Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
cloudencryption [2018_12_10 18:09]
steven
cloudencryption [2019_09_30 14:04]
jim [Uploading]
Line 13: Line 13:
 ===== Encryption Algorithm ===== ===== Encryption Algorithm =====
  
-SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:+The File Fabric ​uses [[fips|FIPS certified]] ​AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:
  
   * an initial Round Key addition   * an initial Round Key addition
Line 27: Line 27:
 ===== Encryption Scope ===== ===== Encryption Scope =====
  
-Encryption can be set at an Org (Team) or on a Personal level.+Encryption can be set for the whole team by the File Fabric Administrator by setting ​an encryption policy. This can be set at a global level (all files) or it can be only for nominated folders.
  
 +If global team encryption is not turned on, the File Fabric Administrator can set the scope to be on a per user level, in which the end user is responsible for setting and remembering the encryption key.
 +
 +
 + 
 ===== Team Encryption ===== ===== Team Encryption =====
  
-The Cloud Admin of the Team Account can set by logging ​in to the Web and choosing //"​Main menu —> Policies —> Encryption"//​ and choosing the encryption password and scope.+The File Fabric Administrator ​of the Team Account can set encryption ​by logging ​into the Web and choosing //"​Main menu —> Policies —> Encryption"//​ and choosing the encryption password and scope.
  
-Once this password is set then Cloud Files for all users of the Primary Cloud are '​encrypted at rest’ therein.+Once this password is set then Files for all users of the Primary Cloud are '​encrypted at rest’ therein ​(this is additional to any '​encryption at rest' set by a storage provider).
  
 **Note:** Existing files are not encrypted only new file uploads are encrypted. **Note:** Existing files are not encrypted only new file uploads are encrypted.
Line 40: Line 44:
 ---- ----
  
-The password is stored, in an encrypted fashion, in the SME appliance ​and does not leave the appliance as it is used to encrypt/​decrypt files on demand.+The password is stored, in an encrypted fashion, in the File Fabric ​and does not leave the appliance as it is used to encrypt/​decrypt files on demand.
  
  
Line 49: Line 53:
   * All shared team folders   * All shared team folders
   * All Shared team folders plus user files   * All Shared team folders plus user files
 +  * Nominated Folders
  
 //Share Team Folders:// Only team folders are encrypted the users personal files are not encrypted //Share Team Folders:// Only team folders are encrypted the users personal files are not encrypted
Line 54: Line 59:
 //All Shared Team folders plus user files:// Shared Team folders and users personal files in the personal cloud are encrypted at rest //All Shared Team folders plus user files:// Shared Team folders and users personal files in the personal cloud are encrypted at rest
  
 +//Nominated folders://​Only files in nominated are encrypted.
 ---- ----
  
-For team folders, the encryption **is transparent** to end users. Team users **do not need to know** the encryption password and files are simply encrypted and decrypted as accessed via SME Apps.+For team folders, the encryption **is transparent** to end users. ​Authenticated ​Team users **do not need to know** the encryption password and files are simply encrypted and decrypted as accessed via SME Apps once they are authenticated and authorised to access the resource.
  
 Team encrypted files that are shared without passwords also **do not** require the recipient to know the encryption password. Team encrypted files that are shared without passwords also **do not** require the recipient to know the encryption password.
Line 67: Line 72:
  
 Standalone desktop decryption tools are provided in the event users want to download encrypted files direct from remote clouds or data stores. Standalone desktop decryption tools are provided in the event users want to download encrypted files direct from remote clouds or data stores.
- 
 ===== Personal Encryption ===== ===== Personal Encryption =====
  
 ==== Uploading ==== ==== Uploading ====
  
-A user can set his own password to encrypt files uploaded in the web browser (entered when uploading), in the desktop tools, and also using the SME Android App. +A user can set his own password to encrypt files uploaded in the web browser (entered when uploading), in the desktop tools, and also using the File Fabric ​Android App.
  
 ---- ----
  
 In the browser when uploading the user has the option to encrypt the files and enter the encryption phrase. In the browser when uploading the user has the option to encrypt the files and enter the encryption phrase.
- 
  
 ---- ----
  
-For windows ​and mac tools the user can set the encryption phrase in settings or in the dedicated windows explorer explicitly set the encryption password on upload. +For Windows ​and Mac Apps the user can set the encryption phrase in settings or in the dedicated windows explorer explicitly set the encryption password on upload.
  
 ---- ----
  
 On the SME Android App files uploaded can also be encrypted on upload from the device On the SME Android App files uploaded can also be encrypted on upload from the device
- 
  
 ---- ----
Line 95: Line 95:
  
 **Note:** also that different phrases can be used for different files. **Note:** also that different phrases can be used for different files.
- 
  
 ---- ----