ShareFile Security Overview

Similar documents
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Experian Secure Transport Service

Security Information & Policies

DSI File Server Client Documentation

FileCloud Security FAQ

SECURE FTP CONFIGURATION SETUP GUIDE

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Security Overview Enterprise-Class Secure Mobile File Sharing

Getting Started with AD/LDAP SSO

ADFS Integration Guidelines

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

WS_FTP: The smarter way to transfer files

Quick Start Guide. Hosting Your Domain

Flexible Identity Federation

Using Internet or Windows Explorer to Upload Your Site

Blue Jeans Network Security Features

FAQ. How does the new Big Bend Backup (powered by Keepit) work?

FTP Accounts Contents

Citrix ShareFile Enterprise: a technical overview citrix.com

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Sonian Getting Started Guide October 2008

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Group Management Server User Guide

Using LDAP Authentication in a PowerCenter Domain

NovaBACKUP. Storage Server. NovaStor / May 2011

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Advanced Administration

USC Marshall School of Business ShareFile_With_Outlook_Client_v2.docx 6/12/13 1 of 9

RFG Secure FTP. Web Interface

1. Product Information

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Online Backup Client User Manual Linux

Air Resources Board File Transfer Protocol (FTP)

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Security Assertion Markup Language (SAML) Site Manager Setup

How To Set Up Dataprotect

RMFT Web Client User Guide

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

Zmanda Cloud Backup Frequently Asked Questions

QUANTIFY INSTALLATION GUIDE

Web Plus Security Features and Recommendations

IBackup Drive User Guide

Agenda. How to configure

HOW TO RETRIEVE FILES FROM THE TARGET ANALYTICS FTP SITE

MOVEIT: SECURE, GUARANTEED FILE DELIVERY BY JONATHAN LAMPE, GCIA, GSNA

How To Use Egnyte

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate.

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Simple, Secure User Guide for OpenDrive Drive Application v for OS-X Platform May 2015

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

IBI Group FTP: Usage Instructions

Overview. Timeline Cloud Features and Technology

Single Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1

HOW TO CONNECT TO FTP.TARGETANALYSIS.COM USING FILEZILLA. Installation

Introweb Remote Backup Client for Mac OS X User Manual. Version 3.20

RSS Cloud Solution COMMON QUESTIONS

Archiving User Guide Outlook Plugin. Manual version 3.1

User's Guide. Product Version: Publication Date: 7/25/2011

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Quick Reference Guide. Online Courier: FTP. Signing On. Using FTP Pickup. To Access Online Courier.

SimpleFTP. User s Guide. On-Core Software, LLC. 893 Sycamore Ave. Tinton Falls, NJ United States of America

RemotelyAnywhere Getting Started Guide

eztechdirect Backup Service Features

CA Nimsoft Service Desk

Xerox DocuShare Security Features. Security White Paper

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

1 of 10 1/31/2014 4:08 PM

For example some Bookkeepers are using Dropbox to share the accounting files between them and their client.

WhatsUp Gold v16.3 Installation and Configuration Guide

HIPAA Privacy & Security White Paper

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

This section includes troubleshooting topics about single sign-on (SSO) issues.

RecoveryVault Express Client User Manual

MadCap Software. Upgrading Guide. Pulse

Omniquad Exchange Archiving

Online Backup Client User Manual

WS_FTP Server. User s Guide. Software Version 3.1. Ipswitch, Inc.

Copyright

TABLE OF CONTENTS. Copyright Pro Softnet Corporation. All rights reserved. 2

DigiDelivery Client Quick Start

Methods available to GHP for out of band PUBLIC key distribution and verification.

The increasing popularity of mobile devices is rapidly changing how and where we

User Management Tool 1.5

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

VCW FTP Microsoft Outlook Add-In Configuration and Implementation

CA Performance Center

Projectplace: A Secure Project Collaboration Solution

Sync Security and Privacy Brief

The LRS File Transfer Service offers a way to send and receive files in a secured environment

Online Backup Linux Client User Manual

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

HTTP connections can use transport-layer security (SSL or its successor, TLS) to provide data integrity

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

Online Backup Client User Manual

Transcription:

ShareFile Security Overview ShareFile Company Policy All ShareFile employees undergo full background checks and sign our information security policy prior to beginning employment with the company. The handbook includes an agreement to maintain the privacy and security of account information. Account information and support functions are accessible only from the IP address of ShareFile s physical office locations. Company policy prohibits employees from accessing accounts or client data except where they have been expressly granted permission by an account administrator for the purpose of support. Any logins or activity by ShareFile Support will be logged in the account activity reports and available for review by account administrators. Servers and Storage Security Files are stored on servers maintained by Amazon Web Services in multiple locations in the United States, Europe, Asia, and South America. A customer s files are generally stored at the server location that is geographically nearest to the administrator and backed up in North Carolina. Contact your ShareFile representative if you require custom geographical storage requirements. All data centers containing ShareFile servers are SSAE-16 (Formerly SAS 70 Type II) compliant, proving that they meet high standards for security. Statements of Compliance (SOC-1) reports are available for your review provided you sign the requisite Non- Disclosure Agreements (NDAs). Physical access is tightly controlled, and double verification is required to proceed to any areas housing data. Our servers are firewall protected and regularly updated to ensure that all of the latest security patches and updates are in place. On Professional and Enterprise plans, files are stored with 128-bit RC4 encryption, and this can also be enabled for Basic plans for an additional monthly fee. In case of disaster, ShareFile has multiple backup strategies in place to protect against loss of data. Files are frequently backed up to a disaster recovery data center, and mirrored in real time to a secondary server location to ensure that service can be quickly resumed in the case of a disruption at an account s primary server location.

Encryption Encryption is a method for transforming data during either in transit or storage so that it requires permission to access. The data is transformed (encrypted) using an algorithm that generates a decryption key which must be used in order to decrypt the data. When transferring sensitive files, it is important to use encryption to ensure that any outside sources cannot read the data contained within the files. Encryption of Data in Transit All file transfers through the ShareFile service are encrypted using 256 bit SSL (Secure Sockets Layer). This is the same security used by banks and many e-commerce sites such as Amazon.com. SSL works by establishing a private connection and each end of the connection is authenticated before transfer begins. Data traveling between these endpoints can only be decrypted by the intended recipient by using unique decryption keys. Encryption of Data at Rest Files uploaded to ShareFile servers are saved with 128-bit RC4 encryption. Each file saved in our system has a unique encryption key. When a file is uploaded, it is encrypted before being copied to its permanent storage location. Downloaded files are decrypted before their contents are sent to your browser. The file encryption keys are not stored on the same server with the files themselves, ensuring that someone with physical access to our storage servers has no access to the files contained on their hard drives. Note: Stored File Encryption is included on Professional, Enterprise, Enterprise Gold, and VDR plans and can be added to a Basic account for an additional monthly fee. Secure User Access Each user on an account is given a unique username and password to login. Passwords are hashed using 128-bit MD5 so that not even ShareFile employees can access this information. If a user enters an incorrect password five times in a row, the system will lock that user account for five minutes before they can login again. ShareFile account users will only see folders where they have been granted permissions and are listed in the Folder Access list. Folders where they have not been granted permissions will be invisible to them in the folder view and on any reports that they can access. By default, client users do not have access to information about other users on the account. All activity in an account is logged and available to employee users who have access to the Reporting section. Reports can include activities (such as logins, downloads, deletions, etc.),

storage contents, and user access audits. Professional and Enterprise accounts also allow users to run recurring reports at certain intervals and to request email notifications whenever a new report is created automatically. On the Basic and Professional plans, usage reports can include data for the last 90 days. Enterprise and Enterprise Gold accounts can retrieve data for the life of the account. Note: The policy to save data older than 90 days for Enterprise and Enterprise Gold accounts was put in place fall, 2009. Activity before this time may not be available. Safe Harbor Policy ShareFile is certified under the U.S. Department of Commerce's Safe Harbor program: http://export.gov/safeharbor See the excerpt below: "The European Commission's Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-european Union nations that do not meet the European "adequacy" standard for privacy protection. While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union. In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework and this website to provide the information an organization should need to evaluate - and then join - the Safe Harbor" Secure and Standard File Transfer Protocol (FTPS/FTP) You can connect to your account using an FTP client such as WS-FTP or FileZilla. FTP Access allows you to connect to your ShareFile account and upload and download using a typical FTP client, useful if you have clients already familiar with FTP, or business processes scheduled to run over FTP. Your ShareFile administrators can enable or disable FTP as required by your policy. FTPS Access allows you to use FTP with SSL/TLS encryption, for an extra layer of security. If FTPS is enabled but regular FTP Access is disabled, you can ensure that transfers over FTP will always be encrypted. Note: Connections using FTPS should be made using 'Implicit SSL/TLS' mode over Port 990. ShareFile is compatible with most well-known FTP clients and supports Windows and Mac. This means you can connect to your ShareFile account using an FTP program. You

Account Wide Password Policy Configurable settings include: Password expiration Password history Minimum length Password complexity Password complexity requirements force users to use personal passwords that match a certain set of rules allowing the administrator to force users to use passwords that conform to the entity s security requirements. (See figure 2). Figure 2 Manage ShareFile Password Policy

File Retention Policy Administrators have the ability to retain files indefinitely or delete after 1, 7, 14, 30, 60, 90 days, 6 months, 1 year, or after 2 years. Internet Protocol (IP) Address Restrictions IP restrictions can be put in place to restrict use of an account to users logging in from certain IP addresses. These restrictions can be set to allow or deny certain IP ranges for employee logins, client logins, and/or recipient of send/request operations. By default, IP restrictions are not enabled. To implement IP restrictions contact a ShareFile representative Distribution Groups ShareFile provides the administrator with the capability to create, manage, and delete distribution groups. To delete distribution groups, place check marks next to the groups that you would like to delete and click the 'Delete Selected Groups' button. To add or remove members from a group, click the group name. Single sign-on / SAML 2.0 Configuration ShareFile supports single sign-on via Security Assertion Markup Language (SAML) 2.0 assertions. SAML is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML 2.0 introduced a number of features not available in previous versions of the specification ShareFile requires SAML assertions to include a NameID in the format emailaddress. Assertion Consumer Service (ACS) URL: https://.sharefile.com/saml/acs SP-Initiated Login URL: https://.sharefile.com/saml/login Identity providers include Microsoft ADFS (Active Directory Federation Services), Ping Identity, PingFederate, IBM Tivoli Access Manager, and CA SiteMinder.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information