How to encrypt, secure and access sensitive cloud storage data

**Updated 1st July 2016*

The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies’ talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.

One of the features that Storage Made Easy provides is an encryption feature that can encrypt data uploaded to remote (and local) Cloud Storage. SME supports 50+ cloud storage vendors, which means companies are able to take advantage of private key encryption for some, or all data, across cloud storage providers.

For individual users of our cloud SaaS services SME  uses a key entered by a user to encrypt data, but  the key is not stored on the SME hosted service. If the key is lost, or forgotten, then when trying to subsequently access the file the user will not be able to gain access to the file as the correct key phrase will not be known.

For companies that use the SME SaaS hosted service team Admins specify a key that uses a similar mechanism but is applied to all users. Unlike the personal encryption the key phrase is either stored encrypted by the SME service, or it can be stored with a self hosted Vault instance.

For enterprise users who self-host the SME service then the key is can be stored on the service behind the corporate firewall or again it could use the open source Vault software on a key server.

Encryption file SME

SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. A random initialisation vector is generated when the user supplies an encryption key. The cipher Rijndael consists of:

– an initial Round Key addition
– Nr-1Rounds
– a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.

Data_SecurityOnce files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Web, Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.

Encrypted file phone

 

If the file is accessed direct from the underlying storage then it will not be able to be used as it will be encrypted and without being opened via the SME service, either hosted or on-premises, it will not be able to be un-encrypted. This makes sensitive data stored on remote servers ultra-secure.

The SME also on-premises Cloud Control service resides behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services for additional security.

SME Encryption

The Storage Made Easy Cloud Encryption service is available to all SME users inclusive of free, Personal Cloud, Business Cloud and Enterprise Cloud

Facebooktwitterredditpinterestlinkedinmailby feather

Using Storage Made Easy With BoxCryptor On iOS to securely encrypt files on device

BoxCryptor provides a virtual hard disk that encrypts files within a storage account using using 256-bit AES encryption. BoxCryptor encrypts individual files, not an entire volume or container.

BoxCryptor encrypts and decrypts files locally, and it doesn’t transmit passwords to third parties. As a result files remain unreadable to outsiders even if hackers manage to steal passwords as they need to also break the file encryption.

How is this different to SME provided encryption? SME provides streamed encryption which occurs over the https protocol. Users choose a private key to encrypt files on upload to their underlying cloud and SME does not store this key on the SME platform.

Like BoxCryptor Storage Made Easy also uses AES-256 encryption. We use the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes..

Storage Made Easy also provides a file decryption tool that is available for Mac, Windows and Linux for local decryption of files downloaded direct from a Storage provider rather than via SME tool or client.

BoxCryptor recently updated their iOS App and although the App supports several storage clouds, as SME supports 35+ storage clouds and provides access into them using WebDav, BoxCryptor can be used in conjunction with SME to create and access encrypted folders with files  on any cloud SME supports.

The pictorial walkthrough below shows how to achieve this.

photo 1 photo 2

photo 3 photo 4

photo 5  photo 2

photo 3 photo 4 photo 5

BoxCryptor also supports Mac and Windows and can be used with SME Webdav or the Cloud Drive Apps. There is also a BoxCryptor Android App which can also similarly used with SME WebDav.

Facebooktwitterredditpinterestlinkedinmailby feather