Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
security [2019_10_15 20:47] – steven | security [2021_07_12 18:53] – steven | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Security ====== | + | ====== |
+ | == Updated on Jul 12, 2021 == | ||
- | SME provides a SaaS and hybrid | + | Storage Made Easy provides a hosted |
===== 1 Data Center ===== | ===== 1 Data Center ===== | ||
Line 18: | Line 19: | ||
===== 2 Encrypted Data in Motion ===== | ===== 2 Encrypted Data in Motion ===== | ||
- | HTTPS is configured by default for all users of the Cloud File Server SaaS users and Appliance. | + | HTTPS is configured by default for all users of the hosted version of the File Fabric |
A commercial server that uses HTTPS must have a public key certificate issued that verifies the entity. The end-user can verify the entity by clicking on the HTTPS icon from the browser. | A commercial server that uses HTTPS must have a public key certificate issued that verifies the entity. The end-user can verify the entity by clicking on the HTTPS icon from the browser. | ||
Line 27: | Line 28: | ||
[[https:// | [[https:// | ||
+ | |||
+ | {{:: | ||
+ | |||
===== 3 Encryption Algorithm ===== | ===== 3 Encryption Algorithm ===== | ||
- | The Enterprise File Fabric can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. The File Fabric uses [[http:// | + | The Enterprise File Fabric can be used to encrypt data transmitted to any storage provider |
* an initial Round Key addition | * an initial Round Key addition | ||
* Nr-1Rounds | * Nr-1Rounds | ||
* a final round. | * a final round. | ||
- | The chaining variable goes into the input and the message block goes into the âCipher | + | The chaining variable goes into the input and the message block goes into the Cipher |
Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https:// | Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https:// | ||
+ | |||
+ | [[https:// | ||
See also [[https:// | See also [[https:// | ||
- | ===== 4 Authentication | + | |
+ | ===== 4 Identity | ||
{{:/ | {{:/ | ||
- | Clients can be authenticated against the internal user database, or any directory service. The File Fabric includes out of the box support for Microsoft Active Directory, and services that support LDAP and SAML. One authenticated clients use the authentication token for the remainder of the session. | + | Clients can be authenticated against the internal user database or any directory service. The File Fabric includes out of the box support for Microsoft Active Directory, and services that support LDAP and SAML. Once authenticated clients use the authentication token for the remainder of the session. |
+ | |||
+ | [[2fa| Two-factor authentication]] may also be required with the options of Google Authentication, | ||
- | Two factor authentication may also be required with the options of Google Authentication, | + | Our staff has no way to access a password as it is stored encrypted. There is a means to access meta-data in the logs and database related to an account if a user requests help with a problem, and this is only ever used if a user requests us to look at a problem or issue with an account. Even so, this still requires an Administrator to authorise access, and it still does not grant any access to any encrypted passwords. |
- | Our staff have no way to access | + | If a storage provider supports [[http:// |
- | If a Cloud Provider supports | + | For more information see [[iam]]. |
===== 5 Data Loss Protection ===== | ===== 5 Data Loss Protection ===== | ||
- | {{ : | ||
- | Documents can be securely shared using the SME platform | + | Documents can be securely shared using the File Fabric |
* Documents can be encrypted on upload using 256 bit AES security. The private key is not stored on the platform and only known by the user. | * Documents can be encrypted on upload using 256 bit AES security. The private key is not stored on the platform and only known by the user. | ||
* Private links can be created for documents and these can be combined with passwords to secure the document. | * Private links can be created for documents and these can be combined with passwords to secure the document. | ||
Line 67: | Line 75: | ||
{{:/ | {{:/ | ||
- | The File Fabric supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory if single sign-on is being used. | + | The File Fabric supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory |
===== 7 Restrict by IP Address ===== | ===== 7 Restrict by IP Address ===== | ||
- | The File Fabric supports the ability to whitelist or blacklist IP addresses. This can be done at the Organization level (tenant) or on a per user basis. For more information see [[geoip]]. | + | The File Fabric supports the ability to whitelist or blacklist IP addresses |
- | ===== 8 Audit Security ===== | + | For more information see [[geoip]]. |
+ | ===== 8 Audit Security ===== | ||
{{:/ | {{:/ | ||
- | SME Cloud File Server SaaS or Appliance users have access to reporting abilities that can comprehensively audit all events that occur within | + | All file events that occur when using the File Fabric are recorded. |
+ | |||
+ | Reports can be accessed online, archived, and also exported as .cvs or excel files or the audit events can be configured to be output in syslog format so that log aggregators such as Splunk can be used to monitor / collate the resultant logs. | ||
Line 85: | Line 96: | ||
{{ : | {{ : | ||
- | Cloud File Server Saas and Appliance users can set governance | + | There are comprehensive |
===== 10 Bring your own Device security ===== | ===== 10 Bring your own Device security ===== | ||
- | {{:/ | ||
- | The Cloud File Server (CFS) Admin controls which devices and access clients that each user of the Cloud File Server | + | The File Fabric Administrator |
===== 11 Compliance Report ===== | ===== 11 Compliance Report ===== | ||
Line 110: | Line 120: | ||
* **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier. | * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier. | ||
- | ===== 13 Cyber Essentials ===== | + | * **Antivirus**- See [[antivirus]]. |
+ | |||
+ | ===== 13 Product Design and Testing ===== | ||
+ | |||
+ | The File Fabric is developed using the OWASP principle of Security by Design. Each product release, service pack, and patch is security audited and tested through the use of multiple third party security products. | ||
+ | |||
+ | Our own hosted Enterprise File Fabric Service, which features the latest iteration of bug fixes and features, is security tested daily. | ||
+ | |||
+ | |||
+ | ===== 14 Website Security ===== | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Our public websites is scanned regularly through [[https:// | ||
+ | |||
+ | We follow best practices in developing secure software, as mandated by GDPR, protecting for example against injection attacks, cross-site request forgery and session hijacking. We perform a third-party vulnerability code scan for each release. | ||
+ | |||
+ | These are the formats of the cookies are used. < | ||
+ | |||
+ | ^ Cookie ^ Type ^ What for ^ Retention ^ | ||
+ | | PHPSESSID | Functional | Unique ID of session | Session | | ||
+ | | %%< | ||
+ | | autologin | Functional | Token for remember me feature | 14 days | | ||
+ | | %%< | ||
+ | |||
+ | ===== 15 Cyber Essentials ===== | ||
Storage Made Easy is [[https:// | Storage Made Easy is [[https:// | ||
+ | |||
+ | It specifically covers: | ||
+ | |||
+ | * Boundary firewalls and internet gateways | ||
+ | |||
+ | * Secure configuration | ||
+ | |||
+ | * Access control | ||
+ | |||
+ | * Malware protection | ||
+ | |||
+ | * Patch management | ||
It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government. | It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government. | ||
- | ===== 14 London Office of Regional CyberSecurity Advancement (LORCA) ===== | + | {{ :: |
+ | |||
+ | ===== 16 London Office of Regional CyberSecurity Advancement (LORCA) ===== | ||
Storage Made Easy [[https:// | Storage Made Easy [[https:// | ||
Line 125: | Line 174: | ||
This includes ensuring products are secure as standard, rather than requiring an add-on solution, and at code level, as this remains a challenge across the sector. | This includes ensuring products are secure as standard, rather than requiring an add-on solution, and at code level, as this remains a challenge across the sector. | ||
+ | |||
+ | ### Also See | ||
+ | |||
+ | [[compliance|Compliance Standards]] | ||
+ |