Creating a Secure Encrypted Data Room Utilising Amazon S3 in 10 minutes

The Enterprise File Fabric can be used for many functional use cases. One of these use cases which we will discuss in this blog post is that of a secure encrypted data room.

We will break this down piece by piece as to how this was created.

In terms of how this can be achieved, the Enterprise on-premises File Fabric product will  be used, but this can also be achieved using the File Fabric SaaS hosted solution.

The first thing to do is to add a storage provider of choice with regards to where you want the Data Room data to be stored. We will use Amazon S3 but you could choose to use any type of storage that The File Fabric supports.

Once this is done we can choose how we will encrypt the data. This is an important step as it means that despite the data being stored on Cloud it will be totally secure, even if the data is directly accessed from the Storage. The File Fabric supports AES 256 bit encryption.

There are 3 different ways The File Fabric supports to data ecnryption:

1. File by file encryption – In this mode the encryption key is not stored by The File Fabric and must be remembered. Different encryption keys can be applied to different files or folders. No key, no data retrieval.

2. Blanket Data Room encryption. A single key is chosen and stored and is used to encrypt the data.

3. Blanket Data room encryption with the key stored in an external key server. The File Fabric supports the Hashicorp Vault key management server.

We can now add the users that we wish to access the Data Room:

Now that encryption is set the Cloud File Manager UI can be used to create (pseudo) folders on S3 to contain the documents for the data room and then read only ACLS’s can be applied as per our requirement.

Next we can set a policy to turn off file sharing for all users as we do not want the documents to be shared:

And as the administrator of the Data Room we now populate the document folders which remember, will be encrypted as per our earlier choice.

All interactions from end users will be audited and will be available to the Administrator

And finally we set some instructions for the home page the users will see when they first login into the Data Room:

That is it, we are done. We have a data room that:

  • Has data stored on Amazon S3
  • Has secure encrypted data
  • Has users added
  • Has ACL’s set to only access the data in a read only fashion
  • Is set to prevent file sharing
  • Audits all access so that this can be used for Compliance such as GDPR
  • Has intranet type instructions for use

If we wished to we could use the File Fabric to easily extend this by adding GEO restriction controls (only allow access from the UK for example) or IP controls (only allow one specific IP address to access),

Facebooktwitterredditpinterestlinkedinmailby feather
The following two tabs change content below.
The Leading Enterprise File Fabric