Event Information:
-
Fri14Mar2014
Secure file sharing in the cloud made simple
Network World - Cloud storage applications are great enablers of worker collaboration and productivity. When two or more people need to share files back and forth, and especially when they don’t all have access to a single internal storage facility like SharePoint, an application like Dropbox or Box can be helpful. Someone creates a file, drags it to the storage application icon, and the file is sent to the cloud—just that easy.
But while end users are interested in ease of use, enterprises are more concerned about data security. In response, the providers of these services have enhanced data privacy and security capabilities; for example, by using SSL to secure a file during transmission to the cloud and by encrypting the file at rest in the cloud.
Despite those protections, some enterprises are still skittish about allowing sensitive files to be stored in the cloud. It comes down to who has access to the files in a potentially unencrypted form. The cloud storage provider, for example, might have access to files in plain text when it’s the one that encrypts the files and holds the keys. This situation can be illustrated with this passage from the Dropbox website under a section entitled, “How secure is Dropbox?”:
Dropbox employees are prohibited from viewing the content of files you store in your account. Employees may access file metadata (e.g., file names and locations) when they have a legitimate reason, like providing technical support. Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that's the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances.
This begs the question, how “rare” are the circumstances in which your private data is accessed by the cloud provider? “Rarely” is not the same as “never,” which is the answer most enterprises prefer. We need look no further than the example of Edward Snowden being the insider that gains access to sensitive information and exposes it inappropriately.
It is in this context that AlephCloud has introduced a solution called Content Canopy that provides encryption and key federation for cloud storage applications. Content Canopy helps to build the trustworthy cloud. Enterprises and cloud providers can use the solution to ensure that data stored in the cloud is fully encrypted at its source of creation and the cloud provider has no access at all to the keys.
There are two components to Content Canopy: client software and a cloud service that handles the key management and administration of the overall solution. Let’s break it down to see what each component does and how they fit together.
To get started using Content Canopy, a company subscribes to the service by buying X number of licenses from AlephCloud. An IT administrator gets a realm activation link and clicks this link to enroll himself in the service. Then he can invite end users to enroll by downloading an app to their desktop, laptop, iPhone or iPad (the company says Android support is coming soon).
