Why you, and not your storage vendor, need to manage your file encryption

20131026-075806.jpg

Many file sharing vendors offer at encryption at rest but the the real question is do they let you manage your own encryption key?

Ask yourself these questions?

– Are you comfortable not controlling your own file encryption?
– Do you have sensitive data you wish to store in the cloud that you do not want to have your file sharing vendor have access to?
– Do you have data that absolutely must have controlled encryption from a legislative view point?
– Do ypu trust your vendor not to provide a ‘back door’ to the NSA?

Storage Made Easy:

– Offers private key encryption in which the private key is not stored on its hosted platform for all users (including free users).

– Let’s you encrypt data stored on any remote cloud including Box, DropBox, Amazon S3 etc

– is a UK company that has servers located in the US and in Europe in which no data is shared between the two

– Can provide a completely on-premise solution for Cloud Control and unified joined up file sharing that encompasses all public and private corporate data.

SME puts encryption of your files in your hands not your vendors !

For further information please download our security white paper and see our previous blog post on encrypting files.

Facebooktwitterredditpinterestlinkedinmailby feather

The Top 5 things you can do to protect the privacy of Cloud Data

If you had not noticed, there has been a lot of controversy about the recent discovery that companies or individuals are prone to having their activities monitored by the US intelligence services. This is allegedly done under the code name PRISM and again allegedly involves some deep integration with large cloud companies, although many are denying the extent of their participation and service integration.

If the rumours are to be believe then everything from Google through to Skype and full blown Windows OS may have some snooping capability built in.

So what can you do to protect yourself? Below are the top 5 things you should,consider as a company and as an individual:

1. Run your own Private Data Cloud: We have been promoting this for a while with the SME Cloud Appliance. Install your own Cloud File Server, use it with your own data, and auditing / governance monitoring, from desktop and mobile clients. It’s behind your firewall and its under your control. In short own your own data.

2. Encrypt your data. If you have to use public cloud services encrypt your data. SME provides streamed 256 bit SHA-1 AES encryption in which you keep the private key. It’s not anywhere on our SaaS service and of,course if you use the SME on-premise appliance then you have total control. Additionally consider desktop encryptors such as TrueCrypt and BoxCryptor.

3. Consider an alternative non tracking search engine such as DuckDuckGo. This enables anonymous searching and offers other privacy features.

4. Consider using an anonymous proxy that hides your IP address. Tor (originally short for The Onion Router)is free software, available for desktop and mobile clients, for enabling online anonymity. Tor directs Internet traffic through a free, worldwide volunteer network consisting of thousands of relays to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis.

Also don’t forget that there are many ways to identify you, even if the IP address is ‘randomized’. Either Delete your browser cache, history and cookies etc or consider using anonymous browser sessions or extensions or add-ins that prevent browser cookies or tracking.

5. Consider the locality of your data. If you are in the UK or EU do you really want your data hosted in the US and subject to the Patriot Act. If you are in the US (or anywhere in the world) consider point 2 strongly. Private Cloud can offer just as many benefits as public cloud.

An often trotted out phrase is that “if you are doing nothing wrong you have nothing to fear”. With that simple phrase vanish personal freedoms and liberties built up over hundreds of years from the likes of Thomas Paine onwards.

Facebooktwitterredditpinterestlinkedinmailby feather

Amazon S3 file encryption now supported

We have for quite a while enabled public/private key AES 256 bit file encryption for files in which the private key is not stored on our servers. Many providers now support their own encryption and what we offer is over and above that (and in many cases our encryption is used as an additional security as it is truly private whereas in most cases the vendor stores the public and private key).

We believe it makes sense for us to support vendor Cloud encryption mechanisms were they add value and are possible. To this end we now support the Amazon S3 Cloud encryption and we’ve made it pretty easy to turn the encryption on, straight from the settings of the S3 provider (accessible from the Web DashBoard):

Once you are in the settings page of the S3 provider you simply turn it on:

Facebooktwitterredditpinterestlinkedinmailby feather

Implementing secure document delivery of private data to the iPad

One of the interesting projects we’ve recently been looking at with several customers is implementing secure document delivery of private (and in some cases public) data to the iPad using a combination of our Open Cloud Platform and our iSMEStorage iPad App.

The iPad seems to have become the executive, and salesman’s choice of device for mobility and ease of use. We’re seeing it everywhere from high end Finance to very small two to three man businesses.

What restricts some businesses from being able to use the iPad a  means of accessing Cloud Data that they store on premise or in public Clouds in private accounts is often security. They need a level of security that can be above what is required for normal everyday use. I’ve outlined some of the requirements below:

 

 

 

 

1. Requirement to have full control over Cloud File Server / Gateway. This requires the company implementing our Open Cloud Platform on their premise or in their data centre. This is reasonable straight forward and we have a whitepaper on the architecture for high availability here.

2. The iPad has to be a complete sandbox and not accessible as a “File system”. Of course, the way Apple designed iOS Apps was that each operate in their own sandbox directory and by default there is no access to different directories from within Apps (unlike Android). However if the device jailbroken all bets are off. To this end, we implemented in our code for such clients that detects if the device is jail broken when the App is installed or launched. If it is then the App becomes inaccessible.

3. Of course in in point 2 above, if the App is not launched and someone gets access to the filesystem via a jailbreak then the files could still be compromised. To this end we have implemented encryption on PIN. The current version of iSMEStorage already enables adding a PIN over above login. For private customers we this PIN to also encrypt the data on the iPad, much like you can do using the home directory encryption that Apple provides on the Mac. This now means that if the device is jailbroken and the App is not launched then the files, even if accessed, cannot be viewed. This feature may well make it’s way into our App Store iSMEStorage App at some point in the future.

4. In the unlikely event someone does get access to the App then all documents that are accessed can be encrypted using the SMEStorage Cloud Platform which means that a PIN is required to download them to the device (where the are encrypted anyway). The encryption is 256 bit AES encryption.

5. Integration with third party authentication services. A number of clients we’ve worked with have their own third party authentication services. In some cases we’ve need to look at integrating these into the authentication mechanism used for our iPad App. Two examples are Ping Identity Server and Arcot mobile authentication solution. You can view a short whitepaper on security integration here.

6. Disabling any document sharing with other Apps. This of course makes perfect sense in a world where you want the ultimate security for files and was simply a case of disabling this feature. This presented some challenges where customers wanted still to have some editing capabilities of documents. To this end we entered into OEM’s with best of breed third party solutions for such private implementations that enable document editing from within the App as well as PDF annotation for PDF documents.

Taking these steps a secure document delivery solution can be achieved for Private data. Public data, stored on such services as Amazon S3, or RackSpace, can if required also be accessed by “plugging them” in at a Cloud Platform Server level. Additional data becomes part of the Cloud File System and can be managed easily within the virtual directory. The Organisation can use the options in the SMEStorage Cloud File Server to require encryption for all documents stored on such services that pass through the Cloud Gateway.

Facebooktwitterredditpinterestlinkedinmailby feather