Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
cloudencryption [2023_08_15 20:40] – [Uploading] steven | cloudencryption [2024_02_28 01:03] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 11: | Line 11: | ||
Companies therefore should take additional precautions with data ie. ensuring it is encrypted independent of the storage provider. File based encryption is one such mechanism that can be used to achieve this. | Companies therefore should take additional precautions with data ie. ensuring it is encrypted independent of the storage provider. File based encryption is one such mechanism that can be used to achieve this. | ||
- | The File Fabric's file based encryption (FBE) service, when activated, stream encrypts data before it resides on the storage (where, if encryption at rest is used by the storage provider, it is additionally encrypted). | + | The Access Anywhere's file based encryption (FBE) service, when activated, stream encrypts data before it resides on the storage (where, if encryption at rest is used by the storage provider, it is additionally encrypted). |
You can consider file based encryption to be analogous to a safe that's stored within a bank vault. | You can consider file based encryption to be analogous to a safe that's stored within a bank vault. | ||
- | The File Fabric | + | The Access Anywhere |
===== Encryption Algorithm ===== | ===== Encryption Algorithm ===== | ||
- | The File Fabric | + | The Access Anywhere |
* an initial Round Key addition | * an initial Round Key addition | ||
Line 29: | Line 29: | ||
Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. | Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. | ||
- | The File Fabric | + | The Access Anywhere |
===== Encryption Scope ===== | ===== Encryption Scope ===== | ||
- | Encryption can be set for the whole team by the File Fabric | + | Encryption can be set for the whole team by Access Anywhere |
- | If global team encryption is not turned on, the File Fabric | + | If global team encryption is not turned on, Access Anywhere |
Line 42: | Line 42: | ||
(Previously known as Team Encryption) | (Previously known as Team Encryption) | ||
- | The File Fabric | + | The Access Anywhere |
Once this password is set then Files for all users of the Primary Cloud are ' | Once this password is set then Files for all users of the Primary Cloud are ' | ||
Line 51: | Line 51: | ||
---- | ---- | ||
- | The password is stored, in an encrypted fashion, in the File Fabric | + | The password is stored, in an encrypted fashion, in Access Anywhere |
Line 69: | Line 69: | ||
---- | ---- | ||
- | For team folders, the encryption **is transparent** to end users. Authenticated Team users **do not need to know** the encryption password and files are simply encrypted and decrypted as accessed via File Fabric | + | For team folders, the encryption **is transparent** to end users. Authenticated Team users **do not need to know** the encryption password and files are simply encrypted and decrypted as accessed via Access Anywhere |
Team encrypted files that are shared without passwords also **do not** require the recipient to know the encryption password. | Team encrypted files that are shared without passwords also **do not** require the recipient to know the encryption password. | ||
Line 91: | Line 91: | ||
For Windows and Mac Apps the user can set the encryption phrase in settings or in the dedicated windows explorer explicitly set the encryption password on upload. | For Windows and Mac Apps the user can set the encryption phrase in settings or in the dedicated windows explorer explicitly set the encryption password on upload. | ||
- | Unlike the account level encryption the encryption phrase set by personal users is **not stored on the server** ie. the user has to remember the phrase otherwise they will not be able to gain access to the file and if they forget it there is no way for the SME service to recover it. | + | Unlike the account level encryption the encryption phrase set by personal users is **not stored on the server** ie. the user has to remember the phrase otherwise they will not be able to gain access to the file and if they forget it there is no way for the NAA service to recover it. |
**Note:** also that different phrases can be used for different files. | **Note:** also that different phrases can be used for different files. | ||
- | As an optimization | + | As an optimization |
===== Encryption Scope Precedence ===== | ===== Encryption Scope Precedence ===== | ||
Line 107: | Line 107: | ||
===== Bi-Modal Use ===== | ===== Bi-Modal Use ===== | ||
- | Note that if Files are encrypted through | + | Note that if Files are encrypted through |
===== Password Change ===== | ===== Password Change ===== | ||