File Fabric File Encryption Update

The File Fabric provides various forms of encryption to protect files which has been touched upon previously in blog posts:

Use Encryption to Continuously Protect Multi-Cloud Data With the Enterprise File Fabric

Using the File Fabric to Provide Security of Data Across Storage Silos With Streamed Encryption

GDPR Watch – Transparent encryption of data

Why you, and not your storage vendor, need to manage your encryption

Encryption can be managed by IT at a data storage or folder level and it can be integrated with separate encryption vault, such as the Hashicorp vault.

There is however another type of encryption that the File Fabric supports, that is often turned off for end users in a corporate setting but which can be useful for certain use cases. This is personal or end user manage encryption. This type of encryption enables end users, for whom this is made available, to add their own encryption key for file uploads. This encryption key is not stored on the server. If lost the file(s) that have been encrypted are unable to be decrypted.

Continue reading “File Fabric File Encryption Update”

Facebooktwitterredditpinterestlinkedinmailby feather

Egnyte on Europe – a response

Patriot Act SnowdonWe see that Egnyte has been making statements about Box and their lack of an EU data center (whilst at the same time promoting their own).

Egnyte seems to be wanting to put the point across that prospects may prefer to use Egnyte as opposed to Box as they have a data center in Amsterdam. We believe there are a few additional points that should be highlighted with regards to Egnyte’s comments:

The Patriot Act – The Patriot Act is the white elephant in the room as in a nutshell it provides a legal framework for the US Government to have the right of search and seizure of data that is stored outside of the US where a US company is US incorporated. There are various articles on the Patriot Act such as this one from ZDnet and a quick Google Search will provide many more. This has of course gained more prominence since Edward Snowdon and the PRISM revelations. Even though Egnyte will have an EU presence it is still a US Inc. company bound by the laws of the United States.  Of course it is only fair to point out that non US companies can still be compromised but the EU provides more protection and there are new European data protection directives being introduced that will strengthen this.The point is not just about “Data crossing the pond” it is about who could potentially have access to that data, and how.

Protection US stored data – US stored data can still be protected. There are various ways to do this using tools such as TrueCrypt and BoxCryptor which we covered previously and in the case of Storage Made Easy, we act as a Cloud Control point for all public / private data so, if you wish, you can encrypt all data being stored on Box or any other service with a private key and this can made transparent to team users. More on that here.

For many EU companies it’s about private data not data centre data: The PRISM / Snowdon / Snooping issues have damaged confidence in a lot of companies about where they store their data, especially sensitive data, especially in the US or with US companies. Storage Made Easy is a UK Limited company that provide a complete behind the firewall Enterprise File Share and Sync Cloud Control solution. It works with your existing private and cloud stored data putting the control back in the hand of the companies. It can be entirely run in a companies data center or trusted IaaS infrastructure or entirely on-premise i.e.. completely the companies choice, and that is the key word here “choice.”

Facebooktwitterredditpinterestlinkedinmailby feather

The Top 5 things you can do to protect the privacy of Cloud Data

If you had not noticed, there has been a lot of controversy about the recent discovery that companies or individuals are prone to having their activities monitored by the US intelligence services. This is allegedly done under the code name PRISM and again allegedly involves some deep integration with large cloud companies, although many are denying the extent of their participation and service integration.

If the rumours are to be believe then everything from Google through to Skype and full blown Windows OS may have some snooping capability built in.

So what can you do to protect yourself? Below are the top 5 things you should,consider as a company and as an individual:

1. Run your own Private Data Cloud: We have been promoting this for a while with the SME Cloud Appliance. Install your own Cloud File Server, use it with your own data, and auditing / governance monitoring, from desktop and mobile clients. It’s behind your firewall and its under your control. In short own your own data.

2. Encrypt your data. If you have to use public cloud services encrypt your data. SME provides streamed 256 bit SHA-1 AES encryption in which you keep the private key. It’s not anywhere on our SaaS service and of,course if you use the SME on-premise appliance then you have total control. Additionally consider desktop encryptors such as TrueCrypt and BoxCryptor.

3. Consider an alternative non tracking search engine such as DuckDuckGo. This enables anonymous searching and offers other privacy features.

4. Consider using an anonymous proxy that hides your IP address. Tor (originally short for The Onion Router)is free software, available for desktop and mobile clients, for enabling online anonymity. Tor directs Internet traffic through a free, worldwide volunteer network consisting of thousands of relays to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis.

Also don’t forget that there are many ways to identify you, even if the IP address is ‘randomized’. Either Delete your browser cache, history and cookies etc or consider using anonymous browser sessions or extensions or add-ins that prevent browser cookies or tracking.

5. Consider the locality of your data. If you are in the UK or EU do you really want your data hosted in the US and subject to the Patriot Act. If you are in the US (or anywhere in the world) consider point 2 strongly. Private Cloud can offer just as many benefits as public cloud.

An often trotted out phrase is that “if you are doing nothing wrong you have nothing to fear”. With that simple phrase vanish personal freedoms and liberties built up over hundreds of years from the likes of Thomas Paine onwards.

Facebooktwitterredditpinterestlinkedinmailby feather