| Next revision | Previous revisionNext revisionBoth sides next revision |
| governance [2018_01_30 17:23] – external edit 127.0.0.1 | governance [2018_06_15 23:47] – steven |
|---|
| | ====== Governance Settings ====== |
| | |
| | |
| | |
| ====== Cloud File Server Governance Options ====== | |
| |
| ===== 1 User Management ===== | ===== 1 User Management ===== |
| |
| |
| |
| {{:/governance:steps:sme_1_user_management.png}} | {{:/governance:steps:sme_1_user_management.png}} |
| |
| Users and user roles can be controlled directly by the Cloud Administrator when setting up the Cloud File Server. | Users and user roles can be controlled directly by the Cloud Administrator when setting up the Cloud File Server. |
| |
| |
| ===== 2 Permissions and access control ===== | ===== 2 Permissions and access control ===== |
| |
| | {{:/governance:steps:sme_2_permissions_and_acce.png}} |
| |
| | Once shared folders for the Cloud File Server have been added, the Cloud File Server Admin can control access to folders and sub folders using an access control list. If a user has no permission to a folder the folder is not displayed at all in their file tree. |
| |
| {{:/governance:steps:sme_2_permissions_and_acce.png}} | FAQ: We often get asked if we support Active Directory integration. We support Active Directory integration, and this enables single sign on and group permissions federation. You can find more about Active Directory integration on our Wiki [[organisationcloud/activedirectory|here]]. |
| | |
| Once shared folders for the Cloud File Server have been added, the Cloud File Server Admin can control access to folders and sub folders using an access control list. If a user has no permission to a folder the folder is not displayed at all in their file tree.\\ \\ FAQ: We often get asked if we support Active Directory integration. We support Active Directory integration, and this enables single sign on and group permissions federation. You can find more about Active Directory integration on our Wiki [[organisationcloud/activedirectory|here]]. | |
| |
| |
| ===== 3 Notifications ===== | ===== 3 Notifications ===== |
| |
| |
| |
| {{:/governance:steps:sme_6_recording_geo_locati.png}} | {{:/governance:steps:sme_6_recording_geo_locati.png}} |
| |
| GEO locations are recorded with regards to where a file was uploaded from and also where a file was uploaded to. This can ensure companies comply with electronic data laws and international compliance regimes\\ | GEO locations are recorded with regards to where a file was uploaded from and also where a file was uploaded to. This can ensure companies comply with electronic data laws and international compliance regimes |
| |
| |
| {{:/governance:steps:sme_8_controlling_other_da.png}} | {{:/governance:steps:sme_8_controlling_other_da.png}} |
| |
| As the Organization, or individual users, may user other information clouds, it is preferable for these to be controlled as part of the Cloud File Server rollout in a company. This will enable that any auditing, event logging etc can be setup for such clouds. The Cloud FIle Server admin can decide which Clouds a user can add.\\ \\ For example if each user has a corporate Google Apps Docs account, then the Admin can enable users to add this directly, and any use of it can also be monitored and audited. | As the Organization, or individual users, may user other information clouds, it is preferable for these to be controlled as part of the Cloud File Server rollout in a company. This will enable that any auditing, event logging etc can be setup for such clouds. The Cloud File Server admin can decide which Clouds a user can add. |
| | |
| | For example if each user has a corporate Google Apps Docs account, then the Admin can enable users to add this directly, and any use of it can also be monitored and audited. |
| |
| |
| ===== 9 Encryption options ===== | ===== 9 Encryption options ===== |
| |
| |
| |
| {{:/governance:steps:sme_9_encryption_options.png}} | {{:/governance:steps:sme_9_encryption_options.png}} |
| |
| ===== 10 File versioning Options ===== | ===== 10 File versioning Options ===== |
| |
| |
| |
| {{:/governance:steps:sme_10_file_versioning_opti.png}} | {{:/governance:steps:sme_10_file_versioning_opti.png}} |
| |
| To ensure the lifecycle of a file is tracked then file versioning can be turned "on" which results in all changed versions of a file being kept rather than overwritten. | To ensure the lifecycle of a file is tracked then file versioning can be turned "on" which results in all changed versions of a file being kept rather than overwritten. |
| |
| |
| ===== 11 HIPAA Compliance ===== | |
| |
| |
| |
| {{:/governance:steps:sme_11_hipaa_compliance.png}} | |
| |
| HIPAA provides national minimum standards to protect an individualâs health information.\\ \\ Although many vendors advertise HIPAA compliance, there is no standard "HIPAA certificate of compliance" for backup / cloud products and services. However there are guidelines and we can lay out how our governance features work within this guidelines:\\ \\ General Compliance guidelines for HIPAA:\\ \\ - Ensure confidentiality, integrity and availability of all electronically protected health information that the covered entity either creates, receives, maintains or transmits.\\ - Protect against any reasonably anticipated threats or hazards to the security or integrity of such aforementioned information.\\ - Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required.\\ - Ensure that there is compliance by the workforce.\\ \\ Ways in which the Storage Made Easy Cloud Appliance satisfies HIPAA:\\ \\ **//Data Access://** This can be controlled using access control lists, to enable data to be only accessed by authorised personnel over https. Also IP GEO-restrictions can be implemented to restrict geographic access. The actual legislative wording regarding restricted access to data is:\\ \\ "//Allow access only to those persons or software programs that have been granted access right.//â (Section 164.312(a)(2)(1))\\ \\ \\ **//Remote / Offsite Access to data:://** Storage Made Easy provides a service which can be configured to be part of a disaster recovery plan enabling data to be accessed in the event of fire,flood, natural disaster, inadvertent deletions, viruses, hacking, theft or any other contingency. The actual legislative wording is:\\ \\ "//Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.//â (HIPAA, Section 164.308(a)(7)(i)).\\ \\ **//Physical Security of Data://** Storage Made Easy supports over 35 clouds and in our opinion the most pertinent cloud to use for storing HIPAA data is Amazon. Our [[https://storagemadeeasy.com/ownFileserver/|Cloud Appliance]] can be hosted on Amazon EC2 and HIPAA data can be stored using the Amazon S3 data cloud. Further information on Amazon and HIPAA can be found in the [[http://d36cz9buwru1tt.cloudfront.net/AWS_HIPAA_Whitepaper_Final.pdf|PDF white paper]] entitled " Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services"\\ \\ **//Event Logging://** HIPAA solutions should enabled audit logging and drill down of file events to enable checks on file access and change and from which IP Address these were made. Such audit and event logging is built into the Storage Made Easy solution.\\ \\ **//Encryption://** The privacy rules regulations describe ensuring data is encrypted when "in flight" and when "at rest". Storage Made Easy and Amazon directly both support AES 256 bit encryption at a file level and data can be sent over secure channels.\\ \\ **//Disclaimer//** \\ \\ This information is not intended to constitute legal advice. You are advised to seek the advice of counsel regarding compliance with HIPAA or refer to the HIPAA section of the U.S. Department of Health and Human Services' website, which can be found at: http://www.hhs.gov/ocr/hipaa/\\ \\ \\ | |
| |
| |
| |
