Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
security [2018_01_30 17:23] – external edit 127.0.0.1 | security [2019_06_18 16:10] – [Security] jim | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | |||
- | |||
- | |||
====== Security ====== | ====== Security ====== | ||
- | + | SME provides a SaaS and hybrid on-premises multi-cloud content management | |
- | SME provides a SaaS and hybrid on-premise Cloud solution | + | |
===== 1 Data Center ===== | ===== 1 Data Center ===== | ||
+ | For the hosted SaaS service SME uses multiple data centres in USA and Europe. All data centres are Tier IV facilities and are:\\ \\ USA: SSAE16 SOC1/2 compliant, have 24x7 armed security, facility surveillance, | ||
+ | All data centres have 24/7 physical security, facility surveillance, | ||
- | {{:/ | + | ===== 2 Encrypted Data in Motion ===== |
- | For the hosted | + | HTTPS is configured by default for all users of the Cloud File Server |
+ | A commercial server that uses HTTPS must have a public key certificate issued that verifies the entity. The end-user can verify the entity by clicking on the HTTPS icon from the browser. | ||
- | ===== 2 On the wire security ===== | + | Clients should connect to the File Fabric appliance using a URL that starts with HTTPS. (This is the default). |
+ | Administrators should also connect to storage providers using HTTPS. For storage providers with a fixed endpoint including AWS S3, Azure, Google Cloud Storage the File Fabric always uses HTTPS. | ||
+ | ===== 3 Encryption Algorithm ===== | ||
- | {{:/security: | + | Storage Made Easy can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. SME uses [[http:// |
+ | * an initial Round Key addition | ||
+ | * Nr-1Rounds | ||
+ | * a final round. | ||
- | HTTPS can be configured for all users of the Cloud File Server Saas users and Appliance. HTTPS is an acronym for hypertext transfer protocol secure. HTTPS is similar to the normal hypertext transfer protocol, except tt is different because | + | The chaining variable goes into the input |
+ | Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https:// | ||
- | ===== 3 Data Security ===== | + | See also [[https://storagemadeeasy.com/pressrelease/FIPS-140-2-compliance/ |
- | + | ||
- | + | ||
- | + | ||
- | {{:/ | + | |
- | + | ||
- | Storage Made Easy can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. SME uses [[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard|AES]]-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:\\ \\ - an initial Round Key addition\\ | + | |
===== 4 Authentication Security ===== | ===== 4 Authentication Security ===== | ||
- | |||
- | |||
{{:/ | {{:/ | ||
- | Storage Made Easy username and passwords are stored in an encrypted fashion. User login is required in order to obtain a token for a session, which allows a user to access a specific Storage Made Easy resource without using a username and password each time. Once the token has been obtained, | + | Clients can be authenticated against |
+ | Two factor authentication may also be required with the options of Google Authentication, | ||
- | ===== 5 Document Security ===== | + | Our staff have no way to access a password as it is stored encrypted. There is a means to access meta-data in the logs and database related to an account if a user requests help with a problem, and this is only ever used if a user requests us to look at a problem or issue with an account. Even so this still requires an Administrator to authorise access, and it still does not grant any access to any encrypted passwords. |
+ | If a Cloud Provider supports [[http:// | ||
- | {{:/ | + | ===== 5 Data Loss Protection ===== |
- | Documents can be securely shared using the SME platform in a number of ways:\\ \\ - Documents can be encrypted on upload using 256 bit AES security. The private key is not stored on the platform and only known by the user.\\ - Private links can be created for documents and these can be combined with passwords to secure the document.\\ - Links can be set to be time expired and/or combined with private links and password for further additional document | + | {{ :security: |
+ | Documents can be securely shared using the SME platform in a number of ways: | ||
+ | * Documents can be encrypted on upload using 256 bit AES security. The private key is not stored on the platform and only known by the user. | ||
+ | * Private links can be created for documents and these can be combined with passwords to secure the document. | ||
+ | * Links can be set to be time expired and/or combined with private links and password for further additional document security. | ||
+ | * [[watermarking|Watermarks]] unique to each file preview or shared file download can be added to enable tracing back how a file was leaked. | ||
+ | * [[contentdiscovery|Content Discovery]] monitors documents for sensitive data which can generate an email, quarantine, or initiate a workflow. | ||
===== 6 Access Control Security ===== | ===== 6 Access Control Security ===== | ||
Line 73: | Line 76: | ||
===== 8 Governance Options ===== | ===== 8 Governance Options ===== | ||
- | + | {{ : | |
- | + | ||
- | {{:/security: | + | |
Cloud File Server Saas and Appliance users can set governance options for all users and control almost all levels of security for users. | Cloud File Server Saas and Appliance users can set governance options for all users and control almost all levels of security for users. | ||
Line 86: | Line 87: | ||
{{:/ | {{:/ | ||
- | The Cloud File Server (CFS) Admin controls which devices and access clients that each user of the Cloud File Server can connect from. By default all devices and access clients are enabled. \\ \\ The Admin can entirely disable a user or just choose to disable access from any of the devices/ | + | The Cloud File Server (CFS) Admin controls which devices and access clients that each user of the Cloud File Server can connect from. By default all devices and access clients are enabled. \\ \\ The Admin can entirely disable a user or just choose to disable access from any of the devices/ |
+ | |||
+ | ===== 10 Compliance Report ===== | ||
+ | |||
+ | The compliance report recommends settings that could be changed to enhance security. The user can jump from the online report directly to where the setting can be changed. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | ===== 11 Data Security ===== | ||
+ | |||
+ | In addition to encryption the solution includes a number of features for data security: | ||
+ | |||
+ | * **Trash** - Folders and files that are updated or deleted are saved in trash and can be restored. | ||
+ | |||
+ | * **Versions** - Unlimited or limited versions of files can be saved. | ||
+ | |||
+ | * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier. | ||
+ | |||
+ | ===== 12 Cyber Essentials ===== | ||
+ | |||
+ | Storage Made Easy is [[https:// | ||
+ | |||
+ | It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government. | ||
+ | |||
+ | ===== 13 London Office of Regional CyberSecurity Advancement (LORCA) ===== | ||
+ | |||
+ | Storage Made Easy [[https:// | ||
+ | LORCA is one of two cyber innovation centres as part of the National Cyber Security Strategy objective to grow the UK’s cybersecurity sector and make sure the UK is the safest place to live and do business online. | ||
+ | Security by Design was selected as one of the most pressing challenges. The office is now on the lookout for cybersecurity solutions that make it significantly cheaper or easier for products to be made secure. | ||
+ | This includes ensuring products are secure as standard, rather than requiring an add-on solution, and at code level, as this remains a challenge across the sector. |