Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
cloudencryption [2023_08_15 20:40] – [Uploading] stevencloudencryption [2024_02_28 01:03] (current) – external edit 127.0.0.1
Line 11: Line 11:
 Companies therefore should take additional precautions with data ie. ensuring it is encrypted independent of the storage provider. File based encryption is one such mechanism that can be used to achieve this.  Companies therefore should take additional precautions with data ie. ensuring it is encrypted independent of the storage provider. File based encryption is one such mechanism that can be used to achieve this. 
  
-The File Fabric's file based encryption (FBE) service, when activated, stream encrypts data before it resides on the storage (where, if encryption at rest is used by the storage provider, it is additionally encrypted). +The Access Anywhere's file based encryption (FBE) service, when activated, stream encrypts data before it resides on the storage (where, if encryption at rest is used by the storage provider, it is additionally encrypted). 
  
 You can consider file based encryption to be analogous to a safe that's stored within a bank vault.  The vault is the encryption at rest, and even if this is breached, each safe within the vault has its own layer of security that must also be 'cracked' to gain access to the data. You can consider file based encryption to be analogous to a safe that's stored within a bank vault.  The vault is the encryption at rest, and even if this is breached, each safe within the vault has its own layer of security that must also be 'cracked' to gain access to the data.
  
-The File Fabric can be used to encrypt either  individual files or  directories using a key. This can be set at a company tenant level and therefore be transparent to end user or it can e configured so that either  file or directory can each have their own individual encryption key.+The Access Anywhere can be used to encrypt either  individual files or  directories using a key. This can be set at a company tenant level and therefore be transparent to end user or it can e configured so that either  file or directory can each have their own individual encryption key.
  
 ===== Encryption Algorithm ===== ===== Encryption Algorithm =====
  
-The File Fabric uses [[fips|FIPS certified]] AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:+The Access Anywhere uses [[fips|FIPS certified]] AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:
  
   * an initial Round Key addition   * an initial Round Key addition
Line 29: Line 29:
 Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files.
  
-The File Fabric provides free stand-alone desktop Apps (Mac, Windows, Linux) to also enable de-encryption, if the encryption key is known, directly from the storage (without having to use the File Fabric).+The Access Anywhere provides free stand-alone desktop Apps (Mac, Windows, Linux) to also enable de-encryption, if the encryption key is known, directly from the storage (without having to use Access Anywhere).
 ===== Encryption Scope ===== ===== Encryption Scope =====
  
-Encryption can be set for the whole team by the File Fabric Administrator by setting an encryption policy. This can be set at a global level (all files) or it can be only for nominated folders or files.+Encryption can be set for the whole team by Access Anywhere Administrator by setting an encryption policy. This can be set at a global level (all files) or it can be only for nominated folders or files.
  
-If global team encryption is not turned on, the File Fabric Administrator can set the scope to be on a per user level, in which the end user is responsible for setting and remembering the encryption key.+If global team encryption is not turned on, Access Anywhere Administrator can set the scope to be on a per user level, in which the end user is responsible for setting and remembering the encryption key.
  
  
Line 42: Line 42:
 (Previously known as Team Encryption) (Previously known as Team Encryption)
  
-The File Fabric Administrator of the Org Account can set encryption by logging into the Web and choosing //"Organization —> Policies —> Encryption"// and choosing the encryption password and scope.+The Access Anywhere Administrator of the Org Account can set encryption by logging into the Web and choosing //"Organization —> Policies —> Encryption"// and choosing the encryption password and scope.
  
 Once this password is set then Files for all users of the Primary Cloud are 'encrypted at rest’ therein (this is additional to any 'encryption at rest' set by a storage provider). Once this password is set then Files for all users of the Primary Cloud are 'encrypted at rest’ therein (this is additional to any 'encryption at rest' set by a storage provider).
Line 51: Line 51:
 ---- ----
  
-The password is stored, in an encrypted fashion, in the File Fabric and does not leave the appliance as it is used to encrypt/decrypt files on demand.+The password is stored, in an encrypted fashion, in Access Anywhere and does not leave the appliance as it is used to encrypt/decrypt files on demand.
  
  
Line 69: Line 69:
 ---- ----
  
-For team folders, the encryption **is transparent** to end users. Authenticated Team users **do not need to know** the encryption password and files are simply encrypted and decrypted as accessed via File Fabric Apps once they are authenticated and authorised to access the resource.+For team folders, the encryption **is transparent** to end users. Authenticated Team users **do not need to know** the encryption password and files are simply encrypted and decrypted as accessed via Access Anywhere Apps once they are authenticated and authorised to access the resource.
  
 Team encrypted files that are shared without passwords also **do not** require the recipient to know the encryption password. Team encrypted files that are shared without passwords also **do not** require the recipient to know the encryption password.
Line 91: Line 91:
 For Windows and Mac Apps the user can set the encryption phrase in settings or in the dedicated windows explorer explicitly set the encryption password on upload. For Windows and Mac Apps the user can set the encryption phrase in settings or in the dedicated windows explorer explicitly set the encryption password on upload.
  
-Unlike the account level encryption the encryption phrase set by personal users is **not stored on the server** ie. the user has to remember the phrase otherwise they will not be able to gain access to the file and if they forget it there is no way for the SME service to recover it.+Unlike the account level encryption the encryption phrase set by personal users is **not stored on the server** ie. the user has to remember the phrase otherwise they will not be able to gain access to the file and if they forget it there is no way for the NAA service to recover it.
  
 **Note:** also that different phrases can be used for different files. **Note:** also that different phrases can be used for different files.
  
-As an optimization the File Fabric desktop tools provide an option to save a single encryption phrase for ease of use when dealing with files from the desktop.+As an optimization Access Anywhere desktop tools provide an option to save a single encryption phrase for ease of use when dealing with files from the desktop.
  
 ===== Encryption Scope Precedence ===== ===== Encryption Scope Precedence =====
Line 107: Line 107:
 ===== Bi-Modal Use ===== ===== Bi-Modal Use =====
  
-Note that if Files are encrypted through the File Fabric they will only be accessible through the File Fabric. This can often be the intent with sensitive data stored on remote storage provider but you should note that if such files are subsequently moved directly on the storage then they will become inaccessible directly and will need to be accessed by using the File Fabric's standalone desktop decryption App which is available for Mac, Windows or Linux.+Note that if Files are encrypted through Access Anywhere they will only be accessible through Access Anywhere. This can often be the intent with sensitive data stored on remote storage provider but you should note that if such files are subsequently moved directly on the storage then they will become inaccessible directly and will need to be accessed by using Access Anywhere's standalone desktop decryption App which is available for Mac, Windows or Linux.
 ===== Password Change ===== ===== Password Change =====
  
© Copyright 2024 Nasuni.