Implementing secure document delivery of private data to the iPad

One of the interesting projects we’ve recently been looking at with several customers is implementing secure document delivery of private (and in some cases public) data to the iPad using a combination of our Open Cloud Platform and our iSMEStorage iPad App.

The iPad seems to have become the executive, and salesman’s choice of device for mobility and ease of use. We’re seeing it everywhere from high end Finance to very small two to three man businesses.

What restricts some businesses from being able to use the iPad a  means of accessing Cloud Data that they store on premise or in public Clouds in private accounts is often security. They need a level of security that can be above what is required for normal everyday use. I’ve outlined some of the requirements below:

 

 

 

 

1. Requirement to have full control over Cloud File Server / Gateway. This requires the company implementing our Open Cloud Platform on their premise or in their data centre. This is reasonable straight forward and we have a whitepaper on the architecture for high availability here.

2. The iPad has to be a complete sandbox and not accessible as a “File system”. Of course, the way Apple designed iOS Apps was that each operate in their own sandbox directory and by default there is no access to different directories from within Apps (unlike Android). However if the device jailbroken all bets are off. To this end, we implemented in our code for such clients that detects if the device is jail broken when the App is installed or launched. If it is then the App becomes inaccessible.

3. Of course in in point 2 above, if the App is not launched and someone gets access to the filesystem via a jailbreak then the files could still be compromised. To this end we have implemented encryption on PIN. The current version of iSMEStorage already enables adding a PIN over above login. For private customers we this PIN to also encrypt the data on the iPad, much like you can do using the home directory encryption that Apple provides on the Mac. This now means that if the device is jailbroken and the App is not launched then the files, even if accessed, cannot be viewed. This feature may well make it’s way into our App Store iSMEStorage App at some point in the future.

4. In the unlikely event someone does get access to the App then all documents that are accessed can be encrypted using the SMEStorage Cloud Platform which means that a PIN is required to download them to the device (where the are encrypted anyway). The encryption is 256 bit AES encryption.

5. Integration with third party authentication services. A number of clients we’ve worked with have their own third party authentication services. In some cases we’ve need to look at integrating these into the authentication mechanism used for our iPad App. Two examples are Ping Identity Server and Arcot mobile authentication solution. You can view a short whitepaper on security integration here.

6. Disabling any document sharing with other Apps. This of course makes perfect sense in a world where you want the ultimate security for files and was simply a case of disabling this feature. This presented some challenges where customers wanted still to have some editing capabilities of documents. To this end we entered into OEM’s with best of breed third party solutions for such private implementations that enable document editing from within the App as well as PDF annotation for PDF documents.

Taking these steps a secure document delivery solution can be achieved for Private data. Public data, stored on such services as Amazon S3, or RackSpace, can if required also be accessed by “plugging them” in at a Cloud Platform Server level. Additional data becomes part of the Cloud File System and can be managed easily within the virtual directory. The Organisation can use the options in the SMEStorage Cloud File Server to require encryption for all documents stored on such services that pass through the Cloud Gateway.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Office 365

We’ve had a quite a few requests now for SMEStorage to offer integration with Office 365, Microsoft’s online offering for small businesses. We’re doing some analysis to see whether we can add connection to Office 365 so that users can work with data from iOS, Android, and BlackBerry (with Windows Phone coming soon), as well as, of course, Mac, Windows, and Linux.

Office 365 has built in access to files folders via integrated SharePoint capability and unfortunately the SharePoint in 365 does not seem to have any means to connect via WebDav for users.

We’ll post an update when we have more news on our work to add Office 365 integration.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

OpenStack now supported for SME Open Cloud SaaS Platform and Cloud Appliance

We are really pleased to announce that we have added OpenStack Swift object Storage support to the SME Open Cloud Platform. Swift is a sub project of OpenStack and provides a highly scalable redundant unstructured data store. Swift is 5 separate services, object, container, account, auth and proxy. Although each of these can be scaled separately, in practice they run together.

Never heard of Swift? it’s the underlying distributable object store that supports RackSpace Cloud Files. It’s akin to Amazon’s S3 implementation but unlike implementations such as Eucalyptus, which clone S3 API’s, but are not sponsored by Amazon, openStack and Swift has RackSpace firmly onboard, and have proven scale.

As Swift is used by Rackspace Cloud Files. Swift RackSpace claim it is production-ready code that is scalable to massive levels (100-petabyte clusters and 100000 requests per second). Swift sacrifices C for A and P from a CAP theorem perspective. Although most operations happen synchronously consistency is sacrificed in failure scenarios.

From our perspective we have seen ISP’s and larger SMB users of our on-premise Cloud Gateway appliance expressing interest in SME supporting this, and we supply this as VMWARE Appliance (OR XEN, KVM) or as a dedicated hardware appliance for smaller companies who wish to embrace their own private Cloud infrastructure.

As with our S3 API endpoint support SME will overlay a more traditional file store on top of Swift layered with the business functionality we provide in our  Cloud File Server, which includes virtual drives and clients for Mac, Windows and Linux, and feature rich mobile clients for iPad, iPhone, Android and BlackBerry, as well as value added features to Swift such as Webdav and FTP support.

Setting up Swift with SME is easy. First you need to add a new Cloud Provider and then the Cloud Wizard will be invoked. The first step is to enter your OpenStack details:

When entering the endpoint URL you should be sure to include the Port. An example URL is: http://<IP Address>:11000/v1.0.

Next you will need to choose which containers you want to work with and which should be the default container for any uploads to smart folders.

Once you have done this you will be ready to start the meta-sync which pulls in and caches all the information about containers and files.

If you have any issues connecting please refer to this advanced post on using SME with OpenStack 1.60 and SWAuth.

Once complete you will be able to access/amange your OpenStack files from the SME Web clients,  as well as using a Cloud Drive on Windows, Mac or Linux, and mobile clients for Android, iOS, and BlackBerry, and  the plethora of other tools and clients that SME provides. We’v e posted some screenshots below of this.

Web File Manager

iOS OpenStack

Android OpenStack

Firefox Plug-In OpenStack

Chrome OpenStack Plug-In

Mac Cloud Drive OpenStack

The OpenStack Swift API’s also get embedded for use within our own feature rich multi-cloud API framework in which we add many business driven features.. You can find details about that on our developer page

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

SME now supports Amazon Cloud Drive

We’ve now added support for Amazon Cloud Drive as a Cloud Storage Provider that can be used with SMEStorage.

Amazon providers every Amazon customer, even new customers without purchases,  5 Gigabytes of online storage. Customers in the US, who have purchased at least one digital music album on Amazon get, 20 Gigabytes of extra space for the first year. Paid Storage plans start at 20 Gigabytes and go up to 1000 Gigabytes. Each Gigabyte costs $1 per year with no additional costs (ie. no data transfer rates that are normally charged with the use of storage such as Amazon S3).

Let step through adding the Amazon Cloud Drive to your account:

1. First sign up for a new Amazon Account. Even if you have an Amazon Account it can be worth separating your main Amazon account from your Storage Account as Amazon does not provider separate token authentication for Cloud Drive, so the details you use will be the same details you use to login into Amazon, and you may wish to keep these private.

2. Once registered you will be taken to the Cloud Drive home screen, but it is important that you at least attempt to upload a file so that you can agree to the Amazon Terms and Conditions of Cloud Drive (if you are interested, you can review the terms and condition here).

3. Once you have done this your Amazon Cloud Drive will be ready

4. You can now either choose to add the Amazon Cloud Drive to your existing SMEStorage Account (got to My Account->Providers tab and choose “Add new Provider‘ Link) or you can sign up for a new free SMEStorage account. In either case you will need to enter your Amazon Cloud Drive authentication details at the first step of the wizard.

5. After your authentication has been verified you will be required to sync your meta data to create your cloud view within SMEStorage.

6. Once this has completed your CloudDrive files will be mapped and accessible via SMEStorage.

7. If you use the files via our Web Portal then you get all the integrations that are available to all clients such as integration with Zoho office for editing office docs, with Google Viewer for viewing files, ScribD for viewing PDF files, and Picnik for editing images.

8. All other SMEStorage clients will also be able to use with the Amazon Cloud Drive. These include, our Firefox Plug-In, Chrome Extension Plug-In, iPhone/iPad client, Android client, BlackBerry client, Windows Cloud Tools + Virtual Drive, Mac Cloud Tools + virtual Drive, Linux Cloud Tools + Virtual Drive.

Some examples of Clients using the Cloud Drive can be seen below:

iPhone Client

Firefox Client

Mac Client


Free Windows Cloud Explorer

Windows Virtual Drive

UPDATE: This is an old Blog Post – Amazon now prevent access to Cloud Drive and it is no longer supported.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather