Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
security [2019_04_10 23:47]
steven [5 Data Loss Protection] Added Content Discovery
security [2019_06_18 16:16] (current)
jim [2 Encrypted Data in Motion]
Line 2: Line 2:
 ====== Security ====== ====== Security ======
  
-SME provides a SaaS and hybrid on-premise Cloud solution ​which provides unique ​Cloud federation, governance and management features. This section of the Wiki outlines the security that is inherent within the SME hosted and on-premise appliance +SME provides a SaaS and hybrid on-premises multi-cloud content management ​solution ​called the Enterprise File Fabric. ​ This provides unique federation, governance and data management features. This section of the Wiki outlines the security that is inherent within the SME hosted and on-premises versions of the File Fabric.
 ===== 1 Data Center ===== ===== 1 Data Center =====
  
Line 20: Line 19:
 Administrators should also connect to storage providers using HTTPS. For storage providers with a fixed endpoint including AWS S3, Azure, Google Cloud Storage the File Fabric always uses HTTPS. Administrators should also connect to storage providers using HTTPS. For storage providers with a fixed endpoint including AWS S3, Azure, Google Cloud Storage the File Fabric always uses HTTPS.
  
 +[[https://​www.ssllabs.com/​ssltest/​analyze.html?​d=storagemadeeasy.com|Check out]] our online sites using [[https://​www.ssllabs.com/​index.html|Qualys SSL Labs site check]].
 ===== 3 Encryption Algorithm ===== ===== 3 Encryption Algorithm =====
  
-Storage Made Easy can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. ​SME uses [[http://​en.wikipedia.org/​wiki/​Advanced_Encryption_Standard|AES]]-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:+The Enterprise File Fabric ​can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. ​The File Fabric ​uses [[http://​en.wikipedia.org/​wiki/​Advanced_Encryption_Standard|AES]]-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:
   * an initial Round Key addition   * an initial Round Key addition
   * Nr-1Rounds   * Nr-1Rounds
Line 29: Line 29:
 The chaining variable goes into the input€ and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael; The chaining variable goes into the input€ and the message block goes into the “Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael;
  
-Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https://​storagemadeeasy.com/​clients_and_tools#​Mac|Mac]],​ [[https://​storagemadeeasy.com/​clients_and_tools#​Windows|Windows]] and [[https://​storagemadeeasy.com/​clients_and_tools#​Linux|Linux]] that enable the decryption of a file if you download it directly from a mapped cloud ie. without any access to the SME service.+Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https://​storagemadeeasy.com/​clients_and_tools#​Mac|Mac]],​ [[https://​storagemadeeasy.com/​clients_and_tools#​Windows|Windows]] and [[https://​storagemadeeasy.com/​clients_and_tools#​Linux|Linux]] that enable the decryption of a file if you download it directly from a mapped cloud ie. without any access to the File Fabric ​service.
  
 See also [[https://​storagemadeeasy.com/​pressrelease/​FIPS-140-2-compliance/​|FIPS U.S. Federal Government Validation of the Enterprise File Fabric™ Cryptographic Algorithm]]. See also [[https://​storagemadeeasy.com/​pressrelease/​FIPS-140-2-compliance/​|FIPS U.S. Federal Government Validation of the Enterprise File Fabric™ Cryptographic Algorithm]].
- 
 ===== 4 Authentication Security ===== ===== 4 Authentication Security =====
  
Line 63: Line 62:
 {{:/​security:​steps:​sme_6_access_control_secur.png}} {{:/​security:​steps:​sme_6_access_control_secur.png}}
  
-SME supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory if single sign-on is being used.+The File Fabric ​supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory if single sign-on is being used.
  
  
Line 106: Line 105:
  * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier.  * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier.
  
 +===== 12 Cyber Essentials =====
 +
 +Storage Made Easy is [[https://​www.cyberessentials.ncsc.gov.uk/​cert-search/?​query=storage%20made%20easy|Cyber Essentials Certified]].Cyber Essentials is a UK government information assurance scheme operated by [[https://​www.ncsc.gov.uk|the National Cyber Security Centre]] (NCSC) that encourages organisations to adopt good practice in information security.It includes an assurance framework and a set of security controls to protect information from threats coming from the internet.
 +
 +It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government.
 +
 +===== 13 London Office of Regional CyberSecurity Advancement (LORCA) =====
 +
 +Storage Made Easy [[https://​www.infosecurity-magazine.com/​news/​lorca-announces-additions-1-1/​|was selected]] to be one of the CyberSecurity innovators of LORCA'​s third cohort.
 +
 +LORCA is one of two cyber innovation centres as part of the National Cyber Security Strategy objective to grow the UK’s cybersecurity sector and make sure the UK is the safest place to live and do business online.
 +
 +Security by Design was selected as one of the most pressing challenges. The office is now on the lookout for cybersecurity solutions that make it significantly cheaper or easier for products to be made secure.
  
 +This includes ensuring products are secure as standard, rather than requiring an add-on solution, and at code level, as this remains a challenge across the sector.