Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
security [2019_06_18 16:16]
jim [2 Encrypted Data in Motion]
security [2019_10_15 20:48] (current)
steven [7 Restrict by IP Address]
Line 3: Line 3:
  
 SME provides a SaaS and hybrid on-premises multi-cloud content management solution called the Enterprise File Fabric. ​ This provides unique federation, governance and data management features. This section of the Wiki outlines the security that is inherent within the SME hosted and on-premises versions of the File Fabric. SME provides a SaaS and hybrid on-premises multi-cloud content management solution called the Enterprise File Fabric. ​ This provides unique federation, governance and data management features. This section of the Wiki outlines the security that is inherent within the SME hosted and on-premises versions of the File Fabric.
 +
 ===== 1 Data Center ===== ===== 1 Data Center =====
  
-For the hosted SaaS service SME uses multiple data centres in USA and Europe. All data centres are Tier IV facilities and are:\\ \\ USA: SSAE16 SOC1/2 compliant, have 24x7 armed security, facility surveillance,​ biometric + keycard access to the data floor, keycode access to the cage, plus our own surveillance on top of the facility surveillance.\\ \\ Europe:   The Data Centers have ISO27001:​2005,​ ISO9001:​2008 certification,​ plus 24x7 security, facility surveillance,​ biometric + keycard + mantrap access to the data floor, locking cabinets with physical key access\\ \\ UK:   This is a new facility, currently undergoing the iso 27001/9001 process and also has 24x7 security,   facility surveillance,​ biometric + keycard + mantrap access to the data floor, locking cabinets with keycode access+For the hosted SaaS service SME uses multiple data centres in USA and Europe. All data centres are Tier IV facilities and are: 
 + 
 +USA: SSAE16 SOC1/2 compliant, have 24x7 armed security, facility surveillance,​ biometric + keycard access to the data floor, keycode access to the cage, plus our own surveillance on top of the facility surveillance. 
 + 
 +Europe:   The Data Centers have ISO27001:​2005,​ ISO9001:​2008 certification,​ plus 24x7 security, facility surveillance,​ biometric + keycard + mantrap access to the data floor, locking cabinets with physical key access 
 + 
 +UK:   This is a new facility, currently undergoing the iso 27001/9001 process and also has 24x7 security,   facility surveillance,​ biometric + keycard + mantrap access to the data floor, locking cabinets with keycode access
  
 All data centres have 24/7 physical security, facility surveillance,​ biometric ,   keycard entry authentication and mantrap access to the data floor uninterruptible power and backup systems. All data centres have 24/7 physical security, facility surveillance,​ biometric ,   keycard entry authentication and mantrap access to the data floor uninterruptible power and backup systems.
Line 57: Line 64:
  
 ===== 6 Access Control Security ===== ===== 6 Access Control Security =====
- 
- 
  
 {{:/​security:​steps:​sme_6_access_control_secur.png}} {{:/​security:​steps:​sme_6_access_control_secur.png}}
Line 64: Line 69:
 The File Fabric supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory if single sign-on is being used. The File Fabric supports Access Control Permissions at a Role, User, or folder level for shared folders. The Permissions can be taken from Active Directory if single sign-on is being used.
  
 +===== 7 Restrict by IP Address =====
  
-===== 7 Audit Security =====+The File Fabric supports the ability to whitelist or blacklist IP addresses. This can be done at the Organization level (tenant) or on a per user basis.
  
 +For more information see [[geoip]].
 +
 +===== 8 Audit Security =====
  
  
Line 74: Line 83:
  
  
-===== Governance Options =====+===== Governance Options =====
  
 {{ :​security:​steps:​security-policies.png |}} {{ :​security:​steps:​security-policies.png |}}
Line 81: Line 90:
  
  
-===== Bring your own Device security ===== +===== 10 Bring your own Device security =====
- +
  
 {{:/​security:​steps:​sme_9_bring_your_own_devic.png}} {{:/​security:​steps:​sme_9_bring_your_own_devic.png}}
Line 89: Line 96:
 The Cloud File Server   (CFS) Admin controls which devices and access clients that each user of the Cloud File Server can connect from. By default all devices and access clients are enabled.  \\ \\ The Admin can entirely disable a user or just choose to disable access from any of the devices/​access clients from the users settings instantly disabling user access. The Cloud File Server   (CFS) Admin controls which devices and access clients that each user of the Cloud File Server can connect from. By default all devices and access clients are enabled.  \\ \\ The Admin can entirely disable a user or just choose to disable access from any of the devices/​access clients from the users settings instantly disabling user access.
  
-===== 10 Compliance Report =====+===== 11 Compliance Report =====
  
 The compliance report recommends settings that could be changed to enhance security. The user can jump from the online report directly to where the setting can be changed. The compliance report recommends settings that could be changed to enhance security. The user can jump from the online report directly to where the setting can be changed.
Line 95: Line 102:
 {{ :​security:​steps:​compliance-report.png |}} {{ :​security:​steps:​compliance-report.png |}}
  
-===== 11 Data Security =====+===== 12 Data Security =====
  
 In addition to encryption the solution includes a number of features for data security: In addition to encryption the solution includes a number of features for data security:
Line 105: Line 112:
  * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier.  * **Disaster Recovery** - The [[foreverfile|ForeverFile™ archive]] is a backup, disaster recovery and ransomware protection feature that continuously protects data, wherever it is stored. For each primary storage provider that is being protected, a separate secondary or Backup provider is configured. For maximum availability the backup cloud should be located in another data center. It could also be with different cloud vendor, storage technology or tier.
  
-===== 12 Cyber Essentials =====+===== 13 Cyber Essentials =====
  
 Storage Made Easy is [[https://​www.cyberessentials.ncsc.gov.uk/​cert-search/?​query=storage%20made%20easy|Cyber Essentials Certified]].Cyber Essentials is a UK government information assurance scheme operated by [[https://​www.ncsc.gov.uk|the National Cyber Security Centre]] (NCSC) that encourages organisations to adopt good practice in information security.It includes an assurance framework and a set of security controls to protect information from threats coming from the internet. Storage Made Easy is [[https://​www.cyberessentials.ncsc.gov.uk/​cert-search/?​query=storage%20made%20easy|Cyber Essentials Certified]].Cyber Essentials is a UK government information assurance scheme operated by [[https://​www.ncsc.gov.uk|the National Cyber Security Centre]] (NCSC) that encourages organisations to adopt good practice in information security.It includes an assurance framework and a set of security controls to protect information from threats coming from the internet.
Line 111: Line 118:
 It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government. It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government.
  
-===== 13 London Office of Regional CyberSecurity Advancement (LORCA) =====+===== 14 London Office of Regional CyberSecurity Advancement (LORCA) =====
  
 Storage Made Easy [[https://​www.infosecurity-magazine.com/​news/​lorca-announces-additions-1-1/​|was selected]] to be one of the CyberSecurity innovators of LORCA'​s third cohort. Storage Made Easy [[https://​www.infosecurity-magazine.com/​news/​lorca-announces-additions-1-1/​|was selected]] to be one of the CyberSecurity innovators of LORCA'​s third cohort.