Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
cloudencryption [2020_01_22 01:10] – [Uploading] stevencloudencryption [2020_11_13 14:51] – [Encryption Overview] jim
Line 3: Line 3:
 ===== Encryption Overview ===== ===== Encryption Overview =====
  
-One of the issues that becomes apparent with more users choosing to work from mobile phones and tablets is the issue of security. Sometimes these devices can end up in the wrong hands and when that happens it is reasonable to take precautions about how can open and gain access to files you have stored in the Cloud.+One of the issues with increasing compliance regimes such as GDPR, CCPA, and increasing breaches of data is the issue of security. 
  
-The secondary security concern can be with Cloud the Providers themselvesUsers often want to protect certain files on the actual Cloud where they reside, and to that end they can want to use encryption independent of the Cloud Provider.+Most data services use an encryption 'at rest' data strategyThis encrypts all data that resides on the storage. The 'key' to the encryption is most often held by the storage providers and this key is used to encrypt all data
  
-This particular use case can be solved by using the Cloud encryption service that SME provides. Encryption works when users upload files from SME web or desktop access clients, to any of the 40+ Cloud Storage and Saas Providers that SME supports. Users connect over SSL and assign files a private key phrase to file that are uploaded.+From a compliance perspective, relying on this alone is not enough as the industry has seen high profile breaches of cloud services where data protected in this way has been exposed.
  
-This key phrase is not stored anywhere on the SME service, and files are encrypted as they stream through the SME service to the remote Cloud Provider.+Companies therefore should take additional precautions with data ie. ensuring it is encrypted independent of the storage provider. File based encryption is one such mechanism that can be used to achieve this.  
 + 
 +The File Fabric's file based encryption (FBE) service, when activated, stream encrypts data before it resides on the storage (where, if encryption at rest is used by the storage provider, it is additionally encrypted).  
 + 
 +You can consider file based encryption to be analogous to a safe that's stored within a bank vault.  The vault is the encryption at rest, and even if this is breached, each safe within the vault has its own layer of security that must also be 'cracked' to gain access to the data. 
 + 
 +The File Fabric can be used to encrypt either  individual files or  directories using a key. This can be set at a company tenant level and therefore be transparent to end user or it can e configured so that either  file or directory can each have their own individual encryption key.
  
 ===== Encryption Algorithm ===== ===== Encryption Algorithm =====
Line 59: Line 65:
 //All Shared Team folders plus user files:// Shared Team folders and users personal files in the personal cloud are encrypted at rest //All Shared Team folders plus user files:// Shared Team folders and users personal files in the personal cloud are encrypted at rest
  
-//Nominated folders://Only files in nominated are encrypted.+Nominated folders: Only files in nominated are encrypted.
 ---- ----
  
© Copyright 2024 Nasuni.