5 Tips for enhancing Cloud Data Security and Privacy in 2020

With employees working increasingly from home corporate IT and CISO’s are increasingly focused on how they can improve upon data security and privacy for end users. The below tips are not new but they should server as a means to focus on what may be required for organizational change in the new hybrid work culture:
Continue reading “5 Tips for enhancing Cloud Data Security and Privacy in 2020”

Facebooktwitterredditpinterestlinkedinmailby feather

Enhanced Two Factor Authentication Update

Storage Made Easy recently rolled out an enhancement to its enterprise-grade security features by updating and enhancing its Two Factor authentication. This enhanced capability now works across  all desktop and mobile applications.

For Personal Cloud Accounts the Two Factor Authentication can be switched on from the Cloud DashBoard. For Team Accounts the Admin user can force the use of Two Factor Authentication from the Security Options tab:

Two Factor options Supported are:

  • Two Factor phrase delivery by email
  • A preset phrase that needs to be entered
  • Google Authenticator

Continue reading “Enhanced Two Factor Authentication Update”

Facebooktwitterredditpinterestlinkedinmailby feather

Access Microsoft Distributed File System Shares (DFS) from a web browser using the Enterprise File Fabric – Part 2

In part 1, we set up the SME appliance with a Microsoft DFS Storage Provider. Today we will continue the setup, enabling AD user authentication, corporate shares, department shares, and home directories for each user.

Prerequisites

This article assumes you followed along in Part 1 and met the prerequisites there, in addition you’ll need a few more shares configured on your fileserver, and a few users and groups configured in Active Directory.

Continue reading “Access Microsoft Distributed File System Shares (DFS) from a web browser using the Enterprise File Fabric – Part 2”

Facebooktwitterredditpinterestlinkedinmailby feather

Installing a Private Enterprise File Share and Sync Appliance on Windows Azure Compute Services

Azure-logo

This blog post is a technical post outlining the steps needed to deploy the Storage Made Easy Cloud Control Gateway and Enterprise File Share and Sync solution on the Azure IaaS compute infrastructure.

Storage Made Easy provides a private enterprise file share and sync solution that can not only be used with Azure Blob Storage Data but which can also be used as a cloud security point to secure other storage points or sync and share solutions, such as Office365 and SharePoint. We call this Cloud Control and you can read more about it here.

Continue reading “Installing a Private Enterprise File Share and Sync Appliance on Windows Azure Compute Services”

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud makes control of enterprise content silos key for Enterprises

As the Cloud permeates all aspects of business enterprises in particular are waking up to the cost benefits that Cloud can bring, from outsourced pay-as-you-go applications to cheaper and easier archival, to storage of non sensitive documents and data.

An often repeated truth is that Enterprises have 3 of everything. When I worked in the Middleware space it was not unusual to see one department using IBM WebSphere, another using WebLogic and yet another experimenting with JBoss. The same adage goes for enterprise content management.

In the not to distant past if I brought up Enterprise Content Management then it could be referred that I was only discussing Documentum, Alfresco, SharePoint or some CMIS type product, but in today’s world the term can also apply to documents stored on OneDrive, DropBox, Google Drive, Amazon S3 etc. Throw in CRM’s that store documents such as Salesforce and online project management tools such as BaseCamp and you start to grasp just how many independent content and documents silos that companies have to deal with.

This is bore out by a recent survey by AIIM called “Get more from on-premise ECM”. The highlights of that survey are:

50% of companies already use 3 or more storage solutions (this echoes prior research that SME also undertook.)

40% of companies are investigating cloud

This presents two large challenges to companies:

Accessibility of data – where is it ? which App ? Which data store ?

Governance of data – How do you you universally secure data and set polices across data silos and Apps ?

The Storage Made Easy EFSS Cloud Control Solution was built specifically to address these types of challenges.

Cloud Control

It supports over 45 private and public cloud stores and Apps, with an API for those not covered so it can pretty much connect to anything.

Cloud Connectors

Connecting to private and public content stores and Apps that functions as content stores, such as Salesforce, is a facilitator to make accessibility easier as when users search for a document the search is conducted across the content estate, not just in an App silo.

Also SME has an Enterprise connector to Apache Lucene / SOLR to enable deep search of file content from any desktop and any App. This not only increases the accessibility and availability of data, it also immeasurably increases worker productivity.

Governance of data is a thorn in the side of Enterprise IT when it comes to the storing of Cloud data and the NSA snooping scandal and recent celebrity photo hacking has not done anything to help the sensitivity of it. Cloud Governance and Control is firmly in the spotlight of Enterprise IT and more importantly Enterprise Management.

Often what you see from vendors is a “my cloud is better than your cloud” approach to this problem ie. a vendor adds one specific security feature and tries to use this to get companies to move their data or sensitive data to this solution. Alternatively a company can target one facet of Governance and Control, lets say encryption for example, and build their product and service on this one feature only.

The SME solution takes a more holistic approach to provide governance and control across the whole content estate. It does not try and get you to move your data to it (it’s data agnostic and does not store data) and it does not just work as a silo or offer one feature. It provides an integrated sensible approach to corporate content governance and control:

– It integrates with existing Active Directory or LDAP systems to provide a single-sign-on solution for identity management.

– It provides an encryption service to enable remotely stored data to be encrypted and only accessible with authorization.

– It provides secure file sharing and combines this with pre-set business policies. Files can be password protected and time expired and these can be applied as policies. For example you can choose to set a policy that all files have a 24 hour expiration time and which must require a password for sharing.

– It provides a comprehensive audit log of all file events for all content. For remote file shares it tracks the IP address of the remote users accessing the file.

– It provides GEO Locations restrictions to enable restrict or prevent access. For example if you have an outsource accounting company who require access to a particular folder you could restrict their access to being over a certain IP address and only from a web viewer.

– It has built in Bring Your Own Device controls that allow the setting of per user permissions with regards to web, desktop or mobile device access. It also works with Oracle Mobile Security and OpenPeak Sector in the event the company already has these BYOD controls in house.

– It integrates with what you have providing desktop cloud drives, plug in’s for Microsoft Office and Open Office as well as email plug in’s for file sharing.

Content Management, Cloud Governance and Collaboration is only going to get harder, not easier, as companies embrace new data stores and new applications that store data. To facilitate a productive, accessible, controlled experience the control points simply have to be joined up.

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud Storage Security concerns ? Why Hybrid Cloud offers the best of both worlds

Hybrid Cloud

With the recent celebrity photo scandal fresh in the minds of companies who are either using or anticipating moving to use Cloud questions regarding security, architecture and governance are fair  ones to ask.

Without a doubt cloud computing offers advantages to companies that encompass ease of use, productivity and cost savings, however companies have concerns about if, how and where they store their sensitive data. This is where hybrid cloud can play a part.

What is Hybrid Cloud ? Hybrid Cloud essentially continues to offer businesses all the benefits associated with the public cloud whilst enabling them to continue to have choices of storing certain types of data privately.

The benefits of a hybrid cloud strategy are that it addresses the security concerns of sensitive data whilst offering a dual strategy, unlike a pure private cloud implementation.

The Storage Made Easy Enterprise File Fabric provides such a public / private hybrid cloud solution but takes it a step further in the following ways:

– The File Fabric integrates with many existing private data applications and public cloud solutions. Private data application examples are SMB, CMIS, SharePoint, FTP and NAS/SAN. Public cloud solution examples are Amazon S3, RackSpace Cloud Files, Google Storage, Azure Blog Storage, Salesforce etc. The File Fabric does not force you to work with other storage or data that comes with the solution. The File Fabric is storage agnostic and it works with what data sources exist within a company.

integrate clouds

-The File Fabric offers a control point for all corporate data wherever it is stored. As  a control points Storage Made Easy can be configured to audit log all file events which can be exported as an excel file or as Syslog events for use with Business DashBoards. It also enables encrypting of sensitive files through the gateway that reside on public cloud Apps, or the choice of keeping these files entirely private behind the firewall but still accessible. GEO location tracking and restrictions are also built into the platform as is secure file sharing across all data stores enabling a common file sharing policy to be set.

Cloud Control

– The File Fabric provides a single pane of glass into all cloud services  and integrates into corporate identity management systems such asSAML,  LDAP and Active Directory. It can function as a public and private cloud data control point and can also be set to enable users to add their own consumer cloud accounts if this is a company policy, and it can track which corporate documents are moved, or shared, into a users consumer cloud account.

single pane of glass

– More effective governance is provided as the File Fabric not only provides the flexibility and security of the hybrid cloud model, it also provides a cloud control point for existing private data and public cloud data sets.

 

 

Facebooktwitterredditpinterestlinkedinmailby feather

Egnyte on Europe – a response

Patriot Act SnowdonWe see that Egnyte has been making statements about Box and their lack of an EU data center (whilst at the same time promoting their own).

Egnyte seems to be wanting to put the point across that prospects may prefer to use Egnyte as opposed to Box as they have a data center in Amsterdam. We believe there are a few additional points that should be highlighted with regards to Egnyte’s comments:

The Patriot Act – The Patriot Act is the white elephant in the room as in a nutshell it provides a legal framework for the US Government to have the right of search and seizure of data that is stored outside of the US where a US company is US incorporated. There are various articles on the Patriot Act such as this one from ZDnet and a quick Google Search will provide many more. This has of course gained more prominence since Edward Snowdon and the PRISM revelations. Even though Egnyte will have an EU presence it is still a US Inc. company bound by the laws of the United States.  Of course it is only fair to point out that non US companies can still be compromised but the EU provides more protection and there are new European data protection directives being introduced that will strengthen this.The point is not just about “Data crossing the pond” it is about who could potentially have access to that data, and how.

Protection US stored data – US stored data can still be protected. There are various ways to do this using tools such as TrueCrypt and BoxCryptor which we covered previously and in the case of Storage Made Easy, we act as a Cloud Control point for all public / private data so, if you wish, you can encrypt all data being stored on Box or any other service with a private key and this can made transparent to team users. More on that here.

For many EU companies it’s about private data not data centre data: The PRISM / Snowdon / Snooping issues have damaged confidence in a lot of companies about where they store their data, especially sensitive data, especially in the US or with US companies. Storage Made Easy is a UK Limited company that provide a complete behind the firewall Enterprise File Share and Sync Cloud Control solution. It works with your existing private and cloud stored data putting the control back in the hand of the companies. It can be entirely run in a companies data center or trusted IaaS infrastructure or entirely on-premise i.e.. completely the companies choice, and that is the key word here “choice.”

Facebooktwitterredditpinterestlinkedinmailby feather

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions

Summary

Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

Facebooktwitterredditpinterestlinkedinmailby feather

Why you, and not your storage vendor, need to manage your file encryption

20131026-075806.jpg

Many file sharing vendors offer at encryption at rest but the the real question is do they let you manage your own encryption key?

Ask yourself these questions?

– Are you comfortable not controlling your own file encryption?
– Do you have sensitive data you wish to store in the cloud that you do not want to have your file sharing vendor have access to?
– Do you have data that absolutely must have controlled encryption from a legislative view point?
– Do ypu trust your vendor not to provide a ‘back door’ to the NSA?

Storage Made Easy:

– Offers private key encryption in which the private key is not stored on its hosted platform for all users (including free users).

– Let’s you encrypt data stored on any remote cloud including Box, DropBox, Amazon S3 etc

– is a UK company that has servers located in the US and in Europe in which no data is shared between the two

– Can provide a completely on-premise solution for Cloud Control and unified joined up file sharing that encompasses all public and private corporate data.

SME puts encryption of your files in your hands not your vendors !

For further information please download our security white paper and see our previous blog post on encrypting files.

Facebooktwitterredditpinterestlinkedinmailby feather

How to encrypt, secure and access sensitive cloud storage data

**Updated 1st July 2016*

The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies’ talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.

One of the features that Storage Made Easy provides is an encryption feature that can encrypt data uploaded to remote (and local) Cloud Storage. SME supports 50+ cloud storage vendors, which means companies are able to take advantage of private key encryption for some, or all data, across cloud storage providers.

For individual users of our cloud SaaS services SME  uses a key entered by a user to encrypt data, but  the key is not stored on the SME hosted service. If the key is lost, or forgotten, then when trying to subsequently access the file the user will not be able to gain access to the file as the correct key phrase will not be known.

For companies that use the SME SaaS hosted service team Admins specify a key that uses a similar mechanism but is applied to all users. Unlike the personal encryption the key phrase is either stored encrypted by the SME service, or it can be stored with a self hosted Vault instance.

For enterprise users who self-host the SME service then the key is can be stored on the service behind the corporate firewall or again it could use the open source Vault software on a key server.

Encryption file SME

SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. A random initialisation vector is generated when the user supplies an encryption key. The cipher Rijndael consists of:

– an initial Round Key addition
– Nr-1Rounds
– a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.

Data_SecurityOnce files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Web, Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.

Encrypted file phone

 

If the file is accessed direct from the underlying storage then it will not be able to be used as it will be encrypted and without being opened via the SME service, either hosted or on-premises, it will not be able to be un-encrypted. This makes sensitive data stored on remote servers ultra-secure.

The SME also on-premises Cloud Control service resides behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services for additional security.

SME Encryption

The Storage Made Easy Cloud Encryption service is available to all SME users inclusive of free, Personal Cloud, Business Cloud and Enterprise Cloud

Facebooktwitterredditpinterestlinkedinmailby feather