ cloud storage vendors, which means companies are able to take advantage of private key encryption for some, or all data, across cloud storage providers.
For individual users of our cloud SaaS services SME uses a key entered by a user to encrypt data, but the key is not stored on the SME hosted service. If the key is lost, or forgotten, then when trying to subsequently access the file the user will not be able to gain access to the file as the correct key phrase will not be known.
For companies that use the SME SaaS hosted service team Admins specify a key that uses a similar mechanism but is applied to all users. Unlike the personal encryption the key phrase is either stored encrypted by the SME service, or it can be stored with a self hosted Vault instance.
For enterprise users who self-host the SME service then the key is can be stored on the service behind the corporate firewall or again it could use the open source Vault software on a key server.
SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. A random initialisation vector is generated when the user supplies an encryption key. The cipher Rijndael consists of:
– an initial Round Key addition
– a final round.
The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.
Once files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Web, Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.
If the file is accessed direct from the underlying storage then it will not be able to be used as it will be encrypted and without being opened via the SME service, either hosted or on-premises, it will not be able to be un-encrypted. This makes sensitive data stored on remote servers ultra-secure.
The SME also on-premises Cloud Control service resides behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services for additional security.
File Sharing is a key part of a companies ability to collaborate and share corporate data, which increasingly can be stored in many disparate services. The purpose of this post is to offer suggestion businesses should consider for their corporate file sharing strategy:
Many business just let employees share files with no control and no checks. This needs a policy. This is the businesses core asset and it needs to be protected and secure. Also, compliance and legislation of data is increasingly becoming important. The business needs to ensure it does not get caught in a compliance trap.
Point 1: Implement a control mechanism for your users. For example Storage Made Easy enables users to share files using links that can be password protected and in which the link can be set to expire. This protects against the user forwarding file. The file link can be set to expire on first download for example or set to download after 24 hours (or any other specified time period). If the file is password protected, even if the file is forwarded by the recipient then the file cannot be accessed unless the password is provided. A control mechanism promotes best practice security management of files and reduces operational risk.
Point 2: Point Solution or not ? Consider whether your strategy should be a point solution or whether it works with your existing data sets. Many vendors may purport to promote managed secure file sharing but often you find you have to move your data to their Cloud to have the solution work for you. Storage Made Easy works with private on-premise data, public cloud data such as DropBox, SkyDrive, Box etc and also with SaaS services such as BaseCamp. This promotes a ‘joined up’ strategy for company file sharing.
Point 3: Integrates with what you have ? Consider whether the solution works how you work so that it does not get in the way of business or productivity. For example Storage Made Easy integrates directly in the desktop as a network drive with simple right click options to share files. This behaviour supports Windows, Mac and Linux. Also integration has been done with other core business productivity tools such as Microsoft Outlook and Mac Mail to promote easy secure file sharing using links directly from the corporate mail client. Similar integrations exists for core productivity tools such as Microsoft Office and Open Office or Libre Office.
Point 4: Compliance, Compliance Compliance – Compliance is fast catching up with all verticals when it comes to storing and accessing corporate files off site. There is specific industry legislation related to this, such as HIPPA in healthcare and FERPA in education, but there are various legislation proposals being processed at various levels in the USA and EU and it is a safe bet that the ability to track historic file events will become more of a requirement not less of a one. Also for companies, the ability to search against historic file sharing or data access should be just part of an overall joined up corporate security policy.
Point 5: On-Premise, Hybrid or Cloud ? The last point is to do with implementation. You should be able to decide how you manage data or metadata associated with storing files and sharing files. This can be behind the corporate firewall, totally on Cloud., or some combination of both. The key word here is choice.
Amazon Web Services has announced that it now offers a new storage gateway appliance (virtual machine image) that can be placed on a customers site. What benefit is this ? It really provides an easy way to integrate local storage or systems with the facility to replicate data to the Amazon Cloud. For example you could add the technology to an existing data center so that it resided between servers and storage so that you could easily start replicating data to Amazon S3.
Note,however,these are actually stored as EBS Volumes. So although users can access data stored in this fashion locally from the gateway, if they wish to access this data directly through AWS they would need to start an EC2 instance and attached the EBS volume. . This in and of itself makes it easier to then integrate S3 stored data with other AWS services (if this is important to you). Note that this is not ‘replacing’ what you already have (ie. “great, I can just use the Cloud”), it is in addition to what you already have.
Firstly lets look at what the requirements are to host the Gateway. These are:
- VMware ESXi hypervisor (v4.1) on a physical machine with at least 7.5GB of RAM
- Four (4) virtual processors assigned to the appliance VM along with 75GB of disk space for the Open Virtual Alliance (OVA) image installation and data.
- A “proper” sized network connection to Amazon.
- iSCSI initiators on either Windows server 2008, Windows 7 or Red Hat Enterprise Linux
(Also note that the Gateway beta is optimised for block write sizes which are more than 4Kb. AWS warns that using smaller I/O sizes are likely to cause overhead which can result in storage space that is effectively ‘lost’. This means that prior to installation there needs to be a check made on the file systems / volumes to ensure they can use the larger allocation sizes).
Firstly we’d like to point out that it’s great to see Amazon adding their own on-premise Cloud Gateway. It’s great to see them competing with the likes of EMC, TwinStrata, and Nasuni. It would have been nice to see NFS or CIFS supported as interfaces, as from our own interactions with customers, we believe that is what customers really want to see, but maybe we can expect to see that added as the Gateway offering matures.
(Differences between iSCSI & NFS: iSCSI and NFS both allow storage access over an IP networking infrastructure. The difference is that iSCSI enables block storage transfer whereas NFS and CIFS transfers files.)
Many customers may find that they already have the capabilities for which they would use the Gateway, such as snapshots, backup and archiving, which is a pretty old, mature and I would expect a little more cost effective mechanism of achieving similar goals. However with that said we can see many use case where, with our own Cloud File Server Appliance where customers will really embrace the Gateway.
So where does the AWS Cloud Gateway end and the SME Cloud Appliance begin ? Well, the first things to understand about the SME Cloud Appliance is that it acts at a layer ‘above’ the storage. It provides a mechanism to unify disparate data sources into one file tree, add unified user access management and permissions, add unified governance and e-compliance, has focus on enabling companies to manage ‘Cloud Sprawl’, and leverages the ability for companies to let staff “bring your own device” (BYOD). In short, as I often say when asked to comment about Storage in general, the response is “it’s all about the App”. Storage in and of itself is not a single source in companies and secondly having things stored is no good unless you have unified, search, logic, control and anytime anywhere access that supports all desktops and all devices. This is what we essentially are bringing to the table with our Cloud File Server Appliance.
To take advantage of the Amazon Cloud Gateway what would be required is for us to connect to the local iSCSI stored data within the Gateway and this is something we will be looking to do in the short term.