Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
security [2019_04_10 22:14] – [5 Data Loss Protection] stevensecurity [2019_06_18 16:13] – [6 Access Control Security] jim
Line 2: Line 2:
 ====== Security ====== ====== Security ======
  
-SME provides a SaaS and hybrid on-premise Cloud solution which provides unique Cloud federation, governance and management features. This section of the Wiki outlines the security that is inherent within the SME hosted and on-premise appliance +SME provides a SaaS and hybrid on-premises multi-cloud content management solution called the Enterprise File Fabric.  This provides unique federation, governance and data management features. This section of the Wiki outlines the security that is inherent within the SME hosted and on-premises versions of the File Fabric.
 ===== 1 Data Center ===== ===== 1 Data Center =====
  
Line 22: Line 21:
 ===== 3 Encryption Algorithm ===== ===== 3 Encryption Algorithm =====
  
-Storage Made Easy can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. SME uses [[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard|AES]]-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:+The Enterprise File Fabric can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. The File Fabric uses [[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard|AES]]-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:
   * an initial Round Key addition   * an initial Round Key addition
   * Nr-1Rounds   * Nr-1Rounds
Line 29: Line 28:
 The chaining variable goes into the input€ and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael; The chaining variable goes into the input€ and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael;
  
-Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https://storagemadeeasy.com/clients_and_tools#Mac|Mac]], [[https://storagemadeeasy.com/clients_and_tools#Windows|Windows]] and [[https://storagemadeeasy.com/clients_and_tools#Linux|Linux]] that enable the decryption of a file if you download it directly from a mapped cloud ie. without any access to the SME service.+Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https://storagemadeeasy.com/clients_and_tools#Mac|Mac]], [[https://storagemadeeasy.com/clients_and_tools#Windows|Windows]] and [[https://storagemadeeasy.com/clients_and_tools#Linux|Linux]] that enable the decryption of a file if you download it directly from a mapped cloud ie. without any access to the File Fabric service.
  
 See also [[https://storagemadeeasy.com/pressrelease/FIPS-140-2-compliance/|FIPS U.S. Federal Government Validation of the Enterprise File Fabric™ Cryptographic Algorithm]]. See also [[https://storagemadeeasy.com/pressrelease/FIPS-140-2-compliance/|FIPS U.S. Federal Government Validation of the Enterprise File Fabric™ Cryptographic Algorithm]].
- 
 ===== 4 Authentication Security ===== ===== 4 Authentication Security =====
  
Line 55: Line 53:
   * Links can be set to be time expired and/or combined with private links and password for further additional document security.   * Links can be set to be time expired and/or combined with private links and password for further additional document security.
   * [[watermarking|Watermarks]] unique to each file preview or shared file download can be added to enable tracing back how a file was leaked.   * [[watermarking|Watermarks]] unique to each file preview or shared file download can be added to enable tracing back how a file was leaked.
 +  * [[contentdiscovery|Content Discovery]] monitors documents for sensitive data which can generate an email, quarantine, or initiate a workflow.
  
 ===== 6 Access Control Security ===== ===== 6 Access Control Security =====
Line 62: Line 61:
 {{:/security:steps:sme_6_access_control_secur.png}} {{:/security:steps:sme_6_access_control_secur.png}}
  
-SME supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory if single sign-on is being used.+The File Fabric supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory if single sign-on is being used.
  
  
Line 105: Line 104:
  * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier.  * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier.
  
 +===== 12 Cyber Essentials =====
 +
 +Storage Made Easy is [[https://www.cyberessentials.ncsc.gov.uk/cert-search/?query=storage%20made%20easy|Cyber Essentials Certified]].Cyber Essentials is a UK government information assurance scheme operated by [[https://www.ncsc.gov.uk|the National Cyber Security Centre]] (NCSC) that encourages organisations to adopt good practice in information security.It includes an assurance framework and a set of security controls to protect information from threats coming from the internet.
 +
 +It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government.
 +
 +===== 13 London Office of Regional CyberSecurity Advancement (LORCA) =====
 +
 +Storage Made Easy [[https://www.infosecurity-magazine.com/news/lorca-announces-additions-1-1/|was selected]] to be one of the CyberSecurity innovators of LORCA's third cohort.
 +
 +LORCA is one of two cyber innovation centres as part of the National Cyber Security Strategy objective to grow the UK’s cybersecurity sector and make sure the UK is the safest place to live and do business online.
 +
 +Security by Design was selected as one of the most pressing challenges. The office is now on the lookout for cybersecurity solutions that make it significantly cheaper or easier for products to be made secure.
  
 +This includes ensuring products are secure as standard, rather than requiring an add-on solution, and at code level, as this remains a challenge across the sector.