!!!! Memeo C1 Security !!!!!!!!!!! Bret Savage, CTO. October Memeo Inc. All rights reserved Memeo Inc. All rights reserved.
|
|
- Duane Riley
- 8 years ago
- Views:
Transcription
1 Memeo C1 Security Bret Savage, CTO October Memeo Inc. All rights reserved Memeo Inc. All rights reserved.
2 Guiding Principles Memeo C1 was scratch-built from the ground up to be the ultimate way to move data in a controlled and secure fashion. We began by establishing our Guiding Principles : Our Customer s is Private and Invaluable It must not be possible for anyone but the customer to access data unless explicit permission granted. This includes making it impossible to access for: 1. Customer Employees without permission 2. Devices that aren t explicitly authorized 3. Other Memeo customers 4. Memeo personnel 5. Determined hackers, crackers, and other malfeasants Security Should be Invisible to the Authorized Rather than place huge burdens on end-users to ensure security (and thus encourage work-arounds and bypasses) we believe that the users of the system should rarely or never be disrupted - they are authorized and the system provides an easy workflow that also ensures the highest possible security. Any trade-offs that affect convenience versus security (say, storing a key on the server-side in case it s lost) are made clear to the administrator where such a choice is desired. Security is Job One Memeo uses well-understood and documented best-practices to secure data. This whitepaper discusses the techniques and algorithms we use to secure data. By subjecting our security architecture to public scrutiny, we invite feedback and criticism and ultimately have a more secure system that benefits everyone Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "1
3 " Architecture Memeo C1 is built with a novel architecture that combines the strengths of peer-to-peer systems like Skype and BitTorrent with the centralization-and-control of more traditional cloud data storage solutions such as Dropbox and box.net. Centralized Metadata, Distributed Memeo C1 separates the file contents from the metadata and treats the two very differently. The metadata ( data about the data ) includes filenames, dates and times, folder locations, as well as hashes of the data. The data exists on various storage devices on personal computers, smartphones, tablets, servers, and/or in cloud storage. With Memeo s hybrid architecture, metadata is centralized and stored in the cloud with Memeo servers in a client-server fashion, while data is stored only where it is explicitly allowed to be stored. Centralized Metadata " 2013 Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "2
4 Hybrid Architecture While Memeo C1 borrows from both cloud-centric and peer-to-peer architectures, it is a unique hybrid approach that delivers the best of both worlds while offering uncompromising control and security. How does Memeo C1 compare to traditional peer-to-peer (P2P) architectures? In traditional P2P file transfer systems (such as BitTorrent), each node is essentially offering to provide content to all comers, and at the same time requesting content from other peers that they offer. Each peer is essentially anonymous, identified only by network address, and peers can come and go at any time. Each peer connects to a few of its neighbors and they communicate by passing messages along the grid. These systems are architected to ensure data integrity, since a node cannot trust the anonymous peers it connects to, it must be able to verify that the data is what was requested which is done using cryptographic hashes of the data. Memeo C1 takes advantage of peer-to-peer communication for a single purpose: to move data between nodes in the most efficient way possible. For example, two nodes on the same LAN can move data much more efficiently directly than they can through a cloud storage provider. Furthermore, multiple nodes can pool their upstream bandwidth to move a large file in pieces faster than any one could do it alone. These are major advantages for P2P data transfer. However, unlike traditional P2P, there are no anonymous peers in Memeo C1 - each and every connection between peers happens because the central Memeo C1 service has determined it is the most efficient path between them. The identity of the source and destination of data transfer is known in advance of the connection and independently verified by every node, and nodes will not (cannot, in fact) accept connections that they did not expect. All P2P connections in Memeo C1 are end-to-end encrypted independently between the two nodes (more on this later) Memeo C1 gains the advantages of P2P (bandwidth efficiency, transfer performance, co-operative transfers, and data integrity) without assuming the risks of traditional P2P network architectures (anonymous/unauthenticated peers, promiscuity, and port security to name a few.) How does Memeo C1 compare to traditional cloud service architectures? Most applications similar to Memeo C1 operate by having all data uploaded and stored in the cloud. Most of the advantages of this architecture are for the service provider. Charging for storage serves both to provide a nice margin revenue source, and to limit the amount of data required to be managed. In addition, by combining all user data in a single storage system, de-duplication can be used to charge for storage that isn t actually being used. The client applications then do the heavy lifting; they independently compare what has been stored in the cloud with what needs to be stored and make the necessary uploads/downloads. In essence, the service is simply an API on top of the raw storage being provided. There are a number of security problems with this approach; not the least of which is the total lack of control the customers have over their data. In order to provide convenience features like sharing and web browser access, complete trust must be handed over to the service provider, and the protection of your data versus others data is very thin (access rules instead of hard cryptography) In other words, your data is a bug or breach away from being lost. Memeo C1 takes a much more flexible, powerful, and secure approach. Instead of smart clients accessing dumb storage, Memeo C1 has a smart cloud directing dumb clients. The clients are only able to do what they are told, and only the Memeo C1 service can issue commands to the clients. When a customer chooses to use cloud storage provided by Memeo C1, the data is all hashed and encrypted with keys unique to that customer, and none of the metadata is stored with the data. Even if someone were to access the data store, it would be just a bunch of meaningless encrypted blocks. If someone were to access the back-end service, they still wouldn t be able to read the data -- it isn t readable by the service, only by authorized clients. Memeo C1 can de-duplicate on a per-customer basis, but it s impossible to de-duplicate data across customers. Even if they have the same files, the hashes will be different for each customer. This prevents information leakage via hashes about who has what data Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "3
5 Memeo C1 Architectural Advantages Memeo C1 s unique hybrid architecture offers the following advantages: Best possible performance via P2P technology. Faster networks, co-operative transfers, out-of-order transfer, and reduced communications protocol overhead End-to-end security - peer traffic encrypted between peers Separation of data and metadata enables additional security and complete control while minimizing expense Opaque encryption of cloud storage - service cannot decrypt customer data without customer credentials/keys Secure data de-duplication - use less storage without leaking information about what is stored Complete control - is stored only where explicitly authorized by the administrator, and always encrypted if stored in the cloud or on a shared storage device Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "4
6 Application Security Businesses are Silos In Memeo C1, each customer/partner is treated as a security silo. This means that each organization has its own unique set of security information, used to secure all data and communications, and that organization can decide where their data is and is not allowed to go. This stands in contrast to traditional cloud storage providers who treat everyone s data the same and demand that everyone s data be stored together. Unique Keys and Hashes Each organization has unique keys, used to encrypt all data stored in shared storage or in the cloud. In addition, all hashes computed on data are salted with a value unique to the organization. No two organizations will ever share the same hash, even if the underlying data is identical. This prevents Memeo from de-duplicating data between customers, (which we view as a security weakness) while allowing data de-duplication within the organization (saving storage space and limiting data transfers). Sharing within the Organization Memeo C1 is designed to facilitate file and data sharing amongst authorized parties. All authorized agents and clients are able to access and contribute to the organization s data seamlessly. Since the data is not encrypted per-user, it essentially belongs to the organization. When a user is added to the organization, he receives the keys and salts required to produce and consume the data for that organization and can interoperate with other users in that organization. that he or she creates is available even after that users leaves the organization. Memeo Cannot Decrypt The keys and salts for an organizations are generated by Memeo when the account is provisioned, but they are then encrypted using the administrator and user passwords. The keys cannot be accessed without the user or administrator's password, and these are never stored by Memeo anywhere. It is not possible for Memeo to decrypt customer data unless that user is in an active session and has provided his or her credentials. There are no master keys. However, Memeo does currently store a recovery key that can be used to apply a new password to an account should one become lost. Memeo will delete this recovery key if requested by a customer, but then forgotten passwords will render the data completely inaccessible. Never Leaves a Device Unencrypted on devices is stored however that device prefers on its local filesystem(s). Memeo does not encrypt or encode local device filesystem data in any way. However, any data or metadata that leaves the device is encrypted using one or more of SSL (from device to Web), end-to-end encryption (from device to device), and at-rest encryption (device to cloud/ shared storage) Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "5
7 Public-Key Cryptography Each agent has two 2048-bit RSA public/private key pairs. One is used to secure end-to-end encryption (see below) and the other to sign messages and validate message sources. These keys are pre-generated and assigned by the Memeo C1 service, but they are never stored in the cloud once they ve been assigned. Keys and certificates are always stored in operating-system provided secure key stores. SSL SSL is the widely-accepted standard to secure communications to and from Web servers. Whenever the client or a browser is connected to the Memeo C1 service, we utilize SSL to secure the traffic. Metadata and agent instructions are secured in this manner. End-to-End Cryptography When agents connect to each other to exchange data, they use Public Key Cryptography to provide end-to-end encryption of all data sent between them. The Memeo C1 service keeps the public keys for all agents and gives them out to both ends of any peer-to-peer request. It does not keep private keys - these are kept only on the agent. The agents use these public keys to securely establish a symmetric encryption key that is used to encrypt the data between peers using the government-grade AES-256 algorithm. This guarantees that it is impossible for eavesdroppers to comprehend the contents of messages sent between peers. The sessions between agents are temporary, and when they expire a new connection must be set up which causes a new key to be exchanged. At-Rest Encryption Memeo C1 ensures that all data at-rest in the cloud or on shared storage devices (such as a NAS) is encrypted. When agents are asked to store data, they use the organization encryption keys to encrypt the data. Only authorized agents can decrypt the data that is stored in this manner. At-rest data is also encrypted using the AES-256 algorithm Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "6
8 Network Security Centers All Memeo C1 services are run out of Amazon and/or SoftLayer secure data centers. Memeo services all run on modern, fully patched versions of RedHat s CentOS (Linux) operating system. Server crashes or freezes do not affect the service, as all servers are basically stateless and redundant. Memeo Personnel Access to the servers is tightly controlled. Only Memeo Network Operations personnel have full access. These employees are carefully screened and background-checked, and operate out of our home office. Memeo has security policies in place that govern passwords, certificates, and access. Each employee is separately credentialed - passwords are not shared - and direct access to datacenter servers is granted via certificates instead of passwords. Firewall Compatibility Memeo C1 utilizes two kinds of connections. The first is standard HTTP/TLS between various local components and online servers and services. This is equivalent to a Web browser and has the same firewall behavior as a browser on the same machine. The second is Memeo C1 s peer-to-peer protocol, which is discussed further below. Memeo C1 Peer-to-peer and Firewalls To communicate peer-to-peer, Memeo C1 uses the UDP protocol. Using information from the service, the agents will attempt to establish a UDP session between each other. If both nodes are behind the same firewall, this usually succeeds. For peers outside the firewall, firewalls will usually dynamically allow incoming UDP traffic as long as it is initiated from inside the firewall, which Memeo C1 is able to do on both sides thanks to its unique architecture. This same process is used by many P2P and gaming applications. Some enterprise firewalls will not permit this traffic. In these cases Memeo C1 will fall back to cloud storage to relay data between peers via TLS, again appearing as a browser. The data is still encrypted end-to-end, it s merely stored temporarily to facilitate transfer Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "7
9 Defense vs. Malicious Users Attempts to Impersonate an Agent An attacker may attempt to impersonate an agent with a variety of techniques. Attempting anonymous peer-to-peer Unlike most peer-to-peer data transfer systems, Memeo C1 agents do not operate as general purpose servers. Agents are connected to each other on command - the command can only come from the central service. Any attempts by agents to connect that aren t commanded are rejected. Hijacking an incoming connection If an agent is expecting a connection, it verifies the connecting party using the public key provided by the central service. Only an agent with the corresponding private key is able to prove that it is the expected caller. If the identity check fails, the connection attempt is rejected. Replay attack To prevent a replay attack (where a previously established connection handshake is recorded and played back) the central service provides random data for each new connection to both connecting agents. No two connections will ever be set up with the same handshake. Attempts to Access Shared / Cloud Storage An attacker may attempt to obtain data stored in the cloud or on shared storage (such as a NAS). Attempting to get data from Amazon S3, HP Cloud Storage, etc. When used, only blocks of data are stored in cloud storage. A block might be an entire file, or just a portion of one. No filenames or other metadata that can be used to identify the file is stored with the data. The blocks are stored with a unique hash that is salted with a value unique to the owning organization. In addition, all blocks are encrypted using AES-256 prior to being uploaded. The credentials and identifier are not stored by the agents, but are specified independently for each work item assigned by the central service. Finally, the credentials are temporary and after expiration will not longer work. Attempting to get data from shared storage (NAS) is stored on shared storage in the same manner as it is stored on cloud storage providers; fully encrypted and anonymous. The access to the NAS is controlled by the NAS owner. An organization can choose to have the NAS available only within the firewall, over VPN, or anonymously via the Internet as desired. It is recommended that two-way SSL be used in the latter case to validate the clients as belonging to the organization Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "8
10 Compliance Memeo C1 Can Be an Integral Part of Your Compliance Program To further exemplify its dedication to providing the highest level of security possible, Memeo C1 is HIPAA compliant and can be used to help your organization be Sarbanes-Oxley and SSAE 16 compliant. HIPAA Memeo C1 is HIPAA compliant for covered entities and health care providers that transmit health information electronically. HIPAA compliance means adhering to the privacy and security rules established by Health Insurance Portability and Accountability Act which protects the privacy of individually identifiable health information and includes national standard for the security of electronic health information. The Security Rule defines technical safeguards in as the technology and the policy and procedures for its use that protect electronic protected health information and control access to it." The Security Rule is based on the fundamental concepts of flexibility, scalability and technology neutrality. A third-party risk assessment of Memeo C1 s architecture and security in relation to the detailed HIPAA rules found that Memeo C1 meets or exceeds the applicable citations and scored "Excellent - Fully HIPAA Compliant for Policy and Practice" against the Technical Safeguards. Memeo also signs Business Associate Agreements (BAAs) for covered entities who require HIPAA compliance to ensure the guidelines are properly met. Access the official report and details regarding how the Technical Safeguards are met here. Sarbanes-Oxley (SOX) Memeo C1 can be leveraged to help your organization meet Sarbanes-Oxley Compliance Requirements. The Sarbanes Oxley act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements for publicly traded corporations to comply with the law. The act also covers issues such as internal controls (technology section 404) assessment. The internal controls assessment or ITGC s include four control types based on the Committee of Sponsoring Organizations (COSO): Program Development, Program Change, Computer Operations, and Logical Access. Of the ITGC s utilized to measure 404 Compliance, Memeo C1 can be used to help manage the following: Computer Operations (Manage Configurations, Manage Problems & Incidents; Manage ; Manage Operations) and Logical Access (Ensure Security). An external assessment of Memeo C1 and compliance requirements related to SOX section 404 found it meets or exceeds the applicable citations, scoring "Excellent Offering full functionality and integration into compliance programs" using COSO guidelines Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "9
11 Access the report and details regarding how Memeo C1 can be used to meet Sarbanes-Oxley Compliance Requirements here. SSAE 16 Memeo C1 can be used to help your organization meet SSAE 16 SOC 2 domain requirements. The SSAE 16 publication put forth by the American Institute of Certified Public Accountants includes a Service Organization Control (SOC) 2 report which focuses on a business s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. Control objectives are the basis of the SSAE 16 assessment process, and simply stated, a control objective is an attribute that ensures a control or set of controls is operating effectively and as designed. They are intended to ensure security related to data and technology for a service organization. There are common domains found within an SSAE 16 declaration and stated controls. Memeo C1 can provide support for those controls via logical access controls (unique ID's, audit controls, account management and authentication) and data transmission controls (transmission security and encryption). An external assessment of Memeo C1 and compliance requirements for SSAE 16 SOC 2 domains found that Memeo C1 meets or exceeds the applicable citations, scoring "Excellent Offering full functionality and integration into compliance programs." Access the report and details regarding how Memeo C1 can be used to support the SSAE 16 SOC 2 control objectives here. 1 In two-way SSL certificates are used to verify both the client and the server to each other About Memeo Inc. Memeo Inc. is a Silicon Valley-based software and services company focused on providing data management services to small and medium businesses. Founded in 2003, Memeo provides easy-to-use backup, sync and sharing solutions to simplify the protection and accessibility of valuable data. Memeo has 22 million customers and has shipped over 65 million software licenses to more than 150 countries in 20 languages Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "10
Memeo C1 Secure File Transfer and Compliance
Overview and analysis of Memeo C1 and SSAE16 & SOX Compliance Requirements Memeo C1 Secure File Transfer and Compliance Comply360, Inc Contents Executive Summary... 2 Overview... 2 Scope of Evaluation...
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationSecuring Ship-to-Shore Data Flow
Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationBANKING SECURITY and COMPLIANCE
BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions
More informationWHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW
NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW INTRODUCTION As businesses adopt new technologies that touch or leverage critical company data, maintaining the highest level of security is their
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationOur Key Security Features Are:
September 2014 Version v1.8" Thank you for your interest in PasswordBox. On the following pages, you ll find a technical overview of the comprehensive security measures PasswordBox uses to protect your
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationHow To Get To A Cloud Storage And Byod System
Maginatics Security Architecture What is the Maginatics Cloud Storage Platform? Enterprise IT organizations are constantly looking for ways to reduce costs and increase operational efficiency. Although
More informationTOP SECRETS OF CLOUD SECURITY
TOP SECRETS OF CLOUD SECURITY Protect Your Organization s Valuable Content Table of Contents Does the Cloud Pose Special Security Challenges?...2 Client Authentication...3 User Security Management...3
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationefolder White Paper: HIPAA Compliance
efolder White Paper: HIPAA Compliance October 2014 Copyright 2014, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within
More informationThe Security Behind Sticky Password
The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and
More informationFileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.
FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationComparing Box and Egnyte. White Paper
White Paper Revised July, 2013 Introduction File storage in the cloud has broad appeal for individuals as well as large businesses. At a macro level, there are two types of file storage/sharing solutions:
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationSection 1 CREDIT UNION Member Information Security Due Diligence Questionnaire
SAMPLE CREDIT UNION INFORMATION SECURITY DUE DILIGENCE QUESTIONNAIRE FOR POTENTIAL VENDORS Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire 1. Physical security o Where is
More informationCollaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%
Security overview Collaborate on your projects in a secure environment Thousands of businesses, including Fortune 500 corporations, trust Wrike for managing their projects through collaboration in the
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationZmanda Cloud Backup Frequently Asked Questions
Zmanda Cloud Backup Frequently Asked Questions Release 4.1 Zmanda, Inc Table of Contents Terminology... 4 What is Zmanda Cloud Backup?... 4 What is a backup set?... 4 What is amandabackup user?... 4 What
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationRSS Cloud Solution COMMON QUESTIONS
RSS Cloud Solution COMMON QUESTIONS 1 Services... 3 Connectivity... 5 Support... 6 Implementation... 7 Security... 8 Applications... 9 Backups... 9 Email... 10 Contact... 11 2 Services What is included
More informationRAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER
RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based
More informationAn Encrypted File System
EncryptFS: An Encrypted File System By: Jorge Ornelas (joor2992) Ulziibayar Otgonbaatar (ulziibay) Otitochi Mbagwu (otitochi) 1 Abstract EncryptFS is an encrypted file system that stores files on an untrusted
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationIs your data safe out there? -A white Paper on Online Security
Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationService Overview CloudCare Online Backup
Service Overview CloudCare Online Backup CloudCare s Online Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationShareFile Security Overview
ShareFile Security Overview ShareFile Company Policy All ShareFile employees undergo full background checks and sign our information security policy prior to beginning employment with the company. The
More informationSecurity Considerations
Concord Fax Security Considerations For over 15 years, Concord s enterprise fax solutions have helped many banks, healthcare professionals, pharmaceutical companies, and legal professionals securely deliver
More informationDropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description
Dropbox for Business Secure file sharing, collaboration and cloud storage G-Cloud Service Description Table of contents Introduction to Dropbox for Business 3 Security 7 Infrastructure 7 Getting Started
More informationCopyright Telerad Tech 2009. RADSpa. HIPAA Compliance
RADSpa HIPAA Compliance 1. Introduction 3 1.1. Scope and Field of Application 3 1.2. HIPAA 3 2. Security Architecture 4 2.1 Authentication 4 2.2 Authorization 4 2.3 Confidentiality 4 2.3.1 Secure Communication
More informationSOOKASA WHITEPAPER SECURITY SOOKASA.COM
SOOKASA WHITEPAPER SECURITY SOOKASA.COM Sookasa Overview Sookasa was founded in 2012 by a team of leading security experts. The company s patented file-level encryption enables enterprises to protect data
More informationPaxata Security Overview
Paxata Security Overview Ensuring your most trusted data remains secure Nenshad Bardoliwalla Co-Founder and Vice President of Products nenshad@paxata.com Table of Contents: Introduction...3 Secure Data
More informationSECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX
White Paper SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX Abstract This white paper explains the benefits to the extended enterprise of the on-
More informationBackup Exec Private Cloud Services. Planning and Deployment Guide
Backup Exec Private Cloud Services Planning and Deployment Guide Chapter 1 Introducing Backup Exec Private Cloud Services This chapter includes the following topics: About Backup Exec Private Cloud Services
More informationA Comparison of Protocols for Device Management and Software Updates
B L A C K B E R R Y M 2 M S O L U T I O N S A Comparison of Protocols for Device Management and Software Updates In the last two decades, the number of connected computing devices has grown at a staggering
More informationUni Vault. An Introduction to Uni Systems Hybrid Cloud Data Protection as a Service. White Paper Solution Brief
Uni Vault An Introduction to Uni Systems Hybrid Cloud Data Protection as a Service White Paper Solution Brief Contents The Challenges of Traditional Backup... 3 The Uni Systems Data Protection as a Service
More informationWhite Paper. Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1. Copyright 2014, ezdi, LLC.
White Paper ezcac: HIPAA Compliant Cloud Solution Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1 Copyright 2014, ezdi, LLC. TECHNICAL SAFEGUARDS Access Control 164.312 (a) (1)
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationTechnical White Paper BlackBerry Security
Technical White Paper BlackBerry Security For Microsoft Exchange Version 2.1 Research In Motion Limited 2002 Research In Motion Limited. All Rights Reserved Table of Contents 1. INTRODUCTION... 1 2. ARCHITECTURE...
More informationVoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan
VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s
More informationSecurity of Cloud Storage: - Deduplication vs. Privacy
Security of Cloud Storage: - Deduplication vs. Privacy Benny Pinkas - Bar Ilan University Shai Halevi, Danny Harnik, Alexandra Shulman-Peleg - IBM Research Haifa 1 Remote storage and security Easy to encrypt
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationAnalyzing the Security Schemes of Various Cloud Storage Services
Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services
More informationHigh Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models
A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit
More informationjoin.me architecture whitepaper
join.me architecture whitepaper 2 join.me architecture whitepaper Table of Contents Introduction 3 Architecture Overview 3 Data Security 6 Session and Website Security 7 Hosting Overview 8 Conclusion 8
More informationSecurity & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173
Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationSynology QuickConnect
Synology QuickConnect Based on DSM 5.2 Synology Inc. Table of Contents Chapter 1: Introduction What is QuickConnect?... 3 Chapter 2: How QuickConnect Works Overview... 4 QuickConnect Connectivity Test...
More informationHIPAA Compliance and Wireless Networks. 2005 Cranite Systems, Inc. All Rights Reserved.
HIPAA Compliance and Wireless Networks White Paper HIPAA Compliance and Wireless Networks 2005 Cranite Systems, Inc. All Rights Reserved. All materials contained in this document are the copyrighted property
More informationDaymark DPS Enterprise - Agentless Cloud Backup and Recovery Software
Daymark DPS Enterprise - Agentless Cloud Backup and Recovery Software Your company s single most valuable asset may be its data. Customer data, product data, financial data, employee data this is the lifeblood
More informationSecure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO
TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,
More informationAdvanced Service Desk Security
Advanced Service Desk Security Robust end-to-end security measures have been built into the GoToAssist Service Desk architecture to ensure the privacy and integrity of all data. gotoassist.com Many service
More informationWireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com
Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract
More informationMobile Admin Security
Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationIntroducing Graves IT Solutions Online Backup System
Introducing Graves IT Solutions Online Backup System Graves IT Solutions is proud to announce an exciting new Online Backup System designed to protect your data by placing it online into the cloud. Graves
More informationEgnyte Security Architecture
w w w. e g n y t e. c o m Egnyte Security Architecture White Paper www.egnyte.com 2013 by Egnyte Inc. All rights reserved. Revised June, 2013 Table of Contents Egnyte Security Introduction 3 Physical Security
More informationRemote Desktop Access for the Mobile Workforce
Remote Desktop Access for the Mobile Workforce Security White Paper March 2015 Splashtop Inc. 1/12 Table of Contents Table of Contents... 2 1. Situation Analysis... 3 2. Architecture... 4 2.1. Splashtop
More informationThe Case For Secure Email
The Case For Secure Email By Erik Kangas, PhD, President, Lux Scientiae, Incorporated http://luxsci.com Contents Section 1: Introduction Section 2: How Email Works Section 3: Security Threats to Your Email
More informationWhy you need secure email
Why you need secure email WHITE PAPER CONTENTS 1. Executive summary 2. How email works 3. Security threats to your email communications 4. Symmetric and asymmetric encryption 5. Securing your email with
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationData Security using Encryption in SwiftStack
Data Security using Encryption in SwiftStack May 2015 Copyright 2015 SwiftStack, Inc. swiftstack.com Page 1 of 11 Table of Contents Introduction... 3 Defining Three Threat Models... 3 Encrypted Data and
More informationMIGRATIONWIZ SECURITY OVERVIEW
MIGRATIONWIZ SECURITY OVERVIEW Table of Contents Introduction... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Database Level Security... 4 Network Security...
More informationPROTECTING YOUR VOICE SYSTEM IN THE CLOUD
PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider
More informationTorrage: A Secure BitTorrent based Peer-to-Peer Distributed Storage System
Torrage: A Secure BitTorrent based Peer-to-Peer Distributed Storage System Debarghya Das Cornell University, Ithaca, NY 14850 dd367@cornell.edu Abstract Most cloud storage platforms today offer a centralized
More informationHIPAA Compliance and Wireless Networks
HIPAA Compliance and Wireless Networks White Paper 2004 Cranite Systems, Inc. All Rights Reserved. All materials contained in this document are the copyrighted property of Cranite Systems, Inc. and/or
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationWHITE PAPER www.tresorit.com
WHITE PAPER tresor [tʀeˈzoːɐ ] noun (German) 1. lockable, armoured cabinet THE CLOUD IS UNTRUSTED The cloud has huge potential when it comes to storing, sharing and exchanging files, but the security provided
More informationEmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions
EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...
More informationA SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS
A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationAgio Managed Backup FLEXIBILITY RELIABILITY TRANSPARENCY SECURITY. CONTACT SALES (877) 780 2446 agio.com
Agio Managed Backup Your data is the lifeblood of your business. Protecting it is priority #1. However rapid data growth, virtualization, and increasing cybersecurity threats have irrevocably changed the
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationBOWMAN SYSTEMS SECURING CLIENT DATA
BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationWhitepaper Cubby: A secure solution. A technical overview of Cubby s secure, enterprise-grade infrastructure.
Whitepaper A technical overview of Cubby s secure, enterprise-grade infrastructure. Contents Introduction 3 We ve Got Your Back 3 Enycryption 3 Data center security 3 LogMeIn company security policies
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationThe Nasuni Security Model
Nasuni Security Model Nasuni s security architecture protects off-premises data, allowing enterprises to safely leverage cloud storage Executive Summary Storing data off-premises in cloud or as-a-service
More informationDruva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud
Druva Phoenix: Enterprise-Class Data Security & Privacy in the Cloud Advanced, multi-layer security to provide the highest level of protection for today's enterprise. Table of Contents Overview...3 Cloud
More informationWhite paper. Why Encrypt? Securing email without compromising communications
White paper Why Encrypt? Securing email without compromising communications Why Encrypt? There s an old saying that a ship is safe in the harbour, but that s not what ships are for. The same can be said
More information