Archive for the ‘Security’ Category

A Brief History of Backend Data Security

Software is not like wine and cheese, it does not get better with age, on the contrary, security strength decreases over time because of software obsolescence. Data security has always been important. But since more people are working remotely as a result of the current health crisis, there are more opportunities for unauthorized access to your data than ever before.

Security is a group effort since the weakest link is the point of entry. According to a study conducted by IBM and The Ponemon Institute, the two root causes of data breaches in 2020 were compromised credentials (most often due to weak passwords) and cloud misconfigurations (leaving sensitive data accessible ). According to Gartner, In 2021, exposed APIs will pose large threats than UI in 90% of web-enabled applications. Organizations spend time and effort securing the information on the front end, but the attackers claw their way into the system anyway. Businesses need to set up another check on the way out of the network. In other words, if you miss a thief on the way in, you still can catch him on the way out. If the attacker accesses confidential information, it has value only if they can transfer it to their systems.

Database security is a complex process that involves all aspects of information security technologies and practices. It’s also usually at odds with database usability. The more accessible and easier it is to use the database, the more vulnerable it is; the more invulnerable the database is to threats, the more difficult it is to access and use. This paradox is called Anderson’s Rule.

Cyber Security evolution Over the Years

Let us take a look at how data security evolved over the decades. There are a few good stories in there you will enjoy reading.

1940’s

Access to the giant electronic machines was limited to a small group of people and they weren’t networked. Only a few people knew how to work them so there was no imminent threat. The theory regarding computer viruses was first known in 1949 when computer pioneer John Von Neumann said that computer programs could reproduce

1950’s

The roots of hacking are as much related to telephones as they are to computers. In the late 1950s, ‘phone phreaking’ was predominant. The term encapsulates several methods that ‘phreaks’ (people with an interest in the workings of telephones) used to override the protocols that allowed telecom engineers to work on the network remotely to make free calls.

1960’s

Most computers in the early 1960s were still huge mainframes, put away in secure temperature-controlled rooms. These were very costly, so accessibility – even to admins – was limited. Back then, the attacks had no commercial or geopolitical purposes. Most hackers were curious people or someone who wanted to improve existing systems.

1970’s

Cybersecurity actually began in 1972 with a project on ARPANET (The Advanced Research Projects Agency Network), a prequel to the internet. Researcher Bob Thomas came up with a computer program called “Creeper” that could travel within ARPANET’s network, leaving breadcrumbs wherever it went. The breadcrumb left a message saying: ‘I’m the creeper, catch me if you can’. Ray Tomlinson (the inventor of email ) wrote another program called Reaper. It chased and deleted Creeper. Reaper was the first antivirus software, it was also the first duplicating program, making it the first-ever computer worm.

1980’s

The 1980s saw an increase in high-profile attacks, like those at National CSS, AT&T, and Los Alamos National Laboratory. The terms Trojan Horse and Computer Virus were first used in 1980 s as well. Cybersecurity started to be taken more seriously. Tech users quickly learned to monitor the file size, having learned that an increase in the size of the file was the first sign of potential virus infection. Cybersecurity policies incorporated this, and a reduction in free operating memory remains a sign of attack to this day. Early antivirus software incorporated simple scanners that performed context searches to detect virus code sequences. Most of the scanners also included “immunizers” that made viruses think the computer was already infected and not attack them ( Similar to our vaccines).

1990’s.

New viruses and malware increased in the 1990s, from tens of thousands to around 5 million every year by 2007. In the mid-‘90s, it was clear that cybersecurity had to be mass-influenced to protect the public. One NASA researcher developed the first firewall program, basing it on the structures that prevent the spread of actual fires in buildings. By the end of the 1990s, email was booming and while it promised to revolutionize communication, it also opened up a new entry point for viruses.

2000’s

With the Internet being a household thing in the early 2000, cyber-criminals had more vulnerabilities to exploit than ever before. As more and more data was being stored digitally, there was more to hack._ In 2001, a new infection technique surfaced: people no longer needed to download – visiting an infected website was enough. Viruses infected the clean pages or ‘hid’ malware on legitimate web pages. Messaging services were also targeted, and worms were designed to propagate via IRC (Internet Chat Relay) channel. The development of zero-day attacks, which make use of gaps in security software and applications, meant that antivirus was less effective.

2010’s

Cybersecurity tailored specifically to the needs of businesses became more prevalent in 2011. As cybersecurity developed to handle a wide range of attack types, attackers started with their own innovations: multi-vector attacks and Social engineering. Attackers were smarter and antivirus was forced to move from signature-based methods of detection to next-gen innovations.

How the Backend Looks Like

Security is something that should be included in all stages of software engineering including architecture. Let us first understand how the back-end functions. Applications or front-end will never have access to the database directly. There is usually a master-slave approach to the architecture where there is an app server in between where the data is scrubbed (for protecting any personal data or PII) before sending it to the front-end.

Classic backend security design patterns | by Cossack Labs | Medium

So it is best to distribute security handling since there is no one solution for this. Most applications are framed so that people who are responsible for data management (application admins) are not given access to the underlying database. And people who have data access (Data scientists, Info-sec personnel, etc) are not included in the business end of the operations. The primary reason for this is for auditing. People who change data can do so only through the front end. The front end leaves an audit trail of actions taken. Having an audit trail keeps the application admins accountable. Also, you can prevent the app admins from looking at things they shouldn’t be looking at. Companies also prefer to keep their Architecture secret, since one of the ways to discover a vulnerability in a system is to understand what the underlying architecture is.

Common Threats to Data Security

We will now go through some common threats to data security in current times and how you can mitigate them

  • Injection Flaws – It happens when you pass unfiltered data to the SQL server, to the browser, to the LDAP server or anywhere else. The problem here is that the attacker can inject commands resulting in loss of data. Organizations that do not follow secure application coding practices and do not perform regular vulnerability tests are open to these attacks.
  • Broken Authentication – It’s the first line of defense against unrestricted access. However, if the implementation is poor and there is no proper security policy in place,it can lead to broken authentication. You can avoid it by doing Multi-Factor Authentication, enforcing a good password policy, limit the number of failed logins and incorporate session timeouts.
  • Cross-Site Scripting (XSS) – It occurs when the attacker posts some data containing malicious code that the application stores. This vulnerability is on the server-side; the browser simply renders the response. You can mitigate it by validating the input (Check for input length, use regex match and permit specific characters) and by validating output ( this data should be HTML-encoded to sanitize potentially malicious characters )
  • Insecure Direct Object References – A internal object such as a file or database key is exposed to the user. The problem with this is that the attacker can provide this reference and, if authorization is broken, the attacker can access the data and manipulate or steal it. The problem can be avoided by storing data internally and not being passed from the client via CGI parameters. Most frameworks have session variables that are well suited for this purpose.
  • Security Misconfiguration – It is the implementation of improper security controls, for servers or application configurations. Instances like running the application with debugging enabled in production, having directory listing enabled on the server which leaks valuable information, running outdated software, or having unnecessary services running on the machine may lead to the security vulnerability. The simple security misconfiguration solution is post-commit hooks, to prevent the code from going out with default passwords.
  • Sensitive Data Exposure – It occurs when the information is not properly protected in the application. Information such as credentials or sensitive data like credit cards or health records is usually targeted due to this vulnerability.. More than 4000 records are breached every minute. You can mitigate it by encrypting data both at rest and in transit. Incorporate key-based encryption and have a secure backup plan.
  • Missing function level access control – This can happen due to authorization failure at the server. You cannot keep an attacker from discovering this functionality and misusing it. Authorization must always be done on the server-side before giving any access or this vulnerability will result in serious problems.

Some Basic Security Practices to Cover all the Bases

Even a small error can allow the attackers to hijack the database systems that can cost up to millions. To prevent such consequences, organizations should always imbibe the “everything will be broken” threat model to secure databases and prevent valuable information from getting compromised. I have listed a few of the basic security measures you can take for your organization to keep your database safe

Separate Web server and Databases

Keep both the servers (application and database) on separate machines. A hosting server for the application can be utilized, but for storing customers’ valuable data, choose a separate database server with security features like multifactor authentication and proper access permissions. Hosting applications and databases on the same machine make it easier for the attackers to break into the system and hack into the administrator account.

Firewalls and Malware Solutions

Once the database is set up, it is important to ensure that is fully protected by a firewall that is capable of filtering any outbound connections and any requests which are meant to access information. The database server should also be protected from any malicious files by installing anti-malware and anti-ransomware software

Encryption and Backups

Encryption consists of protecting the data with a private key on the application server or the database server. So, even if attackers have access to the database, they cannot decrypt the data easily. Encryption of data in transit is also implemented, where the data is encrypted before it’s transferred over the network from the application server to the database server and vice-versa.

Account Management

Organizations should ensure the least number of users who can access the database (Usually Data scientist or Infosec personnel). There should be proper authentication (2FA, MFA, etc) process implemented for the users. Database credentials should be stored in a hashed format so they are unreadable. Activity logs should be updated regularly to monitor all the activities regarding queries and requests

Updated Operating Systems and Applications

All the third-party software, APIs, and plugins must be updated to their latest versions. These systems should be updated regularly or whenever the new patches are released. This ensures that the latest versions are capable of immunizing the system with newly discovered cyber threats.

Conclusion

Backend data protection is very important. It is critical for your sensitive data especially with new data protection policies in place all over the world. Using the best security practices, we can stop the most anticipated risks and start a foundation for really solid security for your product.

Keeping your Cloud Infrastructure Secure Using SIEM

What if instead of building a solution that processes and collects logs and security events, you could push the problem to the cloud through an encrypted channel? As a result, you would easily get detailed reports about threats to your company.

In this article, we will examine the topic of SIEM (Security Information and Event Management) and explain what SIEM is and what we gain from such a system. We will also list a few principles helpful in its implementation in the cloud model.

So, what’s the commotion?

SIEM is a multi-component security system for monitoring and analysis designed to help organizations detect threats and mitigate the effects of attacks. It combines several disciplines and tools under one coherent system:

  • Log Management System (LMS) – Tools used for traditional log collection and storage.
  • Security Information Management (SIM) – Tools or systems that focus on collecting and managing security-related data from multiple sources, such as firewalls, DNS servers, routers, and anti-viruses.
  • Security Event Management (SEM) – Systems based on proactive monitoring and analysis, including data visualization, event correlation and alerting.

SIEM is a term used today for a management system that combines all the above elements into one platform which knows how to automatically collect and process information from distributed sources, store it in one centralized location, compare various events and generate alerts based on this information.

The evolution of SIEM over time

SIEM is not a new technology. The platform’s core capabilities have existed in various forms for almost 15 years. Formerly, SIEM relied on local deployments to get a unified overview. This meant that hardware upgrades, data analysis, and scaling problems required constant tuning to achieve maximum performance. Modern SIEM tools focus on native sourcing support for cloud hosting providers. They also collect endpoint data such as parent/child processes into the flow to offer nuanced detection support – essential for compliance.

Why do we need SIEM?

No one doubts that the number and variety of attacks on information systems is constantly growing. System and network monitoring has always played a key role in protecting against attacks. Many interrelated attack methods and techniques have evolved over the years, and it has quickly become apparent that the changing nature of cybercrime means that some threats often go unnoticed.

For security analysts, SIEM systems are the central vantage point of the IT environment. By centralizing all the data that measures the health and security of your systems, you can have real-time visibility of all processes and events. The ability to correlate logs from multiple systems and present them in one view is the main advantage and benefit of SIEM.

Many complex incidents may go unnoticed by the first layer of security because individual events lack context. Rules set in SIEM systems and reporting mechanisms help organizations detect events that contribute to a more sophisticated attack or malicious activity. In addition, it is possible to automatically react to an ongoing attack and mitigate its effects.

What will you gain by moving SIEM to the cloud?

Cloud-based solutions provide flexibility to use a wide range of datasets in both on-premise and cloud-based systems. As more and more companies start working in models such as infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS), the ease of integration with third party systems shows that SIEM in the cloud makes even more sense. The most important benefits of moving SIEM to the cloud are the flexibility provided by hybrid architecture, automatic software updates, simplified configuration, scalable infrastructure, large possibilities of adjusting the system to individual needs and high availability.

5 rules to help implement SIEM in the cloud model

In order to fully use the potential of SIEM, in particular the versions intended for enterprises, you need a good action plan and a large dose of precaution and vigilance. With proper implementation, SIEM can transform an IT department from an infrastructure-based model to an information-centered model

Implementing and managing SIEM in the cloud increases accessibility, efficiency, and ease of management, but like any technology, it has some drawbacks and pitfalls. By following a few simple rules, you can avoid them:

1. Define your goals and adapt implementations to them

Before implementing, answer these 5 questions:

  1. What do you need SIEM for? Compatibility issues? BYOD? Vulnerability detection?
  2. How should SIEM be implemented to meet your expectations (what processes, functionalities and properties should be covered by the SIEM)?
  3. What should be recorded, analyzed and reported?
  4. What should be the scale of implementation to properly and cost-effectively meet your business needs?
  5. Where is the data that should be monitored? 

2. Incremental use.

The quickest way to succeed is to start with small steps to broaden your scope. In some cases, this may mean starting with managing the logs and adding a SIEM as soon as you understand the requirements, volume and needs. Now, when security as a service enables a flexible and scalable approach, the starting point may be to launch a SIEM within the scope of regulations and standards that you must comply with or within individual areas, departments or units.

3. Define an incident response plan.

You should plan and define actions to be taken when an incident attracts your attention. Do you investigate, suspend the user, deactivate the password, deny the service for a particular IP address, or apply other corrective measures based on the severity of the threat, the level of vulnerability, or the identity of the attacker? A well-defined incident response plan allows you to manage vulnerabilities in your network and ensure compliance with the requirements.

4. Real time monitoring 7/24/365.

This can be a challenge for many organizations, but hackers are awake. Despite the fact that SIEM is a fully automated solution, it requires constant vigilance and monitoring by a human 24 hours a day, and many IT departments do not have sufficient resources for this. In this case, security as a service has an advantage over traditional solutions and allows you to sleep more peacefully at night. Knowing that this element of the security process can be handled by professionals without the need to involve additional staff and budget makes the solutions in the cloud model worthy of interest.

5. Be cold as ice!

Soon after the implementation and launch of a SIEM you may observe the occurrence of a completely unexpected number and type of alarms due to malware, botnets, and a whole host of other security nightmares. It’s like viewing bedding under a microscope. You learn that you are surrounded by a lot of strange creatures that have always been there, but when you take adequate measures to get rid of them, they turn out to be not as dangerous as they looked. It is similar with the launch of SIEM. Once you realize what is a threat and how to react to it, you will be able to make intelligent decisions and automate the entire process more and more.

Summary

SIEM is a security platform that processes event records and collects them in one place, offering a single view of your data with additional information.

The most important benefits of moving SIEM to the cloud include:

  • Flexibility provided by hybrid architecture
  • Automatic software updates
  • Simplified configuration, scalable infrastructure
  • Large possibilities of adjusting the system to individual needs and high availability

To implement SIEM in your company, you need a good plan and a large dose of thrift and vigilance. Remember, be cold as ice!

 

Article written by Piotr Slupski.

Information Security – An Overview of General Concepts

Information Security – The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

– Definition of Information Security from the glossary of the U. S. Computer Security Resource Center

Why we need to protect information

Information and information systems help us to store and process information and distribute the right type of information to the right type of user at the right time. This sort of protection helps protect information from unauthorized access, distribution, and modification. Thus, it is evident that information is an asset and needs to be protected from internal and external resources.

CIA triangle

The CIA triad is a commonly used model for the requirements of information security.  CIA stands for confidentiality, integrity, and availability. These principles help in protecting information in a secured manner, and thereby safeguard the critical assets of an organization by protecting against disclosure to unauthorized users (confidentiality), improper modification (integrity) and non-access when access is required (availability).

Here, we’ll look at each of these concepts in more detail.

Confidentiality

Confidentiality helps to ascertain whether information is to be kept secret or private by employing mechanisms, such as encryption, which will render the data useless if accessed in an unauthorized manner. The necessary level of secrecy is enforced, and unauthorized disclosure is prevented.

Integrity

Integrity deals with the provision of accuracy and reliability of the information and systems. Information should be prevented from modification in an unauthorized manner by providing the necessary safety measures for timely detection of unauthorized changes.

Availability

Availability ensures that information is available when it is needed. Reliable and timely access to data and resources is provided to authorized individuals. This can be accomplished by implementing tools ranging from battery backup at a data center to a content distribution network in the cloud.

Balanced security

It is impossible to obtain perfect information security. Information security is a process, not a goal. It is possible to make a system available to anyone, anywhere, anytime through any means. However, such unrestricted access posses a danger to the security of the information.

On the other hand, a completely secure information system would not allow anyone to access information. To achieve balance, operate an information system that satisfies the user and the security professional – the security level must allow reasonable access, yet protect against threats.

Security Concepts

Vulnerabilities, Threats, and Risks. Security is often discussed in terms of vulnerabilities, threats, and risks.

Vulnerability

A vulnerability is a security weakness, such as an unpatched application or operating system, an unrestricted wireless access point, an open port on a firewall, lax physical security that allows anyone to enter a server room, or unenforced password management on servers and workstations.

Threat

A threat  occurs when someone identifies a specific vulnerability and uses it against a company or individual, thereby taking advantage of the vulnerability. A threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, or an employee circumventing controls in order to copy files to a medium that could expose confidential information.

Risk

A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact.

If a firewall has several ports open, there is a higher risk that an intruder will use one to access the network in an unauthorized method.

If users are not educated on processes and procedures, there is a risk that an employee will make an unintentional mistake that may destroy data.

If an Intrusion Detection System (IDS) is not implemented on a network, there is a higher risk an attack will go unnoticed until its too late.

Exposure

Exposure is an instance of data being exposed. If users’ passwords are exposed they may be accessed and used in an unauthorized manner.

Countermeasure

Countermeasures are put into place to mitigate potential risks. A countermeasure may be a software configuration, a hardware device, or a procedure that eliminates a vulnerability or that reduces the chances a threat agent will be able to exploit a vulnerability. Examples of countermeasures are strong password management, firewalls, security guards, access control mechanisms, encryption and security awareness training.

Security Governance

Information security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization. Security governance is closely related to and often intertwined with enterprise and IT governance.

 

This article was written by Catherin S. 

References

https://csrc.nist.gov/glossary/term/information_security

Devopedia. 2020. “Information Security Principles.” Version 4, July 21. Accessed 2021-03-28. https://devopedia.org/information-security-principles

Maymi, F., & Harris, S. (2018). CISSP All-In-One Exam Guide, Eighth Edition. McGraw-Hill Education.

Vi Minh Toi. (2016, September 10). Security Risk Management, Tough Path to Success. Retrieved from https://www.slideshare.net/sbc-vn/vi-minh-toi-security-risk-management-tough-path-to-success

Finding a Safe Place for Your Data and Software

Data Security

 

Your organization runs on data and software. But this whole IT environment needs to live somewhere. Preferably a safe place that no unwanted people can access.

What options do you have? How should you choose where to host your data and your software?

In this article, we’ll explore these topics in-depth, hopefully giving you that bit of additional information that you need to choose a safe place for your IT environment.

 

Where can you host your software/data?

The traditional way is to host it on your own servers, which is called on-premise hosting.

It’s private by nature because the whole infrastructure is dedicated only to your company. The software literally lives on your own machines, along with the data and all of your intellectual property. Servers don’t need to actually be located at your headquarters, they’ll probably be in a dedicated data center.

The “new” (it’s not that new and pretty much standard by now) way to manage your IT resources is cloud hosting.

It’s public by default because it’s provided by a company like Amazon or Microsoft, whose insane server power is shared by all of their customers. But it can be private because cloud providers offer the option to get a share of their servers dedicated only to your company.

Finally, you can also mix the different options, and then you get hybrid hosting. There are a lot of ways to organize a hybrid solution, with different combinations of hardware and software. Choosing one cloud provider doesn’t mean you can only use that one, you can also combine different services from multiple providers.

How much control do you need?

When it comes to hosting your software and data, available server options generally fall into these categories:

  • Control the hardware, control the software
  • Control the hardware, outsource the software
  • Outsource the hardware, control the software
  • Outsource the hardware, outsource the software

Control the hardware and software

If you need to control and customize the performance of your physical servers, as well as the software that runs them, the go-to choice is on-premise hosting.
Control the hardware, outsource the software

What if you need to control the hardware, but you want the same workload management experience that’s offered by big cloud providers? There are ways to run, for example, AWS services on your own on-premise servers. The offerings in this area vary based on the provider.

Outsource the hardware, control the software

Your server workloads are pretty typical, you don’t need custom hardware for your IT environment – but you want to use, for example, FileCloud to share and manage your organization’s data. You can easily run FileCloud on AWS, as well as other services that you might need.

Outsource the hardware and software

This is probably the most popular solution at the moment for non-enterprise companies. You just spin up a server instance at your favorite cloud provider and manage it using the software tools they provide. Use it to host your data, your ERP system, or your SaaS, without worrying about the server infrastructure.

Comparing hosting options – On-Prem vs Cloud vs Hybrid

On-premise

So far we know that on-premise hosting is private (dedicated only to your company), with your IT environment living on your own physical servers.

But when should you use on-premise hosting? Modern tech companies usually start with the cloud, and move on to on-prem.

Take the case of Instagram, they migrated to Facebook’s infrastructure after FB bought them in 2012.

(but then they also branched out to different data centers around the world to ensure that all of their users have a good experience, so they’re definitely not on-prem only)

Companies and enterprises that have been around for decades tend to go from on-prem to adding a bit of cloud, or migrating to the cloud completely.

Like when AdvancedMD moved to the cloud. AdvancedMD is a healthcare-related provider of digital services that’s been around since 1999, which makes this a great example. The most common argument for on-premise hosting is that it’s the most secure option for highly sensitive data. AdvancedMD runs on healthcare data, which is extremely sensitive, and yet nothing tragic happened when they migrated to the cloud.

As AdvancedMD proves, the issue of security is not that important anymore. Both on-premise and cloud hosting can safely store sensitive data.

So the choice between on-prem and cloud is more about control and/or customization.

For the highest amount of control, and the ability to literally customize every part of your infrastructure, on-prem is the right option. Long-term cost management is easier, however, it takes a large initial cost to build your on-prem hosting from the ground up.

On-prem is also a good option when you have high demands:

  • You’re constantly moving large amounts of data in and out of your servers (cloud providers can charge fees for moving data outside of your cloud),
  • You need the lowest latency possible.

One problem with on-prem is that it’s harder to scale, but you can use a cloud provider to mitigate this issue.

Cloud

You’ve probably heard this, but – there is no cloud, it’s always somebody’s server. It’s a popular saying, but it carries a hidden warning about your data being on somebody else’s server.

How big is the risk that cloud providers will mismanage your data, or give someone else access to it? Unless you’re handing out access credentials to your cloud to everyone you meet, the risk is actually very small.

There is no way cloud would’ve become the new standard for hosting if it were risky. Providers know this, and they’ve put extreme amounts of money into making sure that your resources are safe with them.

Another popular issue that people bring up when talking about the cloud is compliance with standards. But it turns out that cloud providers are surprisingly compliant with cross-industry IT standards, so this issue depends on your unique case.

There is a different, much more real, risk associated with the cloud – cost management.

Sure, at the start you pay much less compared to an on-premise solution. As you keep going, it’s super easy to spin up new services from a cloud provider, especially if you have a huge IT budget.

This is a benefit because you can scale up extremely easily. It’s also a problem because you might end up paying for a lot of unnecessary services.

So if you don’t want to overspend, you need to be very careful about managing your cloud infrastructure.

Choosing cloud isn’t a problem of compliance nor security, but rather a problem of your unique workloads. As we learned above, on-premise can be better when you need to move huge amounts of data regularly, or you need minimal latency.

For example, if your servers are just supposed to do the standard job of serving a website to people online, the cloud is the logical solution. But if you’re building a complex web application that performs difficult computations on large amounts of data, you’ll probably be better off with an on-prem, or a hybrid solution.

Hybrid

And so we arrive at the most common option, hybrid hosting.

The complex demands of enterprise IT environments make it almost impossible to just pick one hosting option and roll with it for eternity.

There are too many considerations:

  • Integrating with legacy software,
  • Speed vs reliability,
  • Location of data,
  • Latency…

… and so on, and different parts of a typical IT environment require varying approaches. For example, a cloud provider might work for your in-house data store, but you still need on-prem servers to run particular applications or legacy software.

Hybrid hosting is a way to address all of this complexity because you can combine multiple options to create the infrastructure that meets your requirements to the letter.

Summary

All in all, there is no silver bullet when it comes to hosting your data and software. The safest place for your IT environment might be at a cloud provider, or on your own on-premise servers. Or both.

It depends on what you need, and it turns out that security and compliance are not the biggest issues when you’re thinking about migrating to the cloud. It’s more about the type of data workloads that you have, and the requirements that result from this.

Hope this article was helpful, thank you for reading!

Best Practices for Secure Content Management

Whitelabel SaaS
Content management systems are becoming popular and necessary as a way to organize, manage, and secure organizational web and enterprise content. The CMS offers multiple attack opportunities for targeting commercial or public sector data. How can IT, administrators, creative personnel, and developers ensure CMS security?

Between January and September 2019 there were over 7.9 billion data records were hacked — a 33% increase from the same time a year ago. Although hackers are the obvious culprits oftentimes it is a minor human error or lack of basic security hygiene resulting in a data breach.

Types of Content Management Systems

There are 3 types of CMS software: open source, proprietary, and Software-as-a-Service CMS.

Open Source  CMS can be installed/managed on a web server. Numerous customizations are available to address the different business needs, such as plugins for websites, optimize content for search engines, or customize your design themes and layouts

Proprietary CMS software is built and managed by a company. Using such CMS generally involves:

getting a license to use the software paying monthly or annual charges
additional costs for customization and upgrades, as well as for training and technical /user support.

SaaS CMS solutions usually include web content management software, web hosting, and technical support with a  supplier. These are virtual solutions hosted in the cloud and based on a subscription model, usually on a per-user or per-site basis. The pricing usually includes:

amount of data transfer
storage for your content and data

Threat to Content Management Systems

Data manipulation: SQL injections and changing parameters/settings is a popular hack.
Accessing data: Using SQL injections or Cross-Site Scripting (XSS) attacks to compromise user data. A hacker uses a web application to send malicious code, usually a browser-side script or malicious SQL statements.
Code Injection: Code Injections can result in loss of data or corrupted data, lack of accountability, or denial of access.
Spam: Web crawlers scan the Internet for legit email addresses and send spam accordingly. Attackers send spam through the application’s server, turning it into a spam relay server.
Broken Authentication is the incorrect implementation for authentication while functions such as logging off, session expiry, secret questions, password reset, etc. If the authentication mechanisms have not been properly implemented, it is possible to take advantage of this weakness in order to gain more rights over the application.

Some examples of poor implementation of authentication process are: different return error for a failed authentication, improper process for providing a forgotten password, no existing protection against an excessive number of attempts, reminders along with authentication questions

Sensitive Data Exposure distorts the integrity and confidentiality of data. Many web applications fail to protect sensitive data in a proper way, with the appropriate encryption. For transferring secure data, web applications can use the secure version of HTTP protocol – HTTPS (Hypertext Transfer Protocol Secure) protocol which uses SSL (Secure Sockets Layer) for the protection of messages transmitted via the network.

Breach Prevention in Content Management System

Strong Passwords: The passwords used by both users and administrators of the CSM need to follow best practices. As with all passwords, they should be hard to guess but easy to remember, so relatively lengthy passphrases based on a random collection of words work best. Or you can use passwords randomly generated by a good password manager.

Multi-Factor Authentication: Multi-factor authentication, when available, provides much better protection for accounts than passwords/phrases.
Assign Access Roles: You should also take advantage of the ability to assign roles and/or permissions. WordPress allows you to set different roles for different users, such as Contributor (can draft posts but not publish), Author (can publish his/her own posts), Editor (can publish or edit their own and others’ posts), and administrator (can change settings and has complete control of the site).  Limit the number of persons who have administrative access.
Layered Security: Opt for a Web Application Firewall (WAF), which adds an extra layer of security to your CMS website to stay protected from attacks.
Check your plug-ins: Although these are often premium, there are quality free themes and plugins as well. Quality in this case means they have a good track record which you can assess by studying their reviews and number of downloads. The more reviews available, the more accurate your assessment. Never use pirated plugins or themes.
SSL Certificate: Install SSL on your web server which establishes a secure connection between your server and the client.
Have Backup: This allows you to reset your compromised website back to its previous state. Do this after you have identified and corrected the security weakness that caused your site to get hacked

Conclusion

Content management can be a challenge in today’s information-intensive working environments, and CMS can help you to get a handle on the creation, publication, and organization of all that content – but don’t forget the need for security to protect your information, and (if you’re self-hosting) your servers and network, as well.

Reference

https://www.opensourcecms.com/best-saas-based-content-management-systems/

https://www.nibusinessinfo.co.uk/content/different-types-content-management-systems

https://www.appliedi.net/blog/seven-security-tips-wordpress-content-management-system/

 

Best Alternatives for Citrix Sharefile in 2021

In our age of information, most modern enterprises have started to move towards the digitization of data. Never have there been quite so many enterprise file-synchronization and sharing (EFSS) solutions available on the market — and while a wide range of choice is always good, it also makes it much more difficult to choose the perfect solution for your organization. 

Citrix Sharefile is one such top contender and one of the biggest solutions on the market. However, there are certain issues with Citrix Sharefile that make it a less-than-desirable option for certain enterprises. As such, we’ve put together a list of great EFSS solutions for your consideration, as well as their pros and cons, so that you can pick the one that offers all the features your enterprise might need, while remaining affordable and within your price range. 


Citrix ShareFile

Localized ShareFile WebUI available | Citrix Blogs

  Pricing: Standard Plan: $55/5 users/month | Advanced Plan: $85/5 users/month | Premium Plan: $135/5 users/month | Virtual Data Room Plan: $375/5 users/month

✓  Storage: Unlimited storage space

✓  Security: Standard encryption and SSL/TLS. Recovery sites in both the US and EU.

✓  Features: Collaborative and productivity-enhancing tools, custom electronic signature tool. File-versioning features.

Sharefile is Citrix’s enterprise-class cloud storage solution, and they’re well-known in the commercial software and service industry. Notable features of Sharefile include an auditing system that generates activity reports, integration with Single Sign-On, download alerts, and two-factor authentication. This cuts down on the amount of time it would take to print out a document, sign it, and scan it to the cloud.

Unfortunately, despite their generous offer of unlimited storage, they do have a file size limit. The solution itself doesn’t support Linux. Plus, with a standard plan starting at $55, paywalls for features and their enforced 5-user pricing plan, it’s safe to say that Sharefile isn’t the most affordable solution for smaller organizations. Reportedly, Sharefile’s licensing plans are also misleading.

Pros

  • Great plugin support. For instance: the Outlook plug-in makes it easy to share files securely with customers via email.
  • Flexible folder creation and sharing process
  • Easily share large files with clients, vendors and external personnel
  • Allows multiple remote teams to collaborate in real-time with a simple management process.

Cons

  •  Interface is less intuitive compared to other solutions.
  • Not commonly used in all industries, presenting a learning curve to some users.
  • Sorting out your preferences is time-consuming. As a standalone product it suffers from lack of integration with Google and/or Microsoft products.
  • Confusing and varied pricing with many features locked behind paywalls

Now that we’ve gone over Citrix Sharefile in-depth, let’s go over some alternatives, in case those aforementioned issues are in fact a deal-breaker for your company.


FileCloud

 

  Pricing: FileCloud Online: $10/user/month (Standard), $15/user/month (Enterprise) || FileCloud Server: $4.20/user/month | FileCloud Server: Contact for Quote

✓  Storage: FileCloud Online: 1TB out-of-the-box, +100GB/user  (Standard), +200GB/user (Enterprise)  || FileCloud Server: Unlimited

✓  Security: FileCloud is compliant with all the most stringent data governance policies, such as HIPAA and GDPR. Encryption at rest and in transit, 256-bit AES encryption, granular file-sharing, password-protected, public and private shares.

✓  Features: From deployment models to unlimited client accounts, branding capabilities and more, FileCloud is filled with incredible enterprise-level features.

Naturally, we’re proud of our own product and firmly believe FileCloud to be one of the most powerful and affordable EFSS solutions on the market. FileCloud offers on-premise, public and a unique hybrid cloud deployment model. This deployment flexibility separates FileCloud from its competitors, and ensures that your team can enjoy the benefits of both on-premise and cloud storage systems — read more on our hybrid infrastructure here.

Our pricing is also one of the most affordable on the market, while offering larger storage plans, better enterprise-level features, and unlimited FREE external client accounts — all great for your wallet and your ROI. Feature-wise, we consider seamless, remote access to your data as the bare minimum that a good file-solution should offer. Collaborative and content management tools, a comprehensive admin panel, plus infinite customization options are all features that ensure not just your team, but also your clients and sysadmins get in on the enhanced EFSS experience.

Last but certainly not least, FileCloud is compliant with most data security governance policies, meaning that you’ll never see your organization’s good name tainted in headlines labelled with “Security Breach” or “Data Leaks”. Plus. it’ll save you tons on the fines and fees that’ll rack up if you go with a less-secure option.

Pros

  • Beautiful, simple, intuitive and responsive user interface that can be accessed via local client or browser.
  • Tons of keyboard shortcuts and quick actions to cut down on time
  • No file limit — massive files can be exchanged with anyone anywhere in the world at enterprise level speeds.
  • Ultimate data governance compliance and security, with DLP functionalities, an extensive admin panel, audit trails, encryption and multi-factor authentication
  • Collaborative tools and integration with tons of common office software
  • Enterprise-level content management capabilities: file-versioning, metadata classification, user policy management and light workflows for the easier management and organization of your team’s hard work.
  • Unlimited free external accounts for clients, vendors, etc.

Cons

  • Setup process can be intimidating without proper training, although there is documentation to mitigate that.
  • Unable to use a protocol different than HTTPs for downloads; this can be problematic for companies that restrict it.
  • The solution does not offer a free plan, although there is a two week free trial and a 10$/year Community Edition Plan.

Dropbox

Dropbox -

  Pricing: Basic Plan: Free | Plus Plan: $11.99/user/month  | Professional Plan: $19.99/user/month

✓  Storage: Basic Plan: 2GB | Plus Plan: 2TB | Professional Plan: 3TB

✓  Security: AES 256-bit encryption for data at rest and AES 128-bit encryption for data in transit; however, known past security issues

✓  Features: Unique “Paper” and “Showcase” features: basic “Notes” and “Portfolio” app respectively

With its clean, intuitive UI and easy-to-use features, Dropbox has become a well-known, household name in terms of file storage. Dropbox also offers password-protected links, integration for Office 365 and Google Drive, and strong administrative tools. However, while it certainly has its pros, we feel strongly that there are better enterprise-level file-sharing solutions — and here’s why. 

Due to the system’s popularity, it’s always been a popular target for hackers. Even now, it doesn’t offer local encryption. Their customer service certainly leaves more to be desired, as seen from their lack of 24/7 customer support.

And above all that, despite having fewer features than many enterprise-level solutions out there, Dropbox is far from the most affordable on the market, especially with their 5-user minimum. Plus, with their measly 2GB- free storage and paywalls for unlimited storage, it certainly feels like the solution is out to milk their users dry.

Pros

  • Offers file-versioning: Once a file has changed, Drive keeps an older version of the file as backup in case of malicious activity or negligence
  • Fantastic conflict resolution features – automatically creating a “conflicted copy” of a file whenever a potential conflict is detected (i.e. a file is being edited by two people at the same time).
  • Plugins for Microsoft Office that allow for multiple people to edit a file simultaneously without creating conflicts.
  • Provides a “smart sync” feature, allowing for files to be seen on the computer locally, but not stored locally until opened up. This allows a user to access all of his/her Dropbox files without using up disk space

Cons

  • Dropbox for Business is very limited compared to alternatives, which usually include not just file syncing capabilities but an entire office suite.
  •  You cannot edit files without downloading them
  • The Dropbox file compression will degrade the media quality to a noticeable extent when clicking a direct play link
  • Mobile versions face challenges when dealing with big files, rendering the solution less flexible

Google Drive

How to Find Anything in Google Apps - The Ultimate Guide to G ...

  Pricing: Free Plan: Free | Basic Plan: $6/user/month | Business Plan: $12/user/month | Enterprise Plan: $25/user/month

✓  Storage: Free Plan: 15GB | Basic Plan: 30GB | Business & Enterprise Plan: Unlimited, or 1TB / user if less than 5 users

✓  Security: Encryption in transit; no option to encrypt individual documents. Multi-factor authentication.

✓  Features: Google Drive comes with powerful, recognized collaborative tools, such as Google Docs, Sheets and Slides.

Having quickly risen in popularity over the past couple of years, Google Drive is now a powerful file-sharing solution on the market. A file storage and synchronization program created by Google, it’s best known for its collaborative capabilities via Google Docs, Sheets and Slides, which offer real-time collaborative editing of documents, spreadsheets and slides respectively. 

The solution’s enterprise plan, GSuite, comes with a similarly clean and intuitive UI, as well as integration with popular enterprise softwares such as Autodesk, Salesforce, and more. Apart from this, Google Drive for Business offers unlimited cloud storage, access from any device, offline file access, includes apps like Gmail, Google Keep, Google Sites, as well as enterprise-grade access controls, e-discovery for emails, chats and files.

However, reportedly, users have encountered frequent connectivity and syncing issues while using Google Drive. Plus, while Google Drive has fairly beefy data security with encryption in-transit and at-rest, human error on part of the developers has led to security issues, such as when Google Photos started sending private videos to strangers

Pros

  • Lovely mobile application and collaborative tools for anywhere, anytime access
  • Has a great free option, making it useful for any small businesses that do not have a lot of funds
  • Readily compatible with many apps.
  • Ease of installation, ease of setup and you don’t need much technical knowledge to use it as an end-user.
  • Gmail integration

Cons

  • The processes of uploading (automatically), deleting, scrolling, and downloading are tedious as they have to be done by checking each file.
  • Interface can quickly become cluttered when large amounts of files are uploaded and edited
  • No virtual drives or mounting to computers as hard drives
  • Security issues galore in the past; they’ve been fixed today, but it’s still certainly concerning.

Box

Cloud Storage Services for Business Use - armix.one

  Pricing: Box Starter: $5/user/month | Box Business: $20/user/month | Box Business Plus: $33/user/month | Box Enterprise: $47/user/month

✓  Storage: Box Starter: 100GB | Box Business: Unlimited | Box Business Plus: Unlimited | Box Enterprise: Unlimited

✓  Security: A regulatory-compliant Zero-Knowledge Provider. Tools to manage user perms and customer-managed encryption keys.

✓  Features: Secure collaborative and project-management tools, as well as rule sets for work-flow automation

While perhaps less of a household name than Dropbox, Box, founded in 2005 and based in California, is also an incredibly strong contender on the EFSS market. With tools that integrate with other services, like Google Docs, Box also goes above and beyond in offering custom branding capabilities and letting users create a professional appearance for their organization.

Plus, Box’s security is nothing to scoff about, being a uniquely zero-knowledge provider and offering tons of options for encryption and user management.

Unfortunately, with their heavy local encryption, Box transfers tend to get slow — something that could impede or even cripple the seamless remote workflows that have become the norm today. Box also does not offer any options for on-premise or self-hosting, nor local storage, and does not perform end-point backups. Plus, while it certainly provides tons of enterprise-level features, it’s also significantly pricier than almost any solution on the market.

Here’s a quick rundown of some of its finer points, for ease of comparison:

Pros:

  • Mobile access
  • Integration with other applications  such as: Microsoft Office, Google, Salesforce, DocuSign etc
  • Ability to add/edit multiple users
  • Editing documents
  • Workflow automation
  • Box “Notes” functionality for project management tasks, such as status updates and meeting notes
  • Custom Branding
  • Global compliance standards, such as ITAR, HIPAA, PCI DSS 3.1, FINRA/SEC 17a-4, FISMA, ISO27001:2013, and ISO 27018

Unfortunately, as mentioned, there are some huge deal-breakers that come with the solution.

Cons:

  • No indication when a file is open by another user, leading to over-saving of each other’s work during collaboration.
  • Box is relatively pricey compared to its competitors
  • Not much documentation and an unfriendly user interface make it hard to get into
  • Box Sync doesn’t work on older Windows OS versions
  • Transfers can be slow due to heavy local encryption

OneDrive

Microsoft updating OneDrive with better web UI and sharing options ...

  Pricing: Business Plan 1: $5/user/month | Business Plan 1: $10/user/month | Microsoft 365 Business Basic: $5/user/month | Microsoft 365 Business Standard: $12.50/user/month

✓  Storage: All Plans: 1TB – extra storage space can be purchased separately for up to 1TB/$9.99/month

✓  Security: Standard encryption, file-locking, paywalls for SSO/SAML Authentication

✓  Features: Advanced sharing, mobility and security. Heavy integration with Office software.

Microsoft OneDrive is a file hosting service and synchronization service operated by Microsoft as part of its web version of Office. Naturally, this Microsoft-based solution heavily integrates with Office 365 programs that most teams use, such as Microsoft Word, Excel and Powerpoint, as well as Outlook, which is a huge plus. Certain plans even grant access to said software. It also provides encryption at rest and in transit. Overall, it has robust features that make it a strong solution, as expected from Microsoft.

Unfortunately, data privacy issues have surfaced time and time again with large corporations, and OneDrive is no exception. When using this solution, Microsoft can scan your files for “objectionable content”, stating that file security cannot be guaranteed for said content.

Pros

  • Great integration with other Microsoft Office Tools
  • Device synchronization ensures access of files from any device.
  • Cloud storage of data makes it’s easy to access files and documents.
  • Multiple files can be uploaded simultaneously

Cons

  • Data privacy issues and lack of multi-factor / other authentication options
  • Has less base storage and quickly gets pricey past the 1TB storage option
  • User interface is clunky and takes time to get used to
  • Syncing of shared files can produce issues and even get slow

Conclusion

There is, of course, no one-size-fits-all EFSS option, but we hope that this helps your enterprise, company or organization make a better and informed decision about which EFSS solution is best for you. If you have any questions about our FileCloud solution, we are always happy to answer them — just pop over to our main site and strike up a conversation with any of our live chat specialists!

Best Alternatives for Google Drive in 2021

In our age of information, most modern enterprises have started to move towards the digitization of data. Never have there been quite so many enterprise file-synchronization and sharing (EFSS) solutions available on the market — and while a wide range of choice is always good, it also makes it much more difficult to choose the perfect solution for your organization. 

Google Drive is one such top contender and one of the biggest solutions on the market. However, there are certain issues with Google Drive that make it a less-than-desirable option for certain enterprises. As such, we’ve put together a list of great EFSS solutions for your consideration, as well as their pros and cons, so that you can pick the one that offers all the features your enterprise might need, while remaining affordable and within your price range. 


Google Drive

How to Find Anything in Google Apps - The Ultimate Guide to G ...

  Pricing: Free Plan: Free | Basic Plan: $6/user/month | Business Plan: $12/user/month | Enterprise Plan: $25/user/month

✓  Storage: Free Plan: 15GB | Basic Plan: 30GB | Business & Enterprise Plan: Unlimited, or 1TB / user if less than 5 users

✓  Security: Encryption in transit; no option to encrypt individual documents. Multi-factor authentication.

✓  Features: Google Drive comes with powerful, recognized collaborative tools, such as Google Docs, Sheets and Slides.

Having quickly risen in popularity over the past couple of years, Google Drive is now a powerful file-sharing solution on the market. A file storage and synchronization program created by Google, it’s best known for its collaborative capabilities via Google Docs, Sheets and Slides, which offer real-time collaborative editing of documents, spreadsheets and slides respectively. 

The solution’s enterprise plan, GSuite, comes with a similarly clean and intuitive UI, as well as integration with popular enterprise softwares such as Autodesk, Salesforce, and more. Apart from this, Google Drive for Business offers unlimited cloud storage, access from any device, offline file access, includes apps like Gmail, Google Keep, Google Sites, as well as enterprise-grade access controls, e-discovery for emails, chats and files.

However, reportedly, users have encountered frequent connectivity and syncing issues while using Google Drive. Plus, while Google Drive has fairly beefy data security with encryption in-transit and at-rest, human error on part of the developers has led to security issues, such as when Google Photos started sending private videos to strangers

Pros

  • Lovely mobile application and collaborative tools for anywhere, anytime access
  • Has a great free option, making it useful for any small businesses that do not have a lot of funds
  • Readily compatible with many apps.
  • Ease of installation, ease of setup and you don’t need much technical knowledge to use it as an end-user.
  • Gmail integration

Cons

  • The processes of uploading (automatically), deleting, scrolling, and downloading are tedious as they have to be done by checking each file.
  • Interface can quickly become cluttered when large amounts of files are uploaded and edited
  • No virtual drives or mounting to computers as hard drives
  • Security issues galore in the past; they’ve been fixed today, but it’s still certainly concerning.

Now that we’ve gone over Google Drive in-depth, let’s go over some alternatives, in case those aforementioned issues are in fact a deal-breaker for your company.


FileCloud

 

  Pricing: FileCloud Online: $10/user/month (Standard), $15/user/month (Enterprise) || FileCloud Server: $4.20/user/month | FileCloud Server: Contact for Quote

✓  Storage: FileCloud Online: 1TB out-of-the-box, +100GB/user  (Standard), +200GB/user (Enterprise)  || FileCloud Server: Unlimited

✓  Security: FileCloud is compliant with all the most stringent data governance policies, such as HIPAA and GDPR. Encryption at rest and in transit, 256-bit AES encryption, granular file-sharing, password-protected, public and private shares.

✓  Features: From deployment models to unlimited client accounts, branding capabilities and more, FileCloud is filled with incredible enterprise-level features.

Naturally, we’re proud of our own product and firmly believe FileCloud to be one of the most powerful and affordable EFSS solutions on the market. FileCloud offers on-premise, public and a unique hybrid cloud deployment model. This deployment flexibility separates FileCloud from its competitors, and ensures that your team can enjoy the benefits of both on-premise and cloud storage systems — read more on our hybrid infrastructure here.

Our pricing is also one of the most affordable on the market, while offering larger storage plans, better enterprise-level features, and unlimited FREE external client accounts — all great for your wallet and your ROI. Feature-wise, we consider seamless, remote access to your data as the bare minimum that a good file-solution should offer. Collaborative and content management tools, a comprehensive admin panel, plus infinite customization options are all features that ensure not just your team, but also your clients and sysadmins get in on the enhanced EFSS experience.

Last but certainly not least, FileCloud is compliant with most data security governance policies, meaning that you’ll never see your organization’s good name tainted in headlines labelled with “Security Breach” or “Data Leaks”. Plus. it’ll save you tons on the fines and fees that’ll rack up if you go with a less-secure option.

Pros

  • Beautiful, simple, intuitive and responsive user interface that can be accessed via local client or browser.
  • Tons of keyboard shortcuts and quick actions to cut down on time
  • No file limit — massive files can be exchanged with anyone anywhere in the world at enterprise level speeds.
  • Ultimate data governance compliance and security, with DLP functionalities, an extensive admin panel, audit trails, encryption and multi-factor authentication
  • Collaborative tools and integration with tons of common office software
  • Enterprise-level content management capabilities: file-versioning, metadata classification, user policy management and light workflows for the easier management and organization of your team’s hard work.
  • Unlimited free external accounts for clients, vendors, etc.

Cons

  • Setup process can be intimidating without proper training, although there is documentation to mitigate that.
  • Unable to use a protocol different than HTTPs for downloads; this can be problematic for companies that restrict it.
  • The solution does not offer a free plan, although there is a two week free trial and a 10$/year Community Edition Plan.

Dropbox

Dropbox -

  Pricing: Basic Plan: Free | Plus Plan: $11.99/user/month  | Professional Plan: $19.99/user/month

✓  Storage: Basic Plan: 2GB | Plus Plan: 2TB | Professional Plan: 3TB

✓  Security: AES 256-bit encryption for data at rest and AES 128-bit encryption for data in transit; however, known past security issues

✓  Features: Unique “Paper” and “Showcase” features: basic “Notes” and “Portfolio” app respectively

With its clean, intuitive UI and easy-to-use features, Dropbox has become a well-known, household name in terms of file storage. Dropbox also offers password-protected links, integration for Office 365 and Google Drive, and strong administrative tools. However, while it certainly has its pros, we feel strongly that there are better enterprise-level file-sharing solutions — and here’s why. 

Due to the system’s popularity, it’s always been a popular target for hackers. Even now, it doesn’t offer local encryption. Their customer service certainly leaves more to be desired, as seen from their lack of 24/7 customer support.

And above all that, despite having fewer features than many enterprise-level solutions out there, Dropbox is far from the most affordable on the market, especially with their 5-user minimum. Plus, with their measly 2GB- free storage and paywalls for unlimited storage, it certainly feels like the solution is out to milk their users dry.

Pros

  • Offers file-versioning: Once a file has changed, Drive keeps an older version of the file as backup in case of malicious activity or negligence
  • Fantastic conflict resolution features – automatically creating a “conflicted copy” of a file whenever a potential conflict is detected (i.e. a file is being edited by two people at the same time).
  • Plugins for Microsoft Office that allow for multiple people to edit a file simultaneously without creating conflicts.
  • Provides a “smart sync” feature, allowing for files to be seen on the computer locally, but not stored locally until opened up. This allows a user to access all of his/her Dropbox files without using up disk space

Cons

  • Dropbox for Business is very limited compared to alternatives, which usually include not just file syncing capabilities but an entire office suite.
  •  You cannot edit files without downloading them
  • The Dropbox file compression will degrade the media quality to a noticeable extent when clicking a direct play link
  • Mobile versions face challenges when dealing with big files, rendering the solution less flexible

Box

Cloud Storage Services for Business Use - armix.one

  Pricing: Box Starter: $5/user/month | Box Business: $20/user/month | Box Business Plus: $33/user/month | Box Enterprise: $47/user/month

✓  Storage: Box Starter: 100GB | Box Business: Unlimited | Box Business Plus: Unlimited | Box Enterprise: Unlimited

✓  Security: A regulatory-compliant Zero-Knowledge Provider. Tools to manage user perms and customer-managed encryption keys.

✓  Features: Secure collaborative and project-management tools, as well as rule sets for work-flow automation

While perhaps less of a household name than Dropbox, Box, founded in 2005 and based in California, is also an incredibly strong contender on the EFSS market. With tools that integrate with other services, like Google Docs, Box also goes above and beyond in offering custom branding capabilities and letting users create a professional appearance for their organization.

Plus, Box’s security is nothing to scoff about, being a uniquely zero-knowledge provider and offering tons of options for encryption and user management.

Unfortunately, with their heavy local encryption, Box transfers tend to get slow — something that could impede or even cripple the seamless remote workflows that have become the norm today. Box also does not offer any options for on-premise or self-hosting, nor local storage, and does not perform end-point backups. Plus, while it certainly provides tons of enterprise-level features, it’s also significantly pricier than almost any solution on the market.

Here’s a quick rundown of some of its finer points, for ease of comparison:

Pros:

  • Mobile access
  • Integration with other applications  such as: Microsoft Office, Google, Salesforce, DocuSign etc
  • Ability to add/edit multiple users
  • Editing documents
  • Workflow automation
  • Box “Notes” functionality for project management tasks, such as status updates and meeting notes
  • Custom Branding
  • Global compliance standards, such as ITAR, HIPAA, PCI DSS 3.1, FINRA/SEC 17a-4, FISMA, ISO27001:2013, and ISO 27018

Unfortunately, as mentioned, there are some huge deal-breakers that come with the solution.

Cons:

  • No indication when a file is open by another user, leading to over-saving of each other’s work during collaboration.
  • Box is relatively pricey compared to its competitors
  • Not much documentation and an unfriendly user interface make it hard to get into
  • Box Sync doesn’t work on older Windows OS versions
  • Transfers can be slow due to heavy local encryption

OneDrive

Microsoft updating OneDrive with better web UI and sharing options ...

  Pricing: Business Plan 1: $5/user/month | Business Plan 1: $10/user/month | Microsoft 365 Business Basic: $5/user/month | Microsoft 365 Business Standard: $12.50/user/month

✓  Storage: All Plans: 1TB – extra storage space can be purchased separately for up to 1TB/$9.99/month

✓  Security: Standard encryption, file-locking, paywalls for SSO/SAML Authentication

✓  Features: Advanced sharing, mobility and security. Heavy integration with Office software.

Microsoft OneDrive is a file hosting service and synchronization service operated by Microsoft as part of its web version of Office. Naturally, this Microsoft-based solution heavily integrates with Office 365 programs that most teams use, such as Microsoft Word, Excel and Powerpoint, as well as Outlook, which is a huge plus. Certain plans even grant access to said software. It also provides encryption at rest and in transit. Overall, it has robust features that make it a strong solution, as expected from Microsoft.

Unfortunately, data privacy issues have surfaced time and time again with large corporations, and OneDrive is no exception. When using this solution, Microsoft can scan your files for “objectionable content”, stating that file security cannot be guaranteed for said content.

Pros

  • Great integration with other Microsoft Office Tools
  • Device synchronization ensures access of files from any device.
  • Cloud storage of data makes it’s easy to access files and documents.
  • Multiple files can be uploaded simultaneously

Cons

  • Data privacy issues and lack of multi-factor / other authentication options
  • Has less base storage and quickly gets pricey past the 1TB storage option
  • User interface is clunky and takes time to get used to
  • Syncing of shared files can produce issues and even get slow

Citrix ShareFile

Localized ShareFile WebUI available | Citrix Blogs

  Pricing: Standard Plan: $55/5 users/month | Advanced Plan: $85/5 users/month | Premium Plan: $135/5 users/month | Virtual Data Room Plan: $375/5 users/month

✓  Storage: Unlimited storage space

✓  Security: Standard encryption and SSL/TLS. Recovery sites in both the US and EU.

✓  Features: Collaborative and productivity-enhancing tools, custom electronic signature tool. File-versioning features.

Sharefile is Citrix’s enterprise-class cloud storage solution, and they’re well-known in the commercial software and service industry. Notable features of Sharefile include an auditing system that generates activity reports, integration with Single Sign-On, download alerts, and two-factor authentication. This cuts down on the amount of time it would take to print out a document, sign it, and scan it to the cloud.

Unfortunately, despite their generous offer of unlimited storage, they do have a file size limit. The solution itself doesn’t support Linux. Plus, with a standard plan starting at $55, paywalls for features and their enforced 5-user pricing plan, it’s safe to say that Sharefile isn’t the most affordable solution for smaller organizations. Reportedly, Sharefile’s licensing plans are also misleading.

Pros

  • Great plugin support. For instance: the Outlook plug-in makes it easy to share files securely with customers via email.
  • Flexible folder creation and sharing process
  • Easily share large files with clients, vendors and external personnel
  • Allows multiple remote teams to collaborate in real-time with a simple management process.

Cons

  •  Interface is less intuitive compared to other solutions.
  • Not commonly used in all industries, presenting a learning curve to some users.
  • Sorting out your preferences is time-consuming. As a standalone product it suffers from lack of integration with Google and/or Microsoft products.
  • Confusing and varied pricing with many features locked behind paywalls

Conclusion

There is, of course, no one-size-fits-all EFSS option, but we hope that this helps your enterprise, company or organization make a better and informed decision about which EFSS solution is best for you. If you have any questions about our FileCloud solution, we are always happy to answer them — just pop over to our main site and strike up a conversation with any of our live chat specialists!

FileCloud Aurora – All About DRM Capabilities

Introduction

In November 2020, FileCloud released update 20.2 – a complete rehaul of our Sync, Mobile and browser UI and functionalities. We at FileCloud have been working on this for a very, very long time, and so we’re incredibly proud to present to you: FileCloud Aurora.

Today, we’re going to be covering one of the most important security functions that Aurora introduces: DRM Capabilities.

For a comprehensive overview of all of FileCloud Aurora’s new features, please visit our previous blog post Introducing FileCloud Aurora!.

Secure Document Viewer

If the new UI was the biggest change in terms of appearance, FileCloud Aurora’s new Digital Rights Management (DRM) capabilities are unquestionably the most significant change in terms of functionality. 

Your data security has always been FileCloud’s number one priority. We’ve got all the files you’re storing with us safe and sound, but what happens when you need to send out or distribute important documents, such as external contracts, reports, or training materials? Our new DRM solution ensures that nothing you send out gets used in a malicious or abusive manner, even after it’s left your system and entered others. 

Our secure document viewer helps you protect confidential files from unsolicited viewing with FileCloud’s restricted viewing mode. Show only selected parts of the document and hide the rest of it — or choose to reveal sections only as the user scrolls, minimizing the risk of over-the-shoulder compromisation.

For more details, read more about the FileCloud DRM solution here

Screenshot Protection

Utilize the Screenshot Protection feature to prevent recipients from taking screenshots of secure information and documents.

This is an option that can be selected when you create your DRM Document or Document Container, and prevents any recipients from taking screenshots of the document. Not only that, the recipient won’t be able to share screens or screen-record to share the documents either, nullifying any chance of your documents being distributed without your permission or consent.

Document Container 

Easily and securely export multiple documents in an encrypted document container (AES 256 encryption), and share it via FileCloud or third party emails. 

DRM Protection

Support for Multiple File Formats

Protect your Microsoft Office (Word, Powerpoint, Excel), PDF, and image (jpeg, png) files, and include multiple types of files in a single encrypted document container! FileCloud’s DRM solution doesn’t discriminate, ensuring all your most regularly used file, folder and document formats can all be easily handled by our containers and viewer. 

Anytime Restriction of Access to Your Files

Remove the risk of accidentally transmitting confidential files and enforce your policy controls even after distribution. You can revoke file access or change view options (screenshot protection, secure view and max account) anytime, via the FileCloud portal.

Thanks for Reading!

We at FileCloud thank you for being a part of our journey to creating the most revolutionary user interface and experience on the market. We’d love to know what you think about these changes. For full information about all these changes, release notes can be found on our website here

We hope that you’re as excited about these new changes as we are. Stay safe, and happy sharing, everyone!

Security Risks During Remote Work and How to Address Them

 

Working from home increases the risks of critical data theft, especially if you are using your personal laptop for the work and not a company-issued one.

Generally, people use personal laptops with a casual attitude, without worrying about unnecessary services running on it. Unwanted ports open to the internet, with different torrent clients, cracked software, and unpatched OS. Moreover, people do not hesitate to use any random software on their personal laptops. These increase the risks of malware infection and data theft. Most of these things are taken care of in a company laptop, as IT teams take care of these basic IT hygiene practices while configuring official laptops.

The second possible attack surface during WFH is other internet-connected devices to our home WiFi. A poorly configured WiFi router at our home or an infected home laptop connected to the same WiFi which we are using for work from home can pose major security risks.

Business activities that were once conducted in protected office environments, and monitored under specific policies, have quickly transitioned to new, and potentially less secure territory. For example, customer service agents who worked in closely managed call centers are now managing sensitive customer data at home.

The rapid shift to working from home has also changed the ways many organizations do business from moving face-to-face meetings to video conferencing calls to adding new collaboration tools—yet the survey showed many employees are lacking guidance, direction, and policies.

Allowing employees to access company data from offsite locations raises concerns about data encryption, the security of wireless connections, the use of removable media, and potential loss or theft of devices and data. In a 2018 survey by Wi-Fi security company iPass, 57% of CIOs reported they suspect their mobile workers had been hacked or were the cause of security problems. Very few companies are confident that their remote employees used virtual private networks (VPNs) to increase security when connecting to company networks. Sixty-two percent of security incidents related to Wi-Fi connections happen when employees use networks in cafes or coffee shops, and 27% of workers in the U.S. admit to opening emails and attachments from unfamiliar senders. Devices are often compromised as a result, putting both personal and company data at risk.

Cybercriminals are taking advantage of fear surrounding COVID-19 and using it to accelerate attacks against organizations, primarily with COVID-themed phishing emails. In response, it is necessary for companies to take sufficient measures to inform employees and set up policies that will help protect the confidentiality and integrity of their information as well as maintain the availability of their systems for remote employees.

End-Point Protection for Home Users

Modern endpoint detection and response (EDR) solutions are designed to operate outside the corporate network. These solutions prevent malware and enable threat hunting. They also give you the ability to initiate immediate response actions, such as preventing new malware from running or removing malware from systems. Building a secure endpoint ecosystem is the need of the hour. Hackers want to compromise any and every device because cybercrime is a booming business to siphon billions. As wireless endpoint devices inch closer to acting as corporate infrastructure in the current remote work scenario, debunking the myth that wireless hijacking cannot be done across remote geographic locations becomes more critical.

Risk-Free Remote Access

Many business owners don’t understand the requirements for a robust remote access policy. Access needs and practices are changing among all workers, not just remote employees, and professional guidance is becoming essential to prevent serious problems like identity theft, data breaches, and data loss.

IT and cybersecurity professionals can evaluate the security risks companies face and develop customized protocols to minimize these risks, but 44% of companies aren’t bringing the pros in to help. Therefore, many executives may miss key insights into potential vulnerabilities and fail to implement proper protection for remote workers.

Multiple Factor or 2 Factor Authentication

2FA or Multi-Factor Authentication is one of the best solutions to the standard single sign-on method. It requires that your users present multiple pieces of evidence to verify their identity. An example of this would be answering a question like “where did you go to school?” and then entering your ID and password to gain access to the remote access software. Just adding a simple question like this can greatly enhance your security. You could take it a step further and require your outside vendors to call your operations department in order to acquire a single-use passcode to remotely access your data, in addition to using their private ID and password.

Use VPN for Critical Access

Many corporate departments like Finance and Human Resources may be handling sensitive data outside the physical office for the first time. Employees who are still traveling for urgent or mission-critical business may be working from a coffee shop or hotel on their mobile devices. Requiring them to use a VPN will ensure that data stays private and that these systems are not exposed externally.

Set Up Firewall and AntiVirus

Firewalls act as a line defense to prevent threats entering your system, They create a barrier between your device and the internet by closing ports to communication. This can help prevent malicious programs entering and can stop data leaking from your device.Your device’s operating system will typically have a built-in firewall. In addition hardware firewalls are built in to many routers. Just make sure that yours are enabled.

Although a firewall can help, it’s inevitable that threats can get through. A good antivirus software can act as the next line of defense by detecting and blocking known malware. Even if malware does manage to find its way onto your device, an antivirus may be able to detect and in some cases remove it.

Back Up Your Data

Clearly, there are plenty of reasons to keep your data backed up. While hardware backups are still an option, one of the most convenient and cost-effective ways to store your data is in the cloud. Cloud backup services come with a wealth of options enabling you to customize your backup schedule and storage options.

Passwords and Cloud Security

It is essential that you implement two-step verification for all your users. In the most basic form, a person enters their username and password, and then their phone receives a text message with a code they enter to finish the login process. Other options for the second step include phone callbacks, physical USB hardware token keys, authentication apps on phones, and one-tap login solutions. Common choices include YubiKey, Authy, Duo, Google Authenticator, Microsoft Authenticator, and RSA SecurID.*

Update Acceptable Use Policies for Employees

Finally, ensure your acceptable computer use policies cover employees’ home computer assets. If this wording is not already there, you’ll need to quickly get up to speed in allowing employee’s personal assets be used for remote access. Now is an important time to remind employees that while they work remotely, they have to maintain the same level of professionalism when it comes to secure and sensitive data as they do in the office. That includes reminding people that personal email is not to be used in an official capacity and that any physical documents kept at home must either be disposed of properly with a shredder or set aside to be shredded later.

To reduce the vulnerabilities associated with public Wi-Fi networks, employers can:

• Ban the use of unsecured wireless connections
• Use geolocation to restrict the places from which company networks can be accessed
• Set up and require the use of a VPN for remote work

Digital Rights Management Tools for Safe and Secure Document Sharing

DRM allow authors of a digital file to make sure that any future users of said file is limited in their use of it.

It is done with encryption. The producer encrypts the file, which means that the file becomes unreadable to anyone that doesn’t have an “encryption key”, which is, in layman’s terms, a very long password. The producer does not give the encryption key to the user (buyer usually). Instead, he integrates the key in a program that he produces as well, and that the user has to use to open the file.

Since the file produced can only be opened by a program under the control of the same producer, the producer can decide what the user will be allowed to do with the file, and what he shouldn’t be allowed to do.

DRM adopts a proactive strategy to secure content by limiting access to it as well as the number of things that can be done to the content (e.g copying, downloading, etc.). There are various ways to deal with DRM and new techniques emerge every day. Numerous DRM systems work through encryption or with code inserted in the computerized content to restrict access or use. These systems can control the occasions, gadgets, individuals, or time spans that the content can get to or be introduced.

Advantages of having a DRM tool

a) Content Protection/ Encryption

The most common protection given by DRM is through encryption and digital watermarking.

Encryption

Encryption is the process of scrambling information embedded within a digital object so that it cannot be used without a password or a unique key. This could include encoding the terms and conditions for which the material can be used. The use of the work is allowed only when the conditions of the key can be met.

Watermarking

Digital watermarking embeds the information into data. Watermarks can either be visible or invisible. It helps to reduce the likelihood that someone will bypass it or try to make illegal copies.

b) Access Control

Access control (AC) is the act of controlling access to resources at its most basic level. AC often is used as a ‘what and when’ model of security—that is what/who has access and to when/what can they access?

Software and Computer GamesSoftware and computer games have implemented various forms of DRM throughout recent decades. Many forms of its modern implementation have been intrusive and frustrating for many users legitimate and otherwise. One of the most common methods is through the use of serial keys. The content can only be accessed if a legitimate serial key is provided by the user normally in the form of an alphanumeric string

c) Access Tracking

Who, what, when all the information about file access can be tracked in recent DRM tools. You can restrict the number of downloads, have a time limit for file access. Access Tracking is one of the major security ask of clients looking for DRM tools.

Let’s move on and list out some of the top DRM tool providers right now

Digify

Digify is document security and virtual data room software that’s easy to use and takes only minutes to set up. Thousands of companies save time using Digify in sharing confidential documents with partners, clients, and investors. It is easy to use and gives control of who can see what and who has seen what. It is very easy for recipients of attachments to view them as they do not require special software. If you have different sets of users, Digify helps you manage access permission at varying degrees. You can restrict forwarding, revoke access, or make your files private or public. You can also set rules for downloading, so you can decide which users can save locally or print a confidential document.

Pros –

  •  The ability to send documents to multiple people in a way that does not allow for them to save the documents or forward the documents (thus helps to prevent plagiarism).
  •  Excellent solution to keep document secure while sharing and communicating inside & outside of your organization – no matter how large or small.
  • can encrypt files and deny access after a certain date. There are a lot of permission options and that works well.

Cons –

  • It is Expensive.
  • The permissions setting process is a bit cumbersome and adding new users & getting permissions correct could be easier.

 

FileCloud

FileCloud DRM protects important, sensitive business documents against intellectual property theft, piracy, and leakage. This security travels with your files wherever they go, protecting them with AES-certified 256-bit encryption at all times. You’ll be able to instantly revoke any recipient’s access to data, at any time, from the FileCloud Portal and protect your documents, files, and e-books against unauthorized copying and distribution. FileCloud DRM stops unauthorized sharing, taking screenshots, copying, the printing of your intellectual property (contracts, sales/marketing reports, eBooks, training materials, and other sensitive documents). The sender can instantly restrict or revoke access any time after sending and also set maximum access counts.

Pros-

  • Cost-effective DRM solution in the market.
  • FileCloud DRM lets you securely export multiple documents in an encrypted document container (AES 256 encryption) and share it via email or FileCloud.
  • FileCloud DRM Container supports multiple file formats. That includes Microsoft Office (Word, Powerpoint), PDF and image (jpeg, png) files.

Cons-

  • Do not yet have gmail or outlook integration.
  • Relatively new DRM tool but with strong File sharing features

Locklizard

Locklizard Safeguard PDF Security provides total PDF DRM protection and control over your documents through a multi-layered protection mechanism that does not rely on passwords. Locklizard Safeguard PDF Security enforces DRM controls, uses US Government strength encryption (AES 256-bit), real-time licensing, and public-key technology. There are no passwords, plug-ins, or dependencies on other applications to compromise your security, or complex PKI structures to manage.

Pros-

  • A good range of DRM controls
  • Unobtrusive to users
  • Easy to implement
  • Good and responsive technical support.
  • Locklizard has two types of DRM copy protection software for documents, files, ebooks, etc. which are-Safeguard PDF Security, and Enterprise PDF DRM.
  • It has a dynamic document watermarking feature, providing additional PDF protection so that even if photocopies are made of printed copies of your PDF, or users take photographs of the screen, your Intellectual Property remains secure.
  • It allows you to lock user access to country locations i.e. allow or disallow specific country access. You can also lock user access to specific IP addresses or a range of IPs (for instance, you can lock document use to the IP addresses of your office computers to ensure that they can only be viewed from the office).

Cons –

  • It does not support forms.
  • It is expensive.
  • It could do with a bit more auditing features.

Vitrium Security

Vitrium Security is mainly used to protect, control, and analyze the accessibility of the content. It comprises of features that take care of the whole operation. From securely sharing the content to keeping track of the file, online video integration, etc the system manages it all. The content security solution comes in two editions: Professional and Enterprise. The Professional Edition includes all core content protection features from permission control to distribution security. On the other hand, the Enterprise Edition includes all functionalities in the previous edition plus automation, single sign-on (SSO), integration, and more.

Pros –

  • There are many different levels you can set from expiry time to watermarking.
  • It also has an easy to use interface for clients/users. The control dashboard is simple, neat, and clean.
  • The online web viewer is an easy way for customers to view the report. It also enables viewing on tablet computers.
  • The team at Vitrium has created a great product and provides outstanding customer service.

Cons-

  • Sometimes users have trouble due to Adobe settings.
  • Slow process. The response time of the steps can take longer than expected. The troubleshooting instructions can sometimes seem a little confusing to understand.
  • No folders and categorizing documents is not a function.

CapLinked 

CapLinked is an intuitive, easy-to-use, and superior virtual data room solution that enables enterprise and external collaborators to work together on secure online workspaces, share data, files, and documents with each other, and concentrate more on closing deals. DRM features include manage and control how external collaborators are viewing, accessing, editing, and printing the documents and files they stored within the platform. This is to ensure that any sensitive and confidential information contained in those documents and files won’t fall into the wrong hands. Watermarking features are also included as users share documents and files.

Pros-

  • Robust features, such as activity tracker, security, Q&A, and customized messages. – Everything is recorded by Caplinked.
  • The CapLinked platform is super easy to navigate and share and lets you keep confidential documents secure at all times. It allows different levels of control for each group which saves a lot of time.
  • Reasonably priced, secure, and easy to use the software. Great customer support!

Cons-

  • It lacks export tools and better data trends. Offers no easy way to archive old data into the new system.
  • Could use more flexibility on the use of graphics, custom reporting, and dashboard.
  • Setting file permissions is a bit clunky, as is assigning user permissions and inviting users.

DocSend

DocSend delivers a powerful, comprehensive analytics tool that focuses on documents and how people interact with it. Whenever you send a sales material such as an online catalog or a sales copy of your newest product, you often wonder what actions your recipients took upon receiving your documents. Or whether they open your documents at all.DocSend provides you with tools that grant you absolute control over your documents even after you send them. You can set up control features such as passwords, download permissions, and even update your documents from time to time if there is a typo.

Pros-

  • Integration with Gmail.
  • Awareness of when your audience engages with time-sensitive documents.
  • It’s easier to share files with the team and work while on the go because of this platform. It doesn’t matter whether you are using Google Mail or Outlook Express because you could sync it without experiencing any issues at all.

FileOpen

FileOpen RightsManager is a client/server solution for encrypting and managing access to documents from your desktop. With RightsManager, you encrypt your documents locally, so there is no need to upload unencrypted documents to an unknown server. You maintain complete control of your source files at all times.RightsManager offers a free trial. With regards to system requirements, RightsManager is available as SaaS, and Windows software. Costs start at $3000.00/year. RightsManager includes online support and business hours support.

Pros-

  • Implement programming functions with programmers relatively easily.
  • Good customer support.
  • The FileOpen software operates in three environments: installed on the desktop, via browser plug-ins, and via native HTML. Each of these has a different functional profile.

Cons-

  • Troubleshooting is sometimes difficult.
  • Not all features are available in all modes.
  • The system is a bit clunky.

MagicBox

MagicBox is an award-winning, next-generation K-12 education publishing and distribution platform that offers key customization services. MagicBox allows K-12 and higher-education publishers to create, manage, and distribute digital content through custom web and mobile apps. It provides features such as easy integration of interactive multimedia elements, standard and video assessments, compliance with industry standards, and detailed analytics. Plus, it offers robust digital rights management services, allowing greater control over who can access the digital content. So, if you are looking for the best virtual classroom solution, MagicBox is the platform you need.

Pros-

  • Features like expiry control, sales control, and content control.
  • Analytics- Get detailed reports of content consumption patterns and usage trends
  • Compliance with industry standards like QTI, LTI, SCORM, and TinCan.

Cons-

  • It is expensive
  • Their key target is educational institutions and their features reflect that.
  • No access control and file-sharing options.

The truth is, your employees may find USB sticks, external hard drives, webmail, and smart devices more convenient than traditional organizational tools when it comes to transferring files. Unfortunately, this creates a gap in control and visibility for IT departments, exposing companies to compliance and security risks. As a result, organizations are slowly shying away from consumer-grade secure document sharing to more secure options.