Archive for the ‘FileCloud’ Category

Filecloud Ubuntu OS Upgraded!

Steps to Upgrade Ubuntu 16.04 to 18.04 LTS

Ubuntu 16.04 recently reached EOL, and some of the packages are no longer available in the repository. This creates an interesting challenge because those packages are necessary to run the upgrade.

To upgrade an Ubuntu instance from 16.04 LTS to 18.04 LTS (where the Filecloud server is running less than 21.1.x), follow the steps below:

Prior to running Ubuntu 16.04 LTS, you will need to back up the Filecloud server, as well as the  /var/www/html and /var/lib/mongodb paths. The chance of deleting this information during the OS upgrade is very high.

Run Backups:

  1. cp -rvf /var/www/html /var/www/html_backup
  2. cp -rvf /var/lib/mongodb /var/lib/mongodb_bkup

Perform Ubuntu Package Update:

Once the backups are complete, the next step is to perform the Ubuntu package update.

  1. apt-get update -y && apt-get upgrade -y
  2. apt-get dist-upgrade -y
  3. apt-get autoremove -y
  4. sudo reboot
  5. do-release-upgrade

NOTE: Select all the default options when prompted. Toward the end of the upgrade, you will need to restart your computer.

After Updating, Reinstall Packages:

After the upgrade is complete, you will need to reinstall certain packages, as the upgrade will have deleted them. To reinstall apache and php, please follow the steps below:

  1. LC_ALL=C.UTF-8 sudo add-apt-repository ppa:ondrej/php -y
  2. add-apt-repository ppa:ondrej/apache2 -y
  3. apt-get install unzip curl rsync python -y
  4. apt-get install apache2 build-essential libssl-dev pkg-config memcached -y
  5. apt-get install php7.2 php7.2-cli php7.2-common php7.2-dev php-pear php-dev php-zmq php7.2-zmq php7.2-json php7.2-opcache php7.2-mbstring php7.2-zip php7.2-memcache php7.2-xml php7.2-bcmath libapache2-mod-php7.2 php7.2-gd php7.2-curl php7.2-ldap php7.2-gmp php7.2-intl libreadline-dev php-pecl-http memcached php7.2-raphf php7.2-propro php7.2-mongodb php7.2-zmq -y
  6. a2enmod php7.2
  7. a2enmod headers
  8. a2enmod ssl
  9. apt-get -y install libmcrypt-dev
  10. cat <(echo “”) | pecl install mcrypt-1.0.2 2>&1
  11. service apache2 status
  12. Retrieve files from the backup (the OS Ubuntu upgrade from v16 to v18 will have removed them)
  13. rsync -avz /var/www/html_backup/ /var/www/html/
  14. chown www-data:www-data /var/www/html -Rf

 

Is your FileCloud version greater or lesser than 20.2? Install the cronjob using these commands:
Greater than 20.2 echo “*/5 * * * * php / /var/www/html/src/Scripts/cron.php” | crontab -u www-data –
20.2 or less echo “*/5 * * * * php /var/www/html/core/framework/cron.php” | crontab -u www-data –

 

If the above cronjob command fails, please follow the below method to troubleshoot the cronjob. Then run the command again.

  1. Check if /etc/cron.allow ; if www-data is present:
  2. vim /etc/cron.allow // Add “www-data” if not present.
  3. crontab -e -u www-data // Make sure that the crontab editor pulls up if it does it will work. exit editor.
  4. crontab -u www-data -l

Set Up PHP CLI:

Now we will set up the PHP CLI.

  1. sudo update-alternatives –set php /usr/bin/php7.2
  2. sudo update-alternatives –set phar /usr/bin/phar7.2
  3. sudo update-alternatives –set phar.phar /usr/bin/phar.phar7.2
  4. sudo update-alternatives –set phpize /usr/bin/phpize7.2
  5. sudo update-alternatives –set php-config /usr/bin/php-config7.2

Run the below command:

php -v // Make sure it shows the version to confirm it is working.
php -m // Make sure it shows the modules to confirm it is working

The expected output should be:

php -v

PHP 7.2.34-23+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Jul  1 2021 16:06:47) ( NTS )

Copyright (c) 1997-2018 The PHP Group

Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v10.3.2, Copyright (c) 2002-2018, by ionCube Ltd.
with Zend OPcache v7.2.34-23+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

php -m

[PHP Modules]

bcmath

calendar

Core

ctype

curl

date

dom

exif

fileinfo

filter

ftp

gd

gettext

gmp

hash

iconv

intl

ionCube Loader

json

ldap

libxml

mbstring

mcrypt

memcache

mongodb

openssl

pcntl

pcre

PDO

Phar

posix

propro

raphf

readline

Reflection

session

shmop

SimpleXML

sockets

sodium

SPL

standard

sysvmsg

sysvsem

sysvshm

tokenizer

wddx

xml

xmlreader

xmlwriter

xsl

Zend OPcache

zip

zlib

zmq

 

[Zend Modules]

Zend OPcache

the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured)

 

Upgrade FileCloud:

Once Filecloud is reopened, you can run the Filecloud upgrade with this command:

  • Enter: filecloudcp -u

If this command does not work, use:

  • wget http://patch.codelathe.com/tonidocloud/live/installer/filecloud-liu.sh && bash filecloud-liu.sh

 

Conclusion:

With the Ubuntu OS updated, FileCloud can work even better than before! The FileCloud support team is also available to provide assistance or answer questions.

 

Article written by Nandakumar Chitrasuresh

User-Based Management of Team Folder Permissions

Last month, we discussed how Folder Permissions work and how admins can grant or deny special permissions without needing to share multiple subfolders.

Today, we will discuss how an admin can grant “Manage” permissions to a user. This feature enables users to directly adjust folder permissions in Team Folders.

Today we will cover the following:

  1. Grant “Manage” permissions to a user from the Team Folder section.
  2. User-based management of permissions from the Front-End UI.

Grant “Manage” permissions to a user from the Team Folder section.

For our demo today, we will focus on a Team Folder called “Finance.”

We will now share the Finance folder with the Finance User Group:

In our Finance Group, we have a demo user called “damonphillips,” to whom we will grant “Manage” permissions:

To give security permissions to the user in the Finance Team Folder is to grant all permissions, including “Manage” in the Permissions section:

Add the user with all permissions:

Optional – enable user to view/edit shares.

If you want to give permission to the new Folder Manager to view/edit the “shares” from that Team Folder, you need to “Manage” the Team Folder share options. Go to “Misc” and grant “Allow Manage” option:

User-based management of permissions from the Front-End UI.

When our user now logs into the Front-End UI and then navigates to the Finance Team Folder, they will now see a “Security” tab in the sidebar on the right:

Since the Finance Group is already part of the Team Folder, the Team Folder manager can now change permissions for the rest of the team for a folder or a file.

For example, suppose the manager wants a specific member from the Finance group to have read-only access to the “Test Folder 2”. In that case, this user’s permissions can be edited by selecting “Test Folder 2”. Then click the “Manage Security” button in the “Security” tab.

The manager would then see the following screen:

From here, the manager can add users and edit permissions; for example, we will grant read-only permissions to a user:

This permissions update can be verified by going to the “Check Access” Tab and “Check user access” for the email account of the user.

Through this feature, admins can delegate Team Folder “Manage” permissions to managers. Managers can then create custom permissions for the contents of a Team Folder.

More information on managing team folder permissions can be found in the FileCloud documentation “Set Granular Permissions on Team Folders.” If you have any questions about Folder Permissions or any other FileCloud functionalities, please reach out to CodeLathe Support.

Article written by Daniel Alarcon

The New FileCloud Experience – Migrating from GWT to Vue.js

Launched in 2012, FileCloud has distinguished itself in the industry as an efficient system for Enterprise File Sharing, Sync, Backup and Remote Access. The system was built using the GWT Web Toolkit based on Java; however, after nearly ten years of growth and development, FileCloud was due for a UX revamp. We decided to rebuild the UI from scratch with a completely new framework: Vue.js. The reasons were simple:

  • Vue.js offers a smooth and slick user experience,
  • Vue.js is user- and developer-friendly, with tons of useful libraries, a solid community, and a great toolset.

The Need for a UX Revamp

To transform the classic UI to a new system, many challenges came up, mainly addressing backward compatibility. How will UI 2.0 communicate with the Apache server? Will the old shares be compatible with the new vue.js URL mechanism? Can the new system efficiently replace FileCloud solutions without alienating long-term customers?

With all these uncertainties, there are a few key points that make the task of reimagining FileCloud, an already existing solution used by customers, worth the trouble.

  1. “GWT is a great web toolkit in the market for writing AJAX applications” is a statement that would’ve been true a decade ago. However, GWT has been showing its age for a while now. Debugging takes significantly longer, due to falling market interest and industry support, as well as non-updated documentation.
  2. Recruiting and onboarding new employees is a pain due to a comparatively small talent pool for GWT.
  3. Switching to a newer framework offers an improved user experience that leverages the benefits of modern technologies; for use cases like this, Vue.js is arguably the “best” choice.

The Talent Behind the Scenes

The most significant driving force behind the success of the rewrite was the excellent team of engineers and developers. They were well aligned with the company vision, and their level of experience and expertise shone through. The rapport within the team helped everyone achieve a deep understanding of the task at hand, which helped the whole process conclude successfully. We started by reimagining and designing the look and feel of the new system. The new design was a major improvement, but translating that design into a live user experience required extensive teamwork. Four UI developers kicked off the development process with enthusiasm and momentum, aiming to deliver this extensive project in a short timeframe.

Understanding the Existing System

The primary prerequisite for a complete code rewrite is to have a thorough understanding of the existing system organization. This is easier said than done – it is extremely difficult to evaluate the scope of an existing project without looking into different user interfaces and examining how the system behaves under various configurations. When it comes to FileCloud, the system integrates smart options that govern functions, e.g. a file has security rules like DLP and Smart Classification associated with it that might allow or deny a user download based on different factors. Taking great care to note these kinds of details and filtering through classic GWT code, with help from the original contributors, helped map the original code and system organization.

It is easy to overlook all the work invested in building and debugging the original GWT code. Rewriting the code inevitably lead to new bugs that had to be found and fixed.

Project Planning

A job well planned is a job half done.

For a project with such a multifaceted scope, it was important to prioritize the important objectives. It was also helpful to tackle the tougher aspects of the work early on, so developers could gain a better handle on subsequent tasks. This is also an effective strategy to counter unexpected issues later on, which means more time can be allocated to polishing the codebase.

Planning in advance helps to mitigate factors that can adversely impact a project’s end result. Having a well-designed, realistic and transparent plan distributed evenly for the team is a must for a smooth operation throughout the duration of the project.

The team made use of several task management tools to track progress and manage the various tasks involved in FileCloud’s new UI development. Trello and YouTrack were specifically implemented to present the proposed workflow in a graphical and intuitive manner.

Agile and Continuous Development

Continuous development and feedback from the team and users were immensely instrumental during the UI revamp. A staging environment with the capacity to support a larger group testing the user experience ensured that product improvements could be implemented on the go. The Agile approach proved to be useful for phase-wise development, rather than trying to push all the changes at once to users. Following the pre-planned development path through a series of sprints ensured that we met our timeline and reduced issues or risk factors.

Retrospection

Planning a UX revamp of a widely used service like FileCloud comes with its own set of challenges.

First, reviewing old code and understanding the purpose of each module is not an easy goal to master in any situation, and FileCloud presented unique elements that demanded specific and careful attention to detail.

Second, incorporating feedback from users and trying to meet objectives within a predetermined timeline was difficult, but we were prepared to resolve these issues and relied on user feedback to inform the design of refactored and new elements in the revamped FileCloud.

Last, the migration strategy from the old to the new system involves significant planning. When implementing a UX revamp change like this one that has a great impact, a gradual change makes for a gentler transition. Users can access the new FileCloud, even as their old data, shares and URLs are maintained. Clients can even switch back to the classic UI whenever needed from the user dropdown on the top header.

In retrospect, the new FileCloud has been a challenging yet fulfilling experience. We at FileCloud hope that you love the new experience and provide feedback to help us improve further.

Article written by Niharika Sah

Using “Folder Permissions” in Team Folders

When companies migrate from local file servers to the cloud (for example, moving from Windows File Servers to FileCloud Online Storage), many system administrators worry about losing established NTFS Permissions.

FileCloud’s Team Folders has a built-in functionality designed to preserve these permissions called “Folder Permissions”. This functionality allows the administrator to specify custom permissions inside Team Folders for each file.

To explain, let’s use an example: a company has a Team Folder called “Customers”. Inside this main folder, it has one folder per customer, with the following structure:

In the “Customers” folder, the company wants to grant these permissions:

  • Sales Team Manager will have access to the “Customers” folder, with all file operations (view, download, upload, share, and delete).
  • Sales Team will have access to the “Customers” folder, with all file operations (view, download, upload, share, and delete), apart from subfolder “Customer 05”.
    • In this folder, the Sales Team should not have access to any file operations (view, download, upload, share, or delete), as the Sales Manager wants this information to be kept private.

To accomplish this, the administrator can do the following:
1. Share the Customers’ Team Folder with the Sales Team.
2. Edit the “Folder Permissions” in the “Customer 05” subfolder to disable all operations from the team, except for the manager.

1. Share Customers’ Team Folder with the Sales Team

From the admin portal, in the Team Folders section, select the “Customers” Team Folder. Then click “Manage” to share it with the Sales Team.

 

 

2. Edit Folder Permissions for “Customer 05”

In the Team Folder section, select the “Customer 05” folder and click on “Permissions”.

When you open the Permissions section, add the “Sales” group; by default, it will grant all the file operation permissions.

 

To block these operations, click on every green checkbox from right to left; they will turn into an “x”. This change blocks all operations to the Sales Team. To allow the team manager “John Doe” to perform all operations, add the correct User in the Folder Permissions section and grant all access to “John Doe”.

 

Close the Folder Permission window. All permissions are saved. Now, whenever a team member (not the manager) accesses the “Customers” Team Folder, they will not see the sub-folder “Customer 05”.

If the Sales Team manager goes to the “Customers” Team Folder, he will see all folders, including “Customer 05”.

For this example, we hid the folder from the rest of the team, but we can also set special permissions; for example, we can allow read access only, with all other operations blocked.

More information on managing team folder permissions can be found in the FileCloud documentation “Set Granular Permissions on Team Folders.” If you have any questions about Folder Permissions or any other FileCloud functionalities, please reach out to CodeLathe Support.

Article written by Daniel Alarcon

 

GDPR Compliance with FileCloud

Quick Refresher on GDPR

The General Data Protection Regulation or commonly known as GDPR is a broad set of rules ensuring data protection of all individuals within the EU. GDPR rules apply not only to companies located in the EU but all companies dealing with data of EU residents. Violation of GDPR may cost companies penalties of 4% of their revenue. The regulations were enforced on May 25th, 2018.

The GDPR is derived from a number of data protection principles. These principles outline the rules that organizations must follow when they collect, process, and store an individual’s personal data.

  • Consent and Transparency – When data is collected, organizations must be clear about why it’s being collected and how it’s going to be used. If the user requests information regarding the processing of data, then organizations should provide this in a timely manner.
  • Purpose limitation – Organizations must have plausible reasons for collecting and processing personal data. The data can be used only for the said purpose and should not be processed for any other use unless the user has provided their explicit consent.

  • Data minimization – According to GDPR, data must be relevant and limited to what is necessary for which they are processed. This means that organizations should only store the minimum data required for their purpose.

  • Accuracy – Personal data must be accurate, fit for purpose, and up to date. The organizations should regularly review information held about individuals and delete or amend inaccurate information accordingly. Users have the right to rectify or erase inaccurate and unnecessary data within 30 days.

  • Storage limitation – Once the data serves its purpose for which it was collected, it should be deleted or destroyed unless there are other grounds for retaining it. The GDPR does not specify how long you should store the data.

  • Integrity and Confidentiality – Your organization must ensure that all the security measures are in place to secure the personal data you store. This could be from internal threats such as unauthorized use, accidental loss, or damage, and external threats such as phishing, malware, or theft.

  • Accountability – This principle states that organizations must take responsibility for the data they hold and demonstrate compliance with the other principles. This means that organizations must be able to provide evidence of the steps they have taken to demonstrate compliance.

Key Updates on GDPR

GDPR hasn’t been the same since it’s enforced in 2018. Here’s a quick update of what has happened since it came into effect.

1. A broader definition of Joint Controller – A joint controller is a group of controllers that jointly determine the purposes and means of processing. According to CJEU, when you process customer data, you along with your fellow joint controller(s) will decide and manage each step so you’re compliant with the GDPR. You both are equally responsible to ensure the entire process is  GDPR compliant. Both of you are accountable to the data protection authority.

2. Privacy Shield is Invalid – the EU-US Privacy Shield lets companies sign up to higher privacy standards, before transferring data to the US. The agreement governing the transfer of EU citizens’ data to the United States has been struck down by the European Court of Justice.

3. Cookie Consent –  In May 2020, the EU updated its GDPR rules which also included these cookie consent points

  • Cookie walls should not be used
  • Consent must be explicit, scrolling or swiping a website does not imply consent.

4. The Big Fines –  The French data Regulator has fined google 50 Million euros for lack of transparency and valid consent. The UK ICO fined Marriott International Inc. £18.4m for not ensuring 339 million guest records security. They have also fined British Airways £20m for a data breach of 400,000 customers’ personal data.

Implementing GDPR with FileCloud

User Consent

Reconsider how you are collecting personal data. Are you buying mailing lists? Then it is time to start fresh with a new mailing list that you have procured from informed customers and have consent for collecting their e-mail addresses. You can still acquire users or convert visitors from your website. It can be done by allowing visitors of your website to add themselves to your mailing list using a signup form. While getting consent, make sure you provide a link to your privacy policy which informs people exactly what you will do with the collected data.

In FileCloud, an administrator can enforce privacy settings, so that a user sees an I agree to Terms of Use.

To view the actual terms of service, users should click I agree to Terms of Use.

Right to Access

This is one of the important rights that the GDPR has set for the users. This basically means data subjects at any point, can ask you about the data that has been collected. Moreover, they need to be responded to within a month by the data controller.

FileCloud allows data protection officers to search for user data across all file content and activity logs.

 

Right to Be Forgotten

Under GDPR, users can request the deletion or anonymization of any data that the companies possess on them. FileCloud offers features to delete files. FileCloud also provides a tool for anonymization of any data that companies possess relating to a user, including activities log.

Data Portability

Exporting data from your system should be possible. Commonly accepted formats include  .csv, .pdf or .txt files. This will allow you to manage the portability.

FileCloud allows the export of files in all these standard formats and activity logs in easily readable files. Users can move their files easily from FileCloud.

 

DPOs

The DPO should have a comprehensive understanding of the General Data Protection Regulation (GDPR). Companies having more than 250 employees should assign a data protection officer (DPO) to ensure compliance.

FileCloud has special user types with a subset of admin tools. Organizations can create special user accounts for their DPOs to monitor compliance. You can assign a subset of admin features that you want to for your DPOs.

Data Mapping

The data that is collected, stored, and being processed needs to be categorized. GDPR requires you to ensure that files with personal information have not been shared inappropriately by searching for sensitive information and reviewing who has accessed it. To assess the data path and who has access to data, you need to create a mind map to help guide your processes of GDPR compliance.

With FileCloud, IT and system administrators can now search for common data types. You can easily search using built-in pattern identifiers like e-mail addresses, phone numbers, and credit cards. FileCloud also has templates you can use to search for complex patterns such as license plate numbers, driver’s licenses, and national identification numbers.

References 

https://www.smashingmagazine.com/2021/02/state-gdpr-2021-key-updates/

https://www.getfilecloud.com/supportdocs/display/cloud/GDPR+Compliance+in+FileCloud

Enable Global Backup With FileCloud

You have stored sensitive data like your photos, documents, etc on your PC or laptop?  It’s very important to consider a global backup as often as possible. In short and simple terms, global backup is very important as stores a copy of your data in a different location other than your device. Backing up your data regularly can retrieve data in case of data loss or theft. In this digitalized world, data is a critical asset to any organization and they invest a huge amount to have a proper data protection plan & disaster recovery plan.

You can enable Global Backup for a user by modifying the profile to which the user belongs. This impacts all users who belong to that profile. Alternatively, you can move the user to a profile for which you enabled System, App Settings backup.​

Global backup of data is a crucial activity that every user of any device that holds data should be doing. Whether it’s a laptop, desktop, tablet, or even smartphone, you should be backing up your data in case of:

  • The device is destroyed.
  • The device is lost or stolen.
  • The storage device in the device (hard drive or flash memory) is corrupted or damaged.
  • A malware attack including a ransomware attack where data is encrypted by criminals.
  • Accidental deletion of the data.
  • Corruption of the data.

The global Backup Market is projected to reach $190.5 billion by 2024. The major factors encouraging the development of the global backup market are the creation is growing numbers of data and the growing implementation of Software as a Service [SaaS].

Benefits of Global Backup

Even the most reliable devices can break. Not to mention, human errors like accidentally deleting an important file yourself. Also, thefts and fires can’t be eliminated. The main purpose of backing up your data is, of course, the ability to roll back and access your archives in the event of local hardware failure. To run a business today, you need to have the confidence that in the case of vulnerability, your data will be protected and accessible. Here are some advantages of having a global backup

  1. Fast Access to Files
  2.  Safeguard against Power Failure
  3.  Added Antivirus Protection
  4. Protection against Failed Hard Drive – The user can restore the system and application settings from the failed device to the new device.
  5. Recovery – You can quickly recover your system settings in the event of a failure.

 

Configure Sync to Globally Backup Files and Folders

A FileCloud admin user can configure FileCloud Sync to set up a Global Backup for the users of their FileCloud System. This allows the Admin to specify local paths on the user’s computer that contains user-specific configurations to be included in the Sync Backup through default device configurations created in policies from the Admin Portal.

 

  1. Enable Endpoint Backup for FileCloud Sync from the Admin Portal.

FCEndpointBackup.png

2.  Install FileCloud Sync and enable Remote Management

 

 

3. In the policy used by Sync users, set a default device configuration for FileCloud Sync

A Global Backup is a feature that ensures backup of system and application settings across user devices. With Global Backup, administrators can restore what they need anytime, anywhere. Users no longer need to remember or reconfigure their system preferences.

Note :

  • Endpoint Backup must be enabled for FileCloud Sync from the Admin Portal.
  • FileCloud Sync must be installed on the users’ computers and Remote Management must be enabled.
  • The Sync users’ policy in the Admin portal must include this custom device configuration for Sync.

References

https://www.millioninsights.com/

https://www.getfilecloud.com/supportdocs/display/cloud/Globally+Backing+Up+User+Files+and+Folders

Using “Allow Manage” on FileCloud Team Folders

One of the most used features in FileCloud is “Team Folders”; it is an ideal solution for sharing folders and files within a team and later sharing the same files and folders with external users, such as customers and vendors partners, etc.

Team Folders have many options for managing users that can access files and folders stored in them:

In the user portal:

  • Your users can share to external users from the User portal‘s share option.

In the Admin UI:

  • You can add/remove users and groups from a Team Folder’s Manage Share window.
  • You can manage the access level to files and sub-folders by using the “Permissions” option in Team Folders.
  • You can give your FileCloud users Allow Manage permission for a Team Folder in the Manage Share window.

In today’s article, we will focus our attention on the Allow Manage feature. You can give this permission to individual users when you add them to a Team Folder.

How to enable the Allow Manage feature for a full user

To add a user to a Team Folder:

  1. Log in to the Admin portal.
  2. Go to Team Folders (in the left menu).
  3. Click on Manage for the folder you want to add the users to.

Add the user and set the permissions.

Example of adding a user to a Team Folder

The common actions you can enable for a user are Allow View, Allow Download, Allow Upload, Allow Share, and Allow Sync; however, there are two special actions that can be added: Allow Delete and Allow Manage. You can access them by clicking the Edit button in the Misc section:

When you open the Miscellaneous permissions for the selected account, you will find that Allow Delete is checked by default and Allow Manage is not.

misc permissions

Please check the Allow Manage checkbox and hit Save to allow the selected user to manage. You can then close the Manage Share main window.

We have now enabled the manage features for the selected user.

 

What options does the Allow Manage feature give to a user?

 

After you enable this for a full account user, it will give the user the ability to:

  1. Add full users to the Team Folder from the User Portal.
  2. View and manage other users’ shares within the Team Folder.

 

Adding full users to the Team Folder from the user portal

 

The Full user to which we enabled the Allow Manage permission now has the ability to add other team members to the Team Folder. After the user logs in to the user portal and navigates to the Team Folder when the Team Folder is selected, the Details pane (right sidebar) will show the Team Folder share options:

 

share details

The user can click on the “Manage Share” link to view the Team Folder share options; from here, the user can see the Team Folder users and add/remove other Full users to it.

Users who are part of share

To add a new user to the share, you invite a new user as you typically add users to a share:

Invite users to share

And the permissions for the new users can be enabled/disabled the same way as in the admin portal.

Set user permissions

View and manage other user’s shares within Team Folders

 

By default, other users can’t see what another user has shared externally; now, the user has access to this information with the Allow Manage feature enabled.

For example, if a user shares a sub-folder from a Team Folder that has Allow Manage permission, the main user can now view/manage the external share from the user portal.

When the full user navigates to the shared folder and selects it, it will display new information in the Details tab:

share details

 

Now, you can view the shares from other users. Some examples of how this is useful include but are not limited to:

  1. View/Add/Remove users from an existing share.
  2. Avoid creating duplicate shares to the same external user from other team members.
  3. Change the share settings (expiration date, access level of the external user – upload, download).

 

Understanding CMMC and Compliance Using FileCloud

CMMC

CMMC is a means by which the US Government is using to enforce a tiered approach to audit third-party compliance with NIST SP 800-171, based on five different levels of maturity. DoD third-party organizations have been required to comply with NIST 800-171 since January 1, 2018. In the past three years, the DoD struggled with the low rate of NIST 800-171 compliance across the Defense Industrial Base, and CMMC was created to address that systemic issue of non-compliance by both primaries and their subs. Also, when NIST 800-171 was initially launched, the DoD would not accept any form of 3rd-party audit for evidence of NIST 800-171 compliance, but that is exactly what CMMC does, so a lot has changed in the past three years from how NIST 800-171 adoption was initially envisioned.

The Center for Strategic and International Studies estimates that the total global cost of cybercrime was as high as $600 billion in 2017. The U.S. Department of Defense is enforcing a risk-management approach to improve cybersecurity measures of third-party partners by asking them to obtain the Cybersecurity Maturity Model Certification (CMMC). This certification is designed to improve the protection of Controlled Unclassified Information (CUI) and Federal Contract information (FCI), and the certification applies to DoD contractors. CMMC measures an organization’s approach to protect FCI and CUI. CUI is information that requires protection or audit controls according to federal law, regulations, and government policies.FCI is information provided by or generated by the government under a contract to develop or deliver a product or service to the government, not intended for public release.

Key Takeaways for CMMC

  • All companies conducting business with the DoD, including subcontractors, must be certified.
  • The CMMC is expected to combine relevant portions of various cybersecurity standards, such as NIST SP 800-171, NIST SP 800-53, ISO 270001, and ISO 27032, into one unified standard for cybersecurity.
  • Contractors will be required to be certified by a third-party auditor.
  • Certification levels of contractors will be made public, though details of specific findings will not be publicly accessible.
  • Contractors must clearly document practices and procedures with those requirements that already comply with CMMC practices or processes.

Five Levels of Maturity

Depending on your company and the business you conduct with the DoD will decide which level (1–5) you need.

  • Level 1 – Basic Cyber Hygiene: Includes basic cybersecurity suitable for small companies having a subset of universally accepted common practices. The processes at this level would include some basic performed cybersecurity practices. This level has 35 security controls that must be implemented successfully.
  • Level 2 – Intermediate Cyber Hygiene: Includes universally accepted cybersecurity best practices. Practices at this level should be documented, and access to CUI  will require multi-factor authentication. This level includes an additional 115 security controls on top of Level 1.
  • Level 3 – Good Cyber Hygiene: Includes coverage of all NIST SP 800-171 Rev. 1 controls and additional practices beyond the scope of current CUI protection. Processes at this level are maintained, and there is a comprehensive knowledge of cyber assets. This level requires an additional 91 security controls on top of those covered in Levels 1 and 2.
  • Level 4 – Proactive: Includes advanced and sophisticated cybersecurity practices. The processes at this level are periodically reviewed, properly resourced, and are improved regularly across the enterprise. In addition, the defensive responses operate at high speed and there is a knowledge of all cyber assets. This level has an additional 95 controls on top of the first three Levels.
  • Level 5 – Advanced / Progressive: Includes highly advanced cybersecurity practices. The processes involved at this level include continuous improvement across the enterprise and defensive responses performed at high speed. This level requires an additional 34 controls.

5 levels of CMMC

 

17 Domains of Security Requirements

The CMMC model consists of 17 domains, 14 of which are derived from the Federal Information Processing Standards (FIPS) Publication 200 and NIST 800-171

  1. Access Control
  2. Asset Management
  3. Audit and Accountability
  4. Awareness and Training
  5. Configuration Management
  6. Identification and Authentication
  7. Incident Response
  8. Maintenance
  9. Media Protection
  10. Personnel Security
  11. Physical Protection
  12. Recovery
  13. Risk Management
  14. Security Assessment
  15. Situational Awareness
  16. System and Communication Protection
  17. System and Information Integrity

FileCloud identifies loopholes in critical security controls according to your desired CMMC maturity level for each of the 17 domains and creates clear instructions for both improving your security position and meeting CMMC requirements. We will go through several domains and let you know how FileCloud helps you comply.

Access Control – FileCloud supports integration with Active Directory, LDAP, and SSO. In addition, FileCloud integrates your Network Shares with NTFS permissions to provide you with better access control of the data your users are allowed to view, upload, download, share, sync, or manage. Within FileCloud you can create users and groups and assign permissions and policies to them to allow or prevent them from accessing your data. FileCloud also supports DLP and granular folder permissions.

Asset Management – FileCloud’s Centralized Device Management allows you to view all the devices that have access to FileCloud using our mobile and desktop clients. FileCloud also includes functionality for creating reports of these devices to aid you in creating your inventory report.

Audit and Accountability –FileCloud’s auditing capabilities enable you to review who, when, where, and what is involved each time FileCloud is accessed. FileCloud also supports SIEM (blah) integration. FileCloud’s data governance capabilities allow you to apply multiple retention rules to avoid the deletion of auditable records you want to store in FileCloud.

Awareness and Training –To complement your internal employee training, FileCloud provides you with extensive information about applying best security practices while using FileCloud.  FileCloud also offers end–user training.

Configuration Management- FileCloud contains multiple configuration capabilities including but not limited to centralized device management, content classification, DLP, global policies, specific device configuration policies, Customization, Data Governance, user password enforcement, private sharing permissions, granular folder level permissions, etc.

Identification and Authentication-Besides FileCloud’s proprietary user authentication, FileCloud supports integration with Active Directory, LDAP, and SSO. FileCloud also supports Duo Security integration and 2FA.

Incident Response-FileCloud’s data governance dashboard displays potential rule violations such as DLP violations or retention policy violations. FileCloud workflows enable you to automate report generation, device approval, and other tasks.

Maintenance- Using FileCloud workflows, administrators have the ability to perform automatic maintenance tasks within FileCloud, for example, deleting files after a specified amount of time or disabling users who have not accessed FileCloud in a specific amount of time. FileCloud also supports automatic audit log trimming and exporting to a location defined by the administrator.

Media Protection-FileCloud’s antivirus integration via ClamAV or ICAP protocol enables you to verify the integrity of files as they are uploaded. FileCloud’s DLP provides you with granular control over your data. FileCloud supports in–transit encryption via HTTPS/SSL.

Personnel Security-FileCloud’s smart classification and DLP enable you to classify your data based on DLP rules that deny or allow downloads or sharing.

Recovery- The FileCloud Server Backup tool creates backs up your data automatically.

Conclusion

For your organizations to be CMMC Compliant, they must implement encrypted file sharing solutions. The end-user is responsible for utilizing suitable FileCloud capabilities as well as managing and maintaining the environment where FileCloud is being hosted to ensure the CMMC requirements are being met.

FileCloud is the commercial of the shelf software solution that helps businesses securely share, manage, and govern enterprise content. FileCloud software provides the necessary capabilities for organizations to obtain CMMC compliance.

 

References

Accellion CMMC Compliance Guide. (n.d.). ACCELLION. Retrieved 2021, from https://www.accellion.com/sites/default/files/resources/wp-accellion-cmmc-compliance-guide.pdf

Carey, B. (2020, May 11). Prepare for CYBERSECURITY Maturity Model certification (cmmc). Retrieved April 06, 2021, from https://blog.rapid7.com/2020/04/15/preparing-for-the-cybersecurity-maturity-model-certification-cmmc-part-1-practice-and-process/

Center for Strategic and International Studies (CSIS) & www.mcafee.com. (2018, February). Economic Impact of Cybercrime— No Slowing Down. Retrieved April 6, 2021, from https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/economic-impact-cybercrime.pdf

Cybersecurity Maturity Model Certification (CMMC) (Vol. 1). (2020). Carnegie Mellon University and The Johns Hopkins University Applied Physics Laboratory LLC.

DoD cybersecurity audits are Coming: Here’s how to prepare. (2021). Retrieved April 06, 2021, from https://www.sysarc.com/services/managed-security-services/cybersecurity-maturity-model-certification-cmmc-guide-for-dod-contractors/