Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
security [2019_04_10 22:14] – [5 Data Loss Protection] steven | security [2019_10_15 20:47] – steven | ||
---|---|---|---|
Line 2: | Line 2: | ||
====== Security ====== | ====== Security ====== | ||
- | SME provides a SaaS and hybrid on-premise Cloud solution | + | SME provides a SaaS and hybrid on-premises multi-cloud content management |
===== 1 Data Center ===== | ===== 1 Data Center ===== | ||
- | For the hosted SaaS service SME uses multiple data centres in USA and Europe. All data centres are Tier IV facilities and are:\\ \\ USA: SSAE16 SOC1/2 compliant, have 24x7 armed security, facility surveillance, | + | For the hosted SaaS service SME uses multiple data centres in USA and Europe. All data centres are Tier IV facilities and are: |
+ | |||
+ | USA: SSAE16 SOC1/2 compliant, have 24x7 armed security, facility surveillance, | ||
+ | |||
+ | Europe: The Data Centers have ISO27001: | ||
+ | |||
+ | UK: This is a new facility, currently undergoing the iso 27001/9001 process and also has 24x7 security, facility surveillance, | ||
All data centres have 24/7 physical security, facility surveillance, | All data centres have 24/7 physical security, facility surveillance, | ||
Line 20: | Line 26: | ||
Administrators should also connect to storage providers using HTTPS. For storage providers with a fixed endpoint including AWS S3, Azure, Google Cloud Storage the File Fabric always uses HTTPS. | Administrators should also connect to storage providers using HTTPS. For storage providers with a fixed endpoint including AWS S3, Azure, Google Cloud Storage the File Fabric always uses HTTPS. | ||
+ | [[https:// | ||
===== 3 Encryption Algorithm ===== | ===== 3 Encryption Algorithm ===== | ||
- | Storage Made Easy can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. | + | The Enterprise File Fabric |
* an initial Round Key addition | * an initial Round Key addition | ||
* Nr-1Rounds | * Nr-1Rounds | ||
Line 29: | Line 36: | ||
The chaining variable goes into the input and the message block goes into the âCipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael; | The chaining variable goes into the input and the message block goes into the âCipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael; | ||
- | Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https:// | + | Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https:// |
See also [[https:// | See also [[https:// | ||
- | |||
===== 4 Authentication Security ===== | ===== 4 Authentication Security ===== | ||
Line 55: | Line 61: | ||
* Links can be set to be time expired and/or combined with private links and password for further additional document security. | * Links can be set to be time expired and/or combined with private links and password for further additional document security. | ||
* [[watermarking|Watermarks]] unique to each file preview or shared file download can be added to enable tracing back how a file was leaked. | * [[watermarking|Watermarks]] unique to each file preview or shared file download can be added to enable tracing back how a file was leaked. | ||
+ | * [[contentdiscovery|Content Discovery]] monitors documents for sensitive data which can generate an email, quarantine, or initiate a workflow. | ||
===== 6 Access Control Security ===== | ===== 6 Access Control Security ===== | ||
- | |||
- | |||
{{:/ | {{:/ | ||
- | SME supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory if single sign-on is being used. | + | The File Fabric |
+ | ===== 7 Restrict by IP Address ===== | ||
- | ===== 7 Audit Security ===== | + | The File Fabric supports the ability to whitelist or blacklist IP addresses. This can be done at the Organization level (tenant) or on a per user basis. For more information see [[geoip]]. |
+ | ===== 8 Audit Security ===== | ||
Line 74: | Line 81: | ||
- | ===== 8 Governance Options ===== | + | ===== 9 Governance Options ===== |
{{ : | {{ : | ||
Line 81: | Line 88: | ||
- | ===== 9 Bring your own Device security ===== | + | ===== 10 Bring your own Device security ===== |
- | + | ||
{{:/ | {{:/ | ||
Line 89: | Line 94: | ||
The Cloud File Server (CFS) Admin controls which devices and access clients that each user of the Cloud File Server can connect from. By default all devices and access clients are enabled. \\ \\ The Admin can entirely disable a user or just choose to disable access from any of the devices/ | The Cloud File Server (CFS) Admin controls which devices and access clients that each user of the Cloud File Server can connect from. By default all devices and access clients are enabled. \\ \\ The Admin can entirely disable a user or just choose to disable access from any of the devices/ | ||
- | ===== 10 Compliance Report ===== | + | ===== 11 Compliance Report ===== |
The compliance report recommends settings that could be changed to enhance security. The user can jump from the online report directly to where the setting can be changed. | The compliance report recommends settings that could be changed to enhance security. The user can jump from the online report directly to where the setting can be changed. | ||
Line 95: | Line 100: | ||
{{ : | {{ : | ||
- | ===== 11 Data Security ===== | + | ===== 12 Data Security ===== |
In addition to encryption the solution includes a number of features for data security: | In addition to encryption the solution includes a number of features for data security: | ||
Line 105: | Line 110: | ||
* **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier. | * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier. | ||
+ | ===== 13 Cyber Essentials ===== | ||
+ | |||
+ | Storage Made Easy is [[https:// | ||
+ | |||
+ | It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government. | ||
+ | |||
+ | ===== 14 London Office of Regional CyberSecurity Advancement (LORCA) ===== | ||
+ | |||
+ | Storage Made Easy [[https:// | ||
+ | |||
+ | LORCA is one of two cyber innovation centres as part of the National Cyber Security Strategy objective to grow the UK’s cybersecurity sector and make sure the UK is the safest place to live and do business online. | ||
+ | |||
+ | Security by Design was selected as one of the most pressing challenges. The office is now on the lookout for cybersecurity solutions that make it significantly cheaper or easier for products to be made secure. | ||
+ | This includes ensuring products are secure as standard, rather than requiring an add-on solution, and at code level, as this remains a challenge across the sector. |