Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
cloudencryption [2019_09_30 14:02] – [Team Encryption] jim | cloudencryption [2024_02_28 01:03] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== File Encryption ====== | + | ====== File Based Encryption |
===== Encryption Overview ===== | ===== Encryption Overview ===== | ||
- | One of the issues | + | One of the issues with increasing compliance regimes such as GDPR, CCPA, and increasing breaches of data is the issue of security. |
- | The secondary security concern can be with Cloud the Providers themselves. Users often want to protect certain files on the actual Cloud where they reside, and to that end they can want to use encryption | + | Most data services use an encryption 'at rest' data strategy. This encrypts all data that resides |
- | This particular use case can be solved by using the Cloud encryption service that SME provides. Encryption works when users upload files from SME web or desktop access clients, to any of the 40+ Cloud Storage and Saas Providers that SME supports. Users connect over SSL and assign files a private key phrase to file that are uploaded. | + | From a compliance perspective, |
- | This key phrase | + | Companies therefore should take additional precautions with data ie. ensuring it is encrypted independent of the storage provider. File based encryption is one such mechanism that can be used to achieve this. |
+ | |||
+ | The Access Anywhere' | ||
+ | |||
+ | You can consider file based encryption | ||
+ | |||
+ | The Access Anywhere can be used to encrypt either | ||
===== Encryption Algorithm ===== | ===== Encryption Algorithm ===== | ||
- | The File Fabric | + | The Access Anywhere |
* an initial Round Key addition | * an initial Round Key addition | ||
Line 23: | Line 29: | ||
Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. | Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. | ||
- | SME provides free stand-alone desktop Apps (Mac, Windows, Linux) to also enable | + | The Access Anywhere |
===== Encryption Scope ===== | ===== Encryption Scope ===== | ||
- | Encryption can be set for the whole team by the File Fabric | + | Encryption can be set for the whole team by Access Anywhere |
- | If global team encryption is not turned on, the File Fabric | + | If global team encryption is not turned on, Access Anywhere |
- | ===== Team Encryption ===== | + | ===== Org Encryption ===== |
- | The File Fabric | + | (Previously known as Team Encryption) |
+ | |||
+ | The Access Anywhere | ||
Once this password is set then Files for all users of the Primary Cloud are ' | Once this password is set then Files for all users of the Primary Cloud are ' | ||
Line 44: | Line 51: | ||
---- | ---- | ||
- | The password is stored, in an encrypted fashion, in the File Fabric | + | The password is stored, in an encrypted fashion, in Access Anywhere |
Line 59: | Line 66: | ||
//All Shared Team folders plus user files:// Shared Team folders and users personal files in the personal cloud are encrypted at rest | //All Shared Team folders plus user files:// Shared Team folders and users personal files in the personal cloud are encrypted at rest | ||
- | //Nominated folders://Only files in nominated are encrypted. | + | Nominated folders: Only files in nominated are encrypted. |
---- | ---- | ||
- | For team folders, the encryption **is transparent** to end users. Authenticated Team users **do not need to know** the encryption password and files are simply encrypted and decrypted as accessed via SME Apps once they are authenticated and authorised to access the resource. | + | For team folders, the encryption **is transparent** to end users. Authenticated Team users **do not need to know** the encryption password and files are simply encrypted and decrypted as accessed via Access Anywhere |
Team encrypted files that are shared without passwords also **do not** require the recipient to know the encryption password. | Team encrypted files that are shared without passwords also **do not** require the recipient to know the encryption password. | ||
Line 76: | Line 83: | ||
==== Uploading ==== | ==== Uploading ==== | ||
- | A user can set his own password to encrypt files uploaded in the web browser (entered when uploading), in the desktop tools, and also using the SME Android App. | + | A user can set his own password to encrypt files uploaded in the web browser (entered when uploading) |
+ | In the browser when uploading the user has the option to encrypt the files and enter the encryption phrase. The encrypted file will be listed with a shield icon. | ||
- | ---- | + | {{ cloudencryption: |
- | In the browser when uploading the user has the option to encrypt the files and enter the encryption phrase. | + | For Windows |
- | + | ||
- | + | ||
- | ---- | + | |
- | + | ||
- | For windows | + | |
- | + | ||
- | + | ||
- | ---- | + | |
- | + | ||
- | On the SME Android App files uploaded can also be encrypted on upload from the device | + | |
- | + | ||
- | + | ||
- | ---- | + | |
- | Unlike the account level encryption the encryption phrase set by personal users is **not stored on the server** ie. the user has to remember the phrase otherwise they will not be able to gain access to the file and if they forget it there is no way for the SME service to recover it. | + | Unlike the account level encryption the encryption phrase set by personal users is **not stored on the server** ie. the user has to remember the phrase otherwise they will not be able to gain access to the file and if they forget it there is no way for the NAA service to recover it. |
**Note:** also that different phrases can be used for different files. | **Note:** also that different phrases can be used for different files. | ||
- | + | As an optimization | |
- | ---- | + | |
- | + | ||
- | As an optimization | + | |
===== Encryption Scope Precedence ===== | ===== Encryption Scope Precedence ===== | ||
Line 113: | Line 105: | ||
If team level encryption scope is set as All Shared team folders plus user files then the encryption phrase set by the admin is used for team folders and the users personal files. The users encryption phrase is not used and the option to encrypt is **not available to the user**. | If team level encryption scope is set as All Shared team folders plus user files then the encryption phrase set by the admin is used for team folders and the users personal files. The users encryption phrase is not used and the option to encrypt is **not available to the user**. | ||
+ | ===== Bi-Modal Use ===== | ||
+ | |||
+ | Note that if Files are encrypted through Access Anywhere they will only be accessible through Access Anywhere. This can often be the intent with sensitive data stored on remote storage provider but you should note that if such files are subsequently moved directly on the storage then they will become inaccessible directly and will need to be accessed by using Access Anywhere' | ||
===== Password Change ===== | ===== Password Change ===== | ||