Egnyte on Europe – a response

Patriot Act SnowdonWe see that Egnyte has been making statements about Box and their lack of an EU data center (whilst at the same time promoting their own).

Egnyte seems to be wanting to put the point across that prospects may prefer to use Egnyte as opposed to Box as they have a data center in Amsterdam. We believe there are a few additional points that should be highlighted with regards to Egnyte’s comments:

The Patriot Act – The Patriot Act is the white elephant in the room as in a nutshell it provides a legal framework for the US Government to have the right of search and seizure of data that is stored outside of the US where a US company is US incorporated. There are various articles on the Patriot Act such as this one from ZDnet and a quick Google Search will provide many more. This has of course gained more prominence since Edward Snowdon and the PRISM revelations. Even though Egnyte will have an EU presence it is still a US Inc. company bound by the laws of the United States.  Of course it is only fair to point out that non US companies can still be compromised but the EU provides more protection and there are new European data protection directives being introduced that will strengthen this.The point is not just about “Data crossing the pond” it is about who could potentially have access to that data, and how.

Protection US stored data – US stored data can still be protected. There are various ways to do this using tools such as TrueCrypt and BoxCryptor which we covered previously and in the case of Storage Made Easy, we act as a Cloud Control point for all public / private data so, if you wish, you can encrypt all data being stored on Box or any other service with a private key and this can made transparent to team users. More on that here.

For many EU companies it’s about private data not data centre data: The PRISM / Snowdon / Snooping issues have damaged confidence in a lot of companies about where they store their data, especially sensitive data, especially in the US or with US companies. Storage Made Easy is a UK Limited company that provide a complete behind the firewall Enterprise File Share and Sync Cloud Control solution. It works with your existing private and cloud stored data putting the control back in the hand of the companies. It can be entirely run in a companies data center or trusted IaaS infrastructure or entirely on-premise i.e.. completely the companies choice, and that is the key word here “choice.”

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions

Summary

Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Why you, and not your storage vendor, need to manage your file encryption

20131026-075806.jpg

Many file sharing vendors offer at encryption at rest but the the real question is do they let you manage your own encryption key?

Ask yourself these questions?

– Are you comfortable not controlling your own file encryption?
– Do you have sensitive data you wish to store in the cloud that you do not want to have your file sharing vendor have access to?
– Do you have data that absolutely must have controlled encryption from a legislative view point?
– Do ypu trust your vendor not to provide a ‘back door’ to the NSA?

Storage Made Easy:

– Offers private key encryption in which the private key is not stored on its hosted platform for all users (including free users).

– Let’s you encrypt data stored on any remote cloud including Box, DropBox, Amazon S3 etc

– is a UK company that has servers located in the US and in Europe in which no data is shared between the two

– Can provide a completely on-premise solution for Cloud Control and unified joined up file sharing that encompasses all public and private corporate data.

SME puts encryption of your files in your hands not your vendors !

For further information please download our security white paper and see our previous blog post on encrypting files.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to encrypt, secure and access sensitive cloud storage data

**Updated 1st July 2016*

The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies’ talk about encrypting data ‘at rest’ but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.

One of the features that Storage Made Easy provides is an encryption feature that can encrypt data uploaded to remote (and local) Cloud Storage. SME supports 50+ cloud storage vendors, which means companies are able to take advantage of private key encryption for some, or all data, across cloud storage providers.

For individual users of our cloud SaaS services SME  uses a key entered by a user to encrypt data, but  the key is not stored on the SME hosted service. If the key is lost, or forgotten, then when trying to subsequently access the file the user will not be able to gain access to the file as the correct key phrase will not be known.

For companies that use the SME SaaS hosted service team Admins specify a key that uses a similar mechanism but is applied to all users. Unlike the personal encryption the key phrase is either stored encrypted by the SME service, or it can be stored with a self hosted Vault instance.

For enterprise users who self-host the SME service then the key is can be stored on the service behind the corporate firewall or again it could use the open source Vault software on a key server.

Encryption file SME

SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. A random initialisation vector is generated when the user supplies an encryption key. The cipher Rijndael consists of:

– an initial Round Key addition
– Nr-1Rounds
– a final round.

The chaining variable goes into the “input” and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.

Data_SecurityOnce files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Web, Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.

Encrypted file phone

 

If the file is accessed direct from the underlying storage then it will not be able to be used as it will be encrypted and without being opened via the SME service, either hosted or on-premises, it will not be able to be un-encrypted. This makes sensitive data stored on remote servers ultra-secure.

The SME also on-premises Cloud Control service resides behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services for additional security.

SME Encryption

The Storage Made Easy Cloud Encryption service is available to all SME users inclusive of free, Personal Cloud, Business Cloud and Enterprise Cloud

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Are your employees gambling with the public cloud ?

A recent article on ComputerWorld by Yorgen Edholm highlighted the growing issue that is affecting companies whereby employees “bring their own cloud” to work ie. they use their private personal accounts to interact with people at work using corporate data.

Yorgen does a good job at highlighting why this is an issue:

“How would you feel if a competitor picked up your product specs? An investor got a copy of your quarterly financials before earnings?”

“Every IT team knows that busy employees don’t always clean up after themselves.”

“From my perspective, the public cloud is not the problem but rather the unsupervised use of the public cloud by employees that make the public cloud problematic for storing and sharing files.”

As Yorgen rightly points out:

“In the end it comes down to control. How much control do you need over your data, who has access and where is information being stored?”

The issue is one of control. The problem that most companies have in the first instance that they have no policy with regards to use of private or public clouds and no way to enforce it. Almost all of the Enterprise File Share and Sync Solutions that exist today suffer from a lack of control. This lack of such controls is highlighted by recent research by the Osterman Research Group.

The way Storage Made Easy handles this is:

– Companies can continue to allow employees to use private or personal clouds.There is a governance option regarding this in which administrators of the SME system can grant employees the ability to add personal clouds.

– Once added any meta information can be audited. This is information such as a file title, date, if the file was shared etc. This works if the file is used from the SME system or if the file is sent direct from a Cloud Provider, such as DropBox. Alerts can be set to inform an Administrator for a certain file and event.

This helps to have visibility of data used with private employee clouds and provides some reactive control but it does not solve companies having pro-active control of their data and not just private consumer cloud data but all data that can be shared from within a company.

To aid with proactive management of data SME provides governance controls across all data cloud that are mapped to the SME service and Apps and App Integrations to enable companies to mandate or promote the use of these within their company. An example of this is Microsoft Outlook in which the SME PlugIn enables files to be shared across all public / private but promotes the use of secure file sharing with password and expiry options (and which is inclusive of auditing).

The auditing feature enables a complete file event history of any corporate file store that can be exposed as a .csv or excel, or that can be simply checked online through the service. As well as auditing the events,remote access to the file is also monitored and IP addresses logged.

Another aspect of control is security and where the cloud is being used particularly the security of files being stored remotely and the trust that you put in the remote provider to protect unauthorized access to data. As Yorgen pointed out in his original article:

“Take the recent NSA PRISM situation as an example. Users were not aware that their service providers were cooperating with the NSA to gather personal information from the public cloud – putting the spotlight on how little control organizations have over government access to their hosted data. While use of IT managed storage doesn’t mean that the government can’t demand access to data, it does mean that your organization would know what data they were gathering, rather than reading about it in the newspapers later.”

The SME system puts the security control back in the hand of companies by enabling companies to securely encrypt data using a private key that is stored on a remote cloud service that can be done on a per file basis or for all files.

Yurgen ends his article by quoting a source:

“One CIO friend told me that, for her, using a public cloud means losing peace of mind.”

Storage Made Easy aim is to provide an agnostic cloud data control solution that gives company this peace of mind.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

The Top 5 things you can do to protect the privacy of Cloud Data

If you had not noticed, there has been a lot of controversy about the recent discovery that companies or individuals are prone to having their activities monitored by the US intelligence services. This is allegedly done under the code name PRISM and again allegedly involves some deep integration with large cloud companies, although many are denying the extent of their participation and service integration.

If the rumours are to be believe then everything from Google through to Skype and full blown Windows OS may have some snooping capability built in.

So what can you do to protect yourself? Below are the top 5 things you should,consider as a company and as an individual:

1. Run your own Private Data Cloud: We have been promoting this for a while with the SME Cloud Appliance. Install your own Cloud File Server, use it with your own data, and auditing / governance monitoring, from desktop and mobile clients. It’s behind your firewall and its under your control. In short own your own data.

2. Encrypt your data. If you have to use public cloud services encrypt your data. SME provides streamed 256 bit SHA-1 AES encryption in which you keep the private key. It’s not anywhere on our SaaS service and of,course if you use the SME on-premise appliance then you have total control. Additionally consider desktop encryptors such as TrueCrypt and BoxCryptor.

3. Consider an alternative non tracking search engine such as DuckDuckGo. This enables anonymous searching and offers other privacy features.

4. Consider using an anonymous proxy that hides your IP address. Tor (originally short for The Onion Router)is free software, available for desktop and mobile clients, for enabling online anonymity. Tor directs Internet traffic through a free, worldwide volunteer network consisting of thousands of relays to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis.

Also don’t forget that there are many ways to identify you, even if the IP address is ‘randomized’. Either Delete your browser cache, history and cookies etc or consider using anonymous browser sessions or extensions or add-ins that prevent browser cookies or tracking.

5. Consider the locality of your data. If you are in the UK or EU do you really want your data hosted in the US and subject to the Patriot Act. If you are in the US (or anywhere in the world) consider point 2 strongly. Private Cloud can offer just as many benefits as public cloud.

An often trotted out phrase is that “if you are doing nothing wrong you have nothing to fear”. With that simple phrase vanish personal freedoms and liberties built up over hundreds of years from the likes of Thomas Paine onwards.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather