Welcome to Part 2 of our File Fabric integration with Vault by HashiCorp blog. In part 1, we discussed the benefits of integrating your Storage Made Easy appliance with your Vault instance as well as a walk through of setting up the integration between vault and File Fabric. In this follow-up blog we will look at some use cases and also demonstrate how to setup your Vault instance ready for integration with your Enterprise File Fabric.
The primary purpose of the File Fabric encryption feature is to protect a users/companies files on local and remote storage resources, such as Object Storage, Dropbox, Google Drive etc, and to achieve this in an easy and seamless manner.
When files are encrypted in by the File Fabric, users cannot access or share them directly from the storage service. The files need to be accessed through the File Fabric web or app clients because the key to decrypt the data is stored, encrypted, on the File Fabric server instance.
Storage Made Easy recommends all traffic to be secured with encryption, as a matter of fact, by default we enforce the user of HTTPS communication. That said the software ships with self-signed certificates, to get you started, and when you first connect you will be greeted by an Invalid Certificate message in most browsers as self-signed is fine for pre-production, setup and testing but real certificates need to be added for production. In this post I will show you how to setup a free of charge, trusted certificate with our product. Let’s Encrypt is the name of the Certificate Authority we will be using, who provide free SSL certificates for 90 days.
Many file sharing vendors offer at encryption at rest but the the real question is do they let you manage your own encryption key?
Ask yourself these questions?
– Are you comfortable not controlling your own file encryption?
– Do you have sensitive data you wish to store in the cloud that you do not want to have your file sharing vendor have access to?
– Do you have data that absolutely must have controlled encryption from a legislative view point?
– Do ypu trust your vendor not to provide a ‘back door’ to the NSA?
Storage Made Easy:
– Offers private key encryption in which the private key is not stored on its hosted platform for all users (including free users).
– Let’s you encrypt data stored on any remote cloud including Box, DropBox, Amazon S3 etc
– is a UK company that has servers located in the US and in Europe in which no data is shared between the two
– Can provide a completely on-premise solution for Cloud Control and unified joined up file sharing that encompasses all public and private corporate data.
SME puts encryption of your files in your hands not your vendors !
We have for quite a while enabled public/private key AES 256 bit file encryption for files in which the private key is not stored on our servers. Many providers now support their own encryption and what we offer is over and above that (and in many cases our encryption is used as an additional security as it is truly private whereas in most cases the vendor stores the public and private key).
We believe it makes sense for us to support vendor Cloud encryption mechanisms were they add value and are possible. To this end we now support the Amazon S3 Cloud encryption and we’ve made it pretty easy to turn the encryption on, straight from the settings of the S3 provider (accessible from the Web DashBoard):
Once you are in the settings page of the S3 provider you simply turn it on: