Security Architecture Whitepaper

Similar documents
Egnyte Security Architecture. White Paper

Egnyte Security Architecture

FileCloud Security FAQ

Egnyte Security Architecture

Comparing Dropbox and Egnyte. White Paper

Egnyte Cloud File Server. White Paper

Sync Security and Privacy Brief

The Essential Security Checklist. for Enterprise Endpoint Backup

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Secure any data, anywhere. The Vera security architecture

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Comparing Box and Egnyte. White Paper

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

When enterprise mobility strategies are discussed, security is usually one of the first topics

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

WHITE PAPER. Understanding Transporter Concepts

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

High Security Online Backup. A Cyphertite White Paper February, Cloud-Based Backup Storage Threat Models

STRONGER AUTHENTICATION for CA SiteMinder

Transporter from Connected Data Date: February 2015 Author: Kerry Dolan, Lab Analyst and Vinny Choinski, Sr. Lab Analyst

DiamondStream Data Security Policy Summary

ipad in Business Security

HIPAA Compliance for the Wireless LAN

The increasing popularity of mobile devices is rapidly changing how and where we

The Security Behind Sticky Password

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

Egnyte Local Cloud Architecture. White Paper

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

How To Use Egnyte

Securing Corporate on Personal Mobile Devices

SENSE Security overview 2014

Copyright 2013, 3CX Ltd.

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Mobile Device Management Version 8. Last updated:

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

The Hybrid Cloud Advantage White Paper

Centrify Cloud Connector Deployment Guide

Deploying iphone and ipad Security Overview

Ensuring the security of your mobile business intelligence

White Paper: Secure Printing and Mobile Devices

EasiShare Whitepaper - Empowering Your Mobile Workforce

Comparing ShareFile and Egnyte. White Paper

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Moving to the Cloud: What Every CIO Should Know

Google Identity Services for work

Cloud Managed Printing

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

An Enterprise Approach to Mobile File Access and Sharing

White Paper. BD Assurity Linc Software Security. Overview

Standard: Event Monitoring

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Memeo C1 Secure File Transfer and Compliance

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer

Management of Hardware Passwords in Think PCs.

iphone in Business Security Overview

Research Information Security Guideline

"Secure insight, anytime, anywhere."

Netop Remote Control Security Server

HIPAA Privacy & Security White Paper

Solve the Dropbox Problem with Enterprise Content Connectors. Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors

USER GUIDE CLOUDME FOR WD SENTINEL

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

Frequently asked questions

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Business and enterprise cloud sync, backup and sharing solutions

How To Get To A Cloud Storage And Byod System

User Guide. You will be presented with a login screen which will ask you for your username and password.

Mobile Data Security Essentials for Your Changing, Growing Workforce

Comparing Alternatives for Business-Grade File Sharing. intermedia.net CALL US US ON THE WEB

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications VIDYO

The Top Five Security Challenges Presented by Mobile SharePoint Access

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

How To Make Files Share Secure (Fss) Work For Corporate Use

Media Shuttle s Defense-in- Depth Security Strategy

Security Overview Enterprise-Class Secure Mobile File Sharing

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Egnyte App for Android Quick Start Guide

NCSU SSO. Case Study

User Guide. Version R91. English

owncloud Architecture Overview

Move your business into the Cloud with one single, easy step.

Security Architecture Guide

Security Controls for the Autodesk 360 Managed Services

Endpoint protection for physical and virtual desktops

efolder White Paper: HIPAA Compliance

BeamYourScreen Security

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

How To Manage A Mobile Device Management (Mdm) Solution

Qlik Sense Enabling the New Enterprise

Top. Reasons Legal Firms Select kiteworks by Accellion

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Develop HIPAA-Compliant Mobile Apps with Verivo Akula

Athena Mobile Device Management from Symantec

Transcription:

Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1

Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer 2 Security During Transit 2 Server Encryption - Data on the server 3 Mobile Device (App) Encryption 3 Email Encryption 3 Access Control 4 LOGIN Authentication 4 Mobile Authentication 4 Password Policy Management 4 Permission Controls 4 Remote Wipe - App 5 Remote Wipe - Desktop Client 5 Drive Permissions 6 Folder Permissions 7 Group Management 8 LDAP Integration 8 Flexible Deployment Options 9 Keep Data In Place 9 On-premise Private Cloud 9 Secure Access to On-premises Private Cloud Storage 10 Auditing and Reporting 11 Audit Reports 11 Business Compliance Australia 12 Company Information 12 2015 by Network2Share Pty Ltd. All rights reserved. 1

CloudFileSync Security INTRODUCTION There is an abundance of file sharing applications based in the cloud available for consumer use at minimal or no cost. Whilst these may appear to offer a quick and convenient way of accessing and distributing information, particularly to a mobile or distributed workforce, there are actually many risks associated. Many businesses are completely unaware of the risks and potential business impacts associated with the use of applications such as personal Dropbox accounts in a company network. As a result organizations are struggling with ownership and management of company data. CloudFileSync puts IT back in control by providing complete visibility of the access to, and sharing of company data. Security and compliance are important factors for businesses when adopting new cloud technologies involving critical company data. As businesses adapt digitally, they are faced with increasing risks from new vulnerabilities including data intrusions, security and compliance requirements. The following sections of this whitepaper discuss different security aspects of CloudFileSync security features. 2015 by Network2Share Pty Ltd. All rights reserved. 1

Data Security CloudFileSync empowers IT with administrative controls such as mobile data management, ability to audit all activity and ensure compliance to government regulations. When using CloudFileSync, files are protected during transmission and at rest through government-grade 256-bit AES encryption. For customers looking for additional mobile security, local file encryption is available for smartphones and tablets. This provides complete end-point encryption, so even in the event of data leaks or device theft, customer files are always encrypted. Files are encrypted locally with 256-bit AES encryption. In addition, the files you sync to the server are transferred using 256-bit SSL connection. When the CloudFileSync client is closed, your fileservers are invisible and protected by 256-bit AES encrypted file system. When the CloudFileSync dashboard is launched, your password-protected fileservers appear, ready to be accessed like a local drive. LOCAL ENCRYPTION - DATA ON THE LOCAL COMPUTER CloudFileSync creates a secure storage vault on your local hard drive. All files and folders stored in the vault are protected by 256-bit AES encryption. When the CloudFileSync application is closed, the vault is locked and your container becomes invisible, making it impossible for unauthorized individuals to access your private data. Starting the CloudFileSync application, and entering your personal password (only known by you) unlocks the secure vault and the drives are automatically mounted, making them readily available within your standard file management applications (i.e., Windows Explorer, Mac Finder). Even with physical access to the local computer the data is not accessible to anyone who does not have the correct login credentials. The local secure vaults do not store encryption keys and are generated dynamically. The encryption key is locked to a combination of local system hardware, unique identifiers from license server and cryptographically secure entropy. 256-bit AES encryption is extremely strong. Attacks that cryptographically break 256-bit AES are only theoretical. SECURITY DURING TRANSIT Transferring files online can leave the data vulnerable to data interception. Companies and international government agencies alike have recognized this security risk. CloudFileSync has adopted SSL transmission practices of the most secure institutions in the world by using 256-bit AES encryption to encode data during transmission. 256-bit AES encryption is one of the strictest standards applied by the US Government for TOP SECRET documentation. This ensures that even if company data were intercepted, it would be impossible to decipher. CloudFileSync s encryption system can also be utilized to share files externally with clients, which is fundamentally more secure than sending unsafely via email attachment. This allows businesses of any size to leverage security of data encryption for all file sharing and collaborative efforts. 2015 by Network2Share Pty Ltd. All rights reserved. 2

Data Security SERVER ENCRYPTION - DATA ON THE SERVER (Data at Rest) Just like local encryption, data held on the server is stored in a secure storage vault. All folders and files stored in secure vaults are protected by 256-bit AES encryption, with only the server application given access to communicate with the data vault. Your files are stored on the secure server in your private cloud and can only be accessed through a registered CloudFileSync application. Even with physical access, an attacker cannot access any stored data on the server all copies of protected data ONLY exist in their encrypted form in the AES vault. Only the server software can decrypt, access and manage the server data vaults. EMAIL ENCRYPTION All email messages sent from CloudFileSync are secured via TLS1.2 encrypted channel and digitally signed. This prevents interception by third parties, making it impossible for attackers to read and alter email messages as they are transmitted. CloudFileSync also provides custom SMTP server support. By specifying your own secure SMTP server, you can enjoy extra peace of mind that your mail transfer path is properly configured and secure from MITM and other mail attacks. Administrators can enter their own custom encryption key in the CloudFileSync server application. The CloudFileSync server will use this key for the encrypting the secure data vault. This encryption key is stored in the windows key vault, and is only accessible to administrators of the server and the CloudFileSync server application. 2015 by Network2Share Pty Ltd. All rights reserved. 3

Access Control LOGIN AUTHENTICATION All administrators, users and guests are required to enter a username and password. A vulnerable point of any cloud product is on the login screen. Due to this, CloudFileSync enables strict user authentication and permission enforcement at every access point before data is made visible, ensuring that only users with the right credentials can access company data. In order to protect login credentials, user passwords are salted and hashed using SHA2-256. As cryptographic hashing is a one-way process, this means we store your passwords in a secure state. In the unlikely case of a data breach, this means your passwords remain safe. MOBILE AUTHENTICATION PASSWORD POLICY MANAGEMENT CloudFileSync allows IT administrators to enact password management policies, enforcing minimum password length and strength requirements to all users. Further, account lockout functionality is available to stop brute force attacks on users passwords, either by disabling the account for a configurable period of time or locking it permanently. PERMISSION CONTROLS CloudFileSync provides drive based and folder based access permissions. Access permissions are uniformly enforced across all methods of file access, including but not limited to web console, mobile apps and desktop sync. Both drive and folder permissions set at the parent levels in a hierarchy automatically inherit to sub-folders. By default, mobile app users are required to log into the application using their username and password. Company administrators can allow the use of a pincode for more convenient access. Users are required to authenticate using these details upon login to the application, or upon the application regaining focus. For additional security, local mobile files can be automatically wiped after a set number of incorrect passcode attempts. 2015 by Network2Share Pty Ltd. All rights reserved. 4

Access Control REMOTE WIPE REMOTE WIPE - APP In the event that a user s mobile device is lost or stolen, local files can be instantly erased by the administrator or device owner. Administrators can initiate wipes from the device control panel. If the App is running it will immediately logout and delete all local data stored in the encrypted CloudFileSync container and block access to the device. If the App is not running, on App start-up (before data is accessible) it will delete all local data stored in the encrypted CloudFileSync container and block access to the device ensuring data is not compromised. REMOTE WIPE - DESKTOP CLIENT When a user s access is revoked from a resource, the affected files locally stored are immediately made unavailable to the user and deleted from the encrypted vault. Administrators can initiate wipes from the web console. If the client software is running the drives will immediately dismount and the local encrypted CloudFileSync containers will be deleted from the local machine. If the Client software is not running, on login the client will delete all local data stored in the encrypted CloudFileSync container and block access to the device. 2015 by Network2Share Pty Ltd. All rights reserved. 5

Access Control DRIVE PERMISSIONS CloudFileSync uses mounted Cloud Drives that appear on client workstations and mobile apps just like a standard mounted network drive. Administrators have the ability to set drive based permissions on a group or individual user basis, allowing granular control over file access. These permissions allow the ability to grant read only access, read and write access, and read/write/delete access permissions. In addition, they can also be granted the ability to securely share files with 3rd parties, and extended sharing functionality (for more permanent or less secure sharing requirements). Users and groups with permissions set to access a cloud drive automatically inherit to sub-folders. SALES TEAM FINANCE TEAM Sales (S:) Sales (S:) Competitors Competitors Resources Resources Sales Material Sales Material Example: The Sales Team group has access to the Sales drive (Sales S:\), which also means all members of this group have access all of the sub-folders within this drive. 2015 by Network2Share Pty Ltd. All rights reserved. 6

Access Control FOLDER PERMISSIONS Administrators wishing to restrict users or group permissions may choose to set folder permissions on folders within a mapped drive. For each individual user, they can grant different levels of access: none, read only, read/write and read/write/delete Regardless of whether permissions are granted via user or group, any access granted to the drive is overwritten by folder-level permissions. Folder-level permissions are inherited to all subsequent sub-folders. MARKETING TEAM SALES TEAM FINANCE TEAM Sales (S:) Sales (S:) Sales (S:) Budget Budget Budget Competitors Competitors Competitors Sales Material Sales Material Sales Material Strategy Strategy Strategy Example: The Sales Team has access to the Sales drive at a drive level, which also means access to all folders within. The Marketing and Finance Teams have been restricted to specific folders. 2015 by Network2Share Pty Ltd. All rights reserved. 7

Access Control GROUP MANAGEMENT CloudFileSync provides administrators with group management functionality that allows users to be managed into groups. This group management functionality grants administrators the ability to replicate their management structures into CloudFileSync, and grant permissions accordingly. Groups can be assigned permissions in a similar fashion to users, granting various levels of access to drives and folders made available within CloudFileSync. This functionality makes it easy to manage an entire department within a company and provide oversight to managers without intrusion. Groups can include any combination of standard users, and guest users to tailor the user management solution to fit collaboration requirements. LDAP INTEGRATION CloudFileSync is able to import users and groups from their Active Directory or any OpenLDAP server. Additionally company administrators can integrate with Active Directory, and have their Active Directory users login to CloudFileSync with their Active Directory login credentials This allows companies to embrace the cloud without decentralizing user management. Under an AD-linked setup, users and groups created and deleted from Active Directory can be synchronized to CloudFileSync easily, and granted or denied access based on their group membership within Active Directory. In addition, this means password and lockout policies set in Active Directory are enforced across all CloudFileSync access points. (e.g. after three failed login attempts within a 15 minute window; the user account is locked out). 2015 by Network2Share Pty Ltd. All rights reserved. 8

Flexible Deployment Options FLEXIBLE DEPLOYMENT OPTIONS Meeting the demanding privacy and compliance requirements of today requires classifying data based on security and privacy needs. CloudFileSync is the only file sharing platform that offers truly flexible, secure and scalable storage deployment models. The software is extremely flexible, and can be used to facilitate solutions using on-premise private cloud, public cloud or a mixture of both. Using CloudFileSync to create a hybrid cloud model has many advantages, as highly sensitive data can be secure onpremise behind the corporate firewall, and public cloud services can be leveraged to provide the advantages of cost savings and resource agility. Such flexibility allows users to securely share, sync and access files with all the features of popular and less secure cloud storage services, but without the risks associated. This functionality is only possible to be provided safely because it is held securely onpremise in a CloudFileSync private cloud. Best of all, support for flexible deployment options allows IT to keep data where it belongs, without sacrificing security or privacy. KEEP DATA IN PLACE CloudFileSync empowers IT to provide a file sharing solution that leverages existing data stores. Unlike cloud-only solutions that require businesses to move vast amounts of data into the public cloud, CloudFileSync is designed to deliver access and sharing to data stores in place, without transferring and storing data online. CloudFileSync can leverage any existing storage platform and file access protocol without requiring additional proprietary file system protocols. ON-PREMISE PRIVATE CLOUD For customers with private data too sensitive for online storage, CloudFileSync offers a different class of secure file sharing where cloud-only solutions fall short. CloudFileSync provides mobile and remote VPN-less access to any local storage, without files or file metadata passing through the cloud. Users can securely share and access private files from any device, anywhere in the world, while data remains stored behind the corporate firewall - free from privacy risks and government monitoring. 2015 by Network2Share Pty Ltd. All rights reserved. 9

Flexible Deployment Options SECURE ACCESS TO ON-PREMISES PRIVATE CLOUD STORAGE CloudFileSync allows customers to use their own hardware and operate up to 20 secure storage servers on-premise and behind their firewall, meeting the strictest regulatory and security requirements and allowing flexible scaling. Administrators, managers and users can access all servers through a single login, regardless of where storage servers are located. CloudFileSync enabled storage servers can be added based on the requirements of the solution; with as onpremise private cloud, or public cloud servers, or a mixture of the two. The storage servers can be located anywhere, enabling a single solution for data control to organizations with geographically diverse data requirements. Users can securely access all their files from any onpremises or public cloud hosted storage, anywhere in the world, without the need for VPNs all routing and security and authentication is handled automatically in the background by CloudFileSync. Having a unified namespace for all files, regardless of data sensitivity, allows employees to use one IT sanctioned file sharing service, instead of adopting several rogue cloud solutions. As in these solutions data is entirely under user control, there is a high change of data leaks from their usage. 2015 by Network2Share Pty Ltd. All rights reserved. 10

Auditing and Reporting AUDIT REPORTS CloudFileSync Audit Reporting helps IT administrators monitor usage with a wide range of real-time reporting tools to provide complete visibility of what has been shared and with whom. The Audit Reporting can assist in identifying potential security risks. Reports include: Detailed Files Sharing activity User login and activity Summary Deleted File activity Storage Allocation Summarys Drives Breakdown File Usage History 2015 by Network2Share Pty Ltd. All rights reserved. 11

Business Compliance - Australia BUSINESS COMPLIANCE - AUSTRALIA All Australian CloudFileSync on-premise installations are compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012 C2015C00053 Registered 6 March 2015. Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth.) https://www.comlaw.gov.au/details/c2015c00053 COMPANY INFORMATION CloudFileSync is developed and distributed to the IT industry by Network2Share Pty Ltd 241A Swan Street Richmond, Victoria 3121, AUSTRALIA sales@network2share.com www.network2share.com Registered 6 March 2015 Modified Schedule 1 (Australian Privacy Principles), Clause 8, 20, 23, 33 Modified Part 8, Schedule 1 (Australian Privacy Principles), Cross-Border Disclosure of Personal Information Privacy Regulation 2013 (Cth.), registered 5 May 2015 https://www.comlaw.gov.au/details/f2015c00385 2015 by Network2Share Pty Ltd. All rights reserved. 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information