Archive for the ‘Security’ Category

Back in Action – FileCloud Sponsoring International Trade Shows

After a long delay stemming from the COVID-19 pandemic, FileCloud is delighted to be sponsoring several trade shows in October.

We love showcasing FileCloud through client demos and webinars, but we’re even more excited to demo FileCloud in person! We’re also looking forward to meeting prospects, customers, and partners.

FileCloud is sponsoring two trade shows: GITEX Global and it-sa Expo&Congress.

GITEX Global: October 10-14, 2022 | Dubai, UAE

GITEX is a major conference for technology and innovation across business, society, economy, and culture. It has been branded as the world’s largest meetup for the developer and coding community to push the boundaries on what’s possible for technology.

Major exhibits and debuts will be taking place, addressing topics like artificial intelligence, cloud computing, cryptocurrency, 6G wireless connectivity, quantum computing, and startup innovations.

The GITEX mainstage is also where to find the metaverse debut, which will include a hands-on, live introduction to X-VERSE. This virtual reality ecosystem offers a spectrum of integrated solutions to suit over 20 business models.

The metaverse isn’t just for business either – GITEX will also be showcasing music and art shows as well as a virtual fashion show. Industry and tech leaders from Artisant, H&M, METAV.RS, Sensorium, Hololux GmbH, and Digital Twin Consortium will also be speaking.

GITEX is reporting that over 4,500 exhibitors, 800 startups, and 1,000 speakers will present, with 100,000 attendees, cumulatively representing over 170 different countries.

This specialized gathering gives industry leaders like FileCloud the opportunity to showcase products and collaborate on ideas, while building and strengthening important relationships.

You can find the FileCloud team at Booth #H6A-11.

 

it-sa Expo&Congress: October 25-27, 2022 | Nuremburg, Germany

it-sa Expo&Congress is Europe’s all-in-one exhibition, conference, and trade fair for IT security. Industry leaders, security providers, and managers come together to unveil new products, collaborate on ideas, and showcase services

This trade fair opens up discussion related to cloud and mobile security, data and network security, and critical infrastructure security. Over 600 companies will be represented, with novel solutions across consulting, services, hardware, and software.

Attendees can visit the open forums, which will host over 350 expert lectures presented by over 90 companies, organizations, and associations, on practical security knowledge. These lectures are a great way to glean information on trends and industry insights.

Meanwhile, the it-sa Congress will be hosting longer programs addressing specialized topics:

  • Trends in IT Security
  • Learnings from Incident Response: What matters in cybersecurity today?
  • Expert roundtable: cyber insurance versus IT security risk
  • External Attack Surface & Risk Management
  • Automated Services – Advantage through Technology & Automation
  • New ISO/IEC 27001 requirements: 93 times to rethink?
  • The truth about the (in)security of ID verification
  • Digital Identities: Smart, user-friendly and secure nonetheless?
  • And many more!

The it-sa conference is also a great place to discover promising startups. The ATHENE Startup Award UP22@it-sa was run as a live community poll through September 22. This award is granted to the best cybersecurity startup in Germany, Austria, and Switzerland – the winner will be announced at the conference!

You can find the FileCloud team at Nürnberg Messe, Booth# 7A-125.

 

Why is FileCloud Sponsoring?

FileCloud’s mission is to build a hyper-secure content collaboration and

processes platform that customers love to use. We are constantly looking for new ways to improve the platform and respond to developing needs across industries.

The increasing sophistication of cyber threats has reinforced the need for data privacy and security, even as networks become ever more connected. To increase data security and privacy, we want to make data harder to access.

However, if data is harder to access, it’s harder to put that data to work. This means delays, inefficiencies, and lost value (across productivity, market resilience, and/or profit).

Yet businesses and organizations around the world have been pressed to find a solution to this problem. This pressure comes not only from consumer advocacy and cyber threat damages but also from the advent of major regulations like GDPR. Regulations like GDPR recognize the rights of citizens to data privacy and sovereignty; organizations that do not comply face steep penalties.

The FileCloud Solution

Companies like FileCloud are finding unique solutions to this equation between security and access. The FileCloud platform emphases ease-of-use and access for authorized users. It provides admins and users the tools they need to share data and collaborate, all within FileCloud’s hyper-secure environment.

FileCloud can even support compliance requirements! The Compliance Center offers configurations for ITAR, GDPR, and HIPAA, which connects these complex requirements to features and settings within FileCloud. It’s an easy map for admins to ensure their FileCloud environment is compliant.

Of course, there are a lot more regulations beyond those three. That’s why FileCloud has a library of compliance support documents and white papers, covering regulations like NIST, FINRA, CMMC, SEC, GxP, CJIS, FDA Title 21, and more.

FileCloud University provides on-demand user and admin training, so you can leverage the full power of your FileCloud environment to secure your data. If you need more customized help, FileCloud also offers best-in-class support with our Professional Services that can help you configure your environment.

These are just some of the solutions FileCloud offers as an enterprise-grade content collaboration platform. Trade shows emphasizing security and innovation (like it-sa and GITEX) bring together a robust array of innovators, developers, and tech leaders. It’s an excellent opportunity for FileCloud to connect with our community, show off what FileCloud can bring to the table (or in this case, the booth!), and find inspiration for new directions.

Will we see you there?

Are you attending either of these events? If so, let us know and stop by our booths! We’d love to chat with our fellow community members on security, compliance, collaboration, and how FileCloud can answer these needs across industries.

GITEX Contact: abdelhakim.ababsa@filecloud.com     |     it-sa Contact: mark.cipcic@filecloud.com

We’re also handing out some commemorative (and useful!) gifts that can make your travel a little easier: take your pick from baseball caps, key rings, luggage tags, and mints!

Lastly, FileCloud is running a raffle at both events! Don’t forget to submit your information for the chance to take home a great prize. The winner will receive a Remarkable 2: the smart writing tablet that helps transcribe and organize your notes. It’s one more way FileCloud aims to make your work more efficient, accessible, and secure.

 

Written by Katie Gerhardt, Jr. Product Marketing Manager

 

Create an SSL Certificate in 5 Easy Steps

SSL certificates are a routine security recommendation when it comes to hosting data on a server. Specifically, SSL certificates enable end-to-end encryption for web servers when it comes to data transfers with HTTP protocol. This security is typically displayed by changing a URL from http to https. An icon such as a padlock may also be used to visually indicate that the site or server is secure.

FileCloud is a content collaboration solution that can either be self-hosted on private infrastructure or hosted by us. For self-hosted instances, FileCloud recommends installing and maintaining an active SSL certificate. This is a significant measure you can take to provide greater security for your data.

This blog post will cover how to purchase, configure, and verify an SSL from a trusted third-party provider in five easy steps.

Step 1: Generate the CSR for the SSL Certificate

A CSR or certificate signing request is generated on the server where the SSL certificate will be installed.  The CSR is created by the Certificate Authority and contains the following information:

  • Legal name of the business or organization
  • Domain name
  • Identification for the person or unit responsible for managing the certificate
  • Geographic location (city, state, and country)
  • Email address

For these step-by-step instructions, we are using the domain name example.com for demonstrative purposes.

To generate a CSR, run the below command in the windows CMD or Linux Shell:

  openssl req -new -newkey rsa:4096 -nodes -keyout example.key -out example.csr

Enter the required information to generate the CSR for the SSL:

  • Country Name (2 letter code): [AU]
  • State or Province Name (full name): [Some-State]
  • Locality Name (e.g., city, county): []
  • Organization Name (e.g., company): [Internet Widgits Pty Ltd]
  • Organizational Unit Name (e.g., section, division, department): []
  • Common Name (e.g., server FQDN or YOUR name): []

If you are generating a CSR for a wildcard certificate, then the common name should be *.example.com

Step 2: Purchase an SSL Certificate from the Desired Vendor

In this tutorial, we are purchasing a wildcard COMODO SSL from SSLBUY.com. You can apply the same steps to any SSL vendor.

Log in to the platform of your selected vendor, then purchase the SSL.

Step 3: Configure and Verify the SSL

Click on “Configure SSL” and submit the CSR generated earlier.

Click on “Continue.”

After this step, you will see the information from the CSR and verify that the CSR mentioned is correct.

Choose an SSL approval method with one of the two methods:

  1. Add CNAME in the DNS record of the domain that requires an SSL
  2. Email approval

In this case, we are choosing email approval and the web server should be Apache.

Enter the admin email and confirm the admin email by re-entering it again as in the screenshot below:

Step 4: Complete Verification

If you chose email verification instead of DNS verification, you will be redirected to the SSL provider site to enter the confirmation email address.

Once you have completed the verification steps with the SSL vendor, you will receive an email confirmation for the SSL. This email serves as the verification and confirms the domain is under your control. There will be a link for the verification in the email; click the link and enter the verification code in the directed space.

Step 5: Download the SSL Certificate

After verification is complete, download the SSL certificate from the SSL vendor. Alternatively, an email may be sent to the admin email address with SSL certificates attached.

Conclusion

Once the SSL has been downloaded, install the SSL certificates on your FileCloud server by following our documentation, depending on your operating system: Windows | Linux. You can also check out this blog post, which provides a specific step-by-step example of how to configure and install a wildcard “Lets Encrypt” SSL Certificate with Ubuntu 20.04 LTS on a multi-tenant site.

With an SSL certificate in place, you can rest assured knowing your data in transit is encrypted, which creates another layer of protection for your important files and processes.

 

Article written by Nandakumar Chitra Suresh, Technical Support Lead | Edited by Katie Gerhardt, Junior Product Marketing Manager

 

Connect Your SFTP to FileCloud

What is SFTP?

SFTP stands for Secure File Transfer Protocol; it is a secured version of the File Transfer Protocol or FTP, which is itself part of the Secure Shell or SSH Protocol. As their names imply, these protocols are used to easily transfer data and access permissions over an SSH data stream.

As vulnerabilities were discovered and access points exploited, SFTP was developed from FTP protocols, ensuring the availability of a secure connection that can be encrypted to transfer files within and between local and remote systems. Files can be transferred using WinSCP and SFTP clients.

FileCloud is a fine-tuned, enterprise-grade file sharing, sync, and storage solution. Admins and users can leverage granular sharing permissions and user/group policies to protect their data and efficiently collaborate on files.

Considering the existing file sharing solutions within FileCloud and the hyper-secure features that are built into the platform, SFTP/SCP protocols are not directly supported by the FileCloud platform.

However, for clients and consumers who wish to use SFTP with FileCloud, the Solution Experts team has prepared instructions on how to access and leverage SFTP resources using a Linux-based FileCloud on-prem server.

Step 1: Set Up the Connection

Host Name (IP address): The Full Domain Qualified Name or IP address of the SFTP server you are going to connect to.

Username: used to access the SFTP resources

Password: used to access the SFTP resources

The user used for mounting the SFTP resource must have Read/Write permission to the resource.

Step 2: Verify Your Information

It is important to verify the details of your software so that you can choose the appropriate installation. Install the relevant SFTP client for your operating system. Windows, Mac, and Linux users can use the following solutions or another of their choice.

Connect to the SFTP server using the client and your collected credentials. The example below is using the WinSCP solution:

Press the “Login” button:

If your login process is successful, switch to the Linux server where FileCloud is installed.

Step 3: Prepare the Server

Ensure that the following packages are installed on your server. All operations are performed as root user.

CentOS:

[root@server01 ~]# yum install -y fuse-sshfs sshpass

Ubuntu:

[root@server02 ~]# apt install -y sshfs sshpass

Step 4: Prepare the Folder Structure

Create a folder: /NetworkShares

CentOS/Ubuntu:

[root@server02 ~]# mkdir /NetworkShares

Then create a folder for the SFTP mount point:

CentOS/Ubuntu:

[root@server02 ~]# mkdir /NetworkShares/sftp

Check the folder owner for the newly created folders to ensure they are owned by the Apache running user.

CentOS:

[root@server01 ~]# chown apache /NetworkShares -R

Ubuntu:

[root@server02 ~]# chown www-data /NetworkShares -R

Step 5: Perform a Manual Mount

Acquire the Apache UID:

CentOS:

[root@server01 ~]# id apache

uid=48(apache) gid=48(apache) groups=48(apache)

Ubuntu:

[root@s02 ~]# id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Establish the manual test mount:

CentOS/Ubuntu:

[root@s01 ~]# sshfs -o allow_other,idmap=user,uid=48  testsftp@192.168.101.58:/home/testsftp  /NetworkShares/sftp/

Enter the password for testsftp@192.168.101.58.

The UID value here should be the UID of the apache/www-data user, though this depends on the Linux distribution.

Ensure the mount has been established:

CentOS/Ubuntu:

[root@s01 /]# mount |grep sftp

The output should be similar to this result:

testsftp@192.168.101.58:/home/testsftp on /NetworkShares/sftp type fuse.sshfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)

Check if resources are accessible:

CentOS/Ubuntu:

[root@s01 /]# ls -al /NetworkShares/sftp

The file listing should be presented as seen below. All file owners should be Apache or www-data user (depending on the Linux distribution).

Step 6: Set Up Automatic SFTP Resource Mount After Server Reboot

Create a file containing a secret SFTP user password:

CentOS/Ubuntu:

[root@s01 /]# echo ‘You_Super_Secret_Password’ > /root/sftp.pass

Create the /etc/fstab entry:

sshfs#user@sftp_server:/ NetworkSharessftp fuse ssh_command=sshpass\040-f\040/root/sftp.pass\040ssh,_netdev,rw,allow_other,reconnect,user,kernel_cache,auto_cache,uid=48,allow_other 0 0

The UID value here should match the UID of the Apache/www-data user, depending on the Linux distribution. (This should be one line in the fstab file, though it may be wrapped due to terminal settings.)

Perform a test command:

CentOS/Ubuntu:

[root@s01 /]# mount -a

Verify:

CentOS/Ubuntu:

[root@s01 /]# mount |grep sftp

On the output, you should see your mounted SFTP resource.

Step 7: Expose the Resource in FileCloud

Login to the FileCloud admin panel.

Go to the “Network Folders” option and click the “Add” button.

Choose “Local Area Network”, then “Next.”

Enter the name of the Network Folder and click “Next.”

Select “Normal mount” and click “Next.”

Enter the path to the mounted SFTP resource (/NetworkShares/sftp) and click “Next.” The path is case-sensitive!

Select “Use assigned permissions” then “Create share.”

Assign a user or group to this share, and click “Finish.”

The shared path will be displayed in the list. You can always manage permissions by clicking on the edit icon:

When users assigned to this share path log in to their FileCloud, they will be able to see and access the Network Folder.

Conclusion

FileCloud is a powerful, hyper-secure content collaboration platform (CCP) with a wide range of features, integrations, and customization options. FileCloud’s mission revolves around creating software that customers love to use, which means supporting the tools and protocols customers prefer, including SFTP.

With these step-by-step instructions, you can integrate your FileCloud environment with your SFTP shares, so you can collaborate with internal and external teams. Use your established folders, permissions, and processes while discovering how FileCloud can support your security, governance, and collaboration goals.

 

Article written by Marek Frueauff (Solutions Architect) and Katie Gerhardt (Junior Product Marketing Manager)

 

Continuously Improving FileCloud – 21.3.6 Release

FileCloud’s Commitment

FileCloud’s mission is “to build a hyper-secure content collaboration and processes platform that customers love to use.”

Part of making software that customers love is investing in quality assessment and continuous improvement. It’s a cohesive and collaborative process, roping in engineering, QA, sales, marketing, and leadership teams.

We also depend on our clients and users, who provide amazing feedback not only on opportunities for improvement but also desired features and functionalities.

These elements of the software journey are captured in our stated values:

  • Be Customer Centric – Without our customers, FileCloud wouldn’t exist. That’s why they’re always our top priority.
  • Get Work Done – We achieve great results through our resourcefulness, hard work, and drive for perfection.
  • Innovate with Global Mindset – We have a vibrant mix of cultures and ideas that constantly encourage growth and innovation.

Release Details

There are a few exciting developments in the pipeline for our upcoming 22.1 release, including highly requested functionalities.

In the meantime, FileCloud has been putting in a lot of work behind the scenes to harden security and functionality across the server, Sync and Drive clients, and ServerSync.

The 21.3.6 release in July included many improvements for the FileCloud server, including streamlining recycle bin deletion, optimizing processing by cutting out feedback loops, removing visibility on password entries, and ensuring the functionality of user workflows.

The Sync and Drive apps have also been improved. Issues with login and password processes in FileCloud Sync were resolved, and the centralized configuration option for selective sync was reinforced. In the Drive app, the file locking function was optimized.

You can review all the improvements we’ve made by visiting the 21.3.6 Release Notes.

 

 

Enable FIPS Encryption in FileCloud

enable FIPS in FileCloud

FileCloud officially supports FIPS mode with CentOS 7.x version. This post explains how to enable FIPS encryption in your FileCloud installation.

Important Note – 

Please make sure you have the FIPS component enabled in your FileCloud license. If you do not have the component, please contact our sales team at sales@filecloud.com for further help in adding the component to your license.

Step 1: Enable Dracut Modules

To enable FIPS encryption, you must first enable Dracut modules in CentOS; this can be installed by running the below commands:

yum install dracut-fips
yum install dracut-fips-aesni
dracut -v -f

It should yield the following results:

FIPS certification - enable dracut modules in CentOS

Step 2: Add the FIPS flag to the Grub Configuration

Once the Dracut module is configured, the next step is to add the FIPS flag to the grub configuration. To make the necessary changes, modify this file /etc/default/grub by adding fips=1 to GRUB_CMDLINE_LINUX.

GRUB_CMDLINE_LINUX=”crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet fips=1″

GRUB_CMDLINE_LINUX=”crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet fips=1 boot=UUID=34c96d6b-a43c-fec3-a2a6-e6593c977550″ #if /boot is on a different partition use blkid of the boot partition 

Step 3: Regenerate the Grub Configuration

After modifying the grub configuration, we will need to regenerate the grub configuration using the below command:

grub2-mkconfig -o /etc/grub2.cfg

If prelinking is installed in the server, you must first disable prelinking by modifying this file – /etc/sysconfig/prelink – and setting PRELINKING=no

Step 4: Reboot the Server

After the above changes are made, reboot the server and check this file – cat /proc/sys/crypto/fips_enabled – to ensure FIPS is enabled.

[root@cnfc ~]# cat /proc/sys/cryto/fips_enabled
1

Step 5: Install FileCloud

The next step is to install FileCloud.

yum install wget
wget http://patch.codelathe.com/tonidocloud/live/installer/filecloud-liu.sh && bash filecloud-liu.sh

Install FileCloud with the above script and configure the components required depending on your use case. Once completed, your FileCloud server will run under the FIPS mode.

Alternative Options

You can also download and install a FIPS-enabled OpenSSL.
NOTE: This is only needed if safelogic modules are required. Once FIPS mode is enabled, CentOS installs FIPS-enabled packages by default.

yum install unzip
wget http://patch.codelathe.com/tonidocloud/live/3rdparty/fipsopenssl/fipsopenssl.zip
unzip -q fipsopenssl.zip -d /root/fipsopenssl
rpm -Uvh –nodeps /root/fipsopenssl/*.rpm

We also recommend enabling strong ciphers and TLS 1.2/TLS 1.3 in your Apache SSL configuration:

#SSLProtocol all -SSLv2 -SSLv3
SSLProtocol -all +TLSv1.2 +TLSv1.3
#SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
#SSLCipherSuite HIGH:!aNULL:!MD5
SSLCipherSuite HIGH:!MEDIUM:!LOW:!EXP:!aNULL:!MD5:!EXPORT:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!PSK:!SRP:!KRB5:@STRENGTH

Conclusion

For greater security and governance over your data, FileCloud supports FIPS encryption. With this step-by-step process, you can now enable FIPS on your own FileCloud installation (provided it is available with your license.) For additional support or clarification, please get in touch with our support team at support@filecloud.com.

 

Article written by Nandakumar Chitra Suresh

 

 

The Security Risks of File Sharing & Cloud Storage (with a solution!)

What is File Sharing and Cloud Storage?

File sharing and cloud storage is a way of storing and sharing files online that many companies and organizations are using. Some organizations have migrated entirely to the cloud. However, there still seems to be some confusion as to what the cloud actually is.

Essentially, the cloud is a digital space online where companies can store data, instead of on a company hard drive.

Why Are So Many Companies Using the Cloud?

Many companies and organizations are turning to the cloud because it is easier to use. In effect, all files and data are stored online and can be accessed by any device with an internet connect. In addition, in a world where huge numbers of people are working remotely and in different offices, cloud storage and sharing allows users to share files easily between themselves and clients.

What Are the Data Security Risks of File Sharing and Cloud Storage?

The cloud sounds great, right? And it can be, but there are risks involved in storing and sharing files via the cloud, which can lead to data leaks, loss of time, and even financial penalties. There are many reasons that companies use cloud technology, but some of those exact reasons can pose security risks if you’re not using a hyper-secure cloud storage and sharing system.

Cloud Storage Safety

Those risks include:

Employees Using Their Own Devices/Non-Secured Devices

One of the benefits of storing files in the cloud means that users can access those files anywhere they have an internet connection—on any device. However, this can also be a security risk. Employees using company computers is one thing, but policies like BYOD (bring your own device) often result in employees using personal laptop or cell phone. Security is often not up-to-date on these devices, and if they’re hacked, lost, or stolen, that could lead to a data breach for your company. It’s best to look for a system that has a robust device management dashboard, along with the option for admins to remove devices from the system at any point.

One Size Fits All Sharing

Sharing permissions are a vital part of using cloud tech. After all, you don’t want just anyone having access to your data, right? If you pick a system that doesn’t offer advanced sharing permissions and simply sends all shares publicly, you could be in trouble. You’ll want to look for a cloud storage and sharing system that has advanced and customizable sharing permissions.

Unrestricted Sharing

Data leak prevention (or DLP) is a necessary part of any cloud system that stores and shares data. Essentially, DLP stops leaks before they happen (whether from malicious or accidental user error). A system without DLP in place can cost you time and money, especially where compliance regulations are in place. Look for Smart DLP that is flexible and rule driven, with admins having complete control.

No Centralized Fail-Safe for Document Retention

Retention policies are a way of managing data, like having restrictions on data being deleted in the case of HIPAA, or restrictions on files being deleted in case of a lawsuit. These regulations are increasingly needed in a world where compliance regulations are being added and updated yearly. Regulations like GDPR, ITAR, and HIPAA have strict requirements for data security, safety, and storage. A cloud system without a top-notch retention policy system likely won’t comply with expanding regulations and could lead to a huge loss of money, and even the ability to operate. Finding a cloud storage system that also has robust retention polices is vital.

Lack of Audit Logs

Audit logs are the best way to know who is using your system when, and how. This can help keep data secure and compliant, but many cloud systems, especially consumer-grade solutions, won’t have these audit logs available. Ideally, you want the ability to have a complete audit of the whole system with easily-downloadable logs for audit and regulatory overview.

How FileCloud’s Hyper-Secure System Helps Companies Avoid Risks

FileCloud is a hyper-secure cloud storage and file sharing system that was created to help companies avoid risk, keep data secure and compliant, while making files easy to share.

It has all the necessary features we talked about above, in addition to other amazing tools like workflow automation, a compliance center, and advanced security.

To learn more about FileCloud, take our quick tour here.

Cloud Computing for Banks

Cloud Computing Tailored for Banks

We are living during times when adoption of technological solutions is skyrocketing. Emergency situations, such as living and working during the COVID pandemic, require increasing the efficiency of systems to enable remote work on a much larger scale. Migration to the cloud, as part of the overall adoption of tech in various industries, is a global trend that is getting stronger every year.

Banks are also taking part in this trend. For banks, the cloud yields not only tangible financial benefits, but also an opportunity for technological development and practical use of opportunities offered by the market in the form of blockchain technology, artificial intelligence, or chatbots. Thanks to the availability of cloud solutions, banks are able to adapt to trends that can be observed in the booming fintech area. Thanks to the virtually unlimited possibilities of building partner ecosystems and extending the portfolio of services provided, banks have become more flexible and respond better to market needs.

The Cloud in the Banking Sector

In 2018, Accenture conducted a global survey of retail banking in terms of the implementation and use of cloud services.

The report was prepared based on surveys from directors of 35 banks – European, American, African, and Asian. The vast majority of representatives of the banking sector admitted that there is no developed strategy for cloud applications. Nearly half of the respondents confirmed that such a strategy is to be prepared within the next year. 31% of the respondents had a strategy for cloud adoption already. This shows that the market opportunity for the banking sector is only starting to grow.

A minority of banks could boast a mature strategy for implementing cloud solutions. This was indicated by 1/4 of the respondents. In the vast majority of cases though, these strategies were still at an early stage of development. 40% of bankers admitted that basic practices had been agreed upon and appropriate tools had started to be implemented.

Challenges and Benefits – a Local Perspective from Poland

Accenture, in cooperation with the Polish Bank Association, conducted a survey among the largest banks on the Polish market. (The full report in Polish can be accessed here.) These banks were familiar with the subject of the cloud, but enterprises are still at a relatively early stage of cloud advancement and face many challenges.

For banks, the biggest unknowns are issues related to regulations that banks have to comply with, as well as the lack of appropriate experience in processes related to the implementation of cloud solutions. There seems to be no standard, go-to approach when migrating banks to the cloud. Banks indicate unclear or incomplete legal provisions, as well as regulations that do not facilitate or even limit the implementation of the cloud.

Another problem that banks face is the little to no experience possessed by their IT teams in implementing advanced solutions. Rebuilding or migrating applications to run in the cloud – (i.e., big data set migrations) requires significant effort. Adjusting to the cloud transition as part of investment cycles in the IT department for a given company can also pose certain challenges.

With the advent of cloud technology in the banking sector, risk and security management are becoming another important element of cloud implementation strategy. In this area, the analysis of large data sets (in terms of risk identification and fraud detection) becomes extremely crucial. Sharing sensitive data also falls under regulatory compliance, which poses a significant burden if done manually.

The entire banking sector today faces the challenge of processing, analytical support, and monetization of huge data resources. Such datasets can be inferred upon to discover patterns of customer engagement among other operations. Thanks to technologies available in the cloud, what in “analog” mode would take several days is possible to achieve in a few minutes.

The available advanced analytical functions enable the analysis of structured and unstructured data and can provide a specific inference engine/subsystem from many vendors – be it AI cognitive services or natural language processing.

When used only for the duration of data processing, these inference engines reduce the need for very expensive and complex analytical solutions in banks, limited to systems processing extracts from data processed in the cloud. This leads to transparent cost models because it enables fast and efficient provisioning of services. The implementation of IT infrastructure and services is faster, the application development cycle is shortened, and, most importantly, it allows for the introduction of new, more innovative products and services to the market based on a proven vendor.

Cloud Banking and Security – Facts and Myths

Cloud Tech Myths vs Reality

In practice, the cloud for customers turns out to be a safer solution, while taking away the pain of setting up everything by the organization. Companies using this type of solution are only a part of the entire ecosystem, which also includes many other enterprises. Thus, a potential attack on a specific company or data collection is difficult.

Implementing Cloud Technology for a Bank

Many banks are still using cloud solutions opportunistically, mainly to improve or supplement their current systems and services. Primarily, this is due to the fear of launching a major change program that will impact virtually every element of the bank’s organization, thus incurring large expenditures on transformation projects and generating the associated risk of failure.

One of the relatively simplest methods is to purchase SaaS packages from vendors. The choice of such services is so large that banks are free to choose a product tailored to their needs. The migration process is relatively simple, focusing mainly on data migration and integration with the bank’s other systems. The process of cloud implementation in a bank may also require the migration of existing systems.

This can be done by moving applications to the target cloud platform, without major changes in their configuration. In this process, it is possible to use traditional migration methods, just as is done during data center migration. Of course, applications can also be customized and updated to be platform-compatible and cloud-ready (standardizing operating systems to versions supported by the cloud operator).

Private and Public Cloud Pros and Cons

The most difficult method, but with the most potential benefits, is migration using PaaS technologies. This method consists of adapting the application architecture to the cloud-native model, which enables the use of advanced cloud services, e.g. automation, scaling, containers, serverless functions, API mechanisms, and others. Regardless of the choice of cloud migration method, the goal is common – gain a business advantage through the use of modern technologies.

Such an implementation model is convenient for banks because it grants them the freedom to choose which resources are used. This is possible thanks to the implementation of Cloud  Content Management Platforms in banks, integrating private public resources, and in the case of integration with more than one public provider, the implementation of a multi-cloud strategy. Additionally, this model allows for easier management of regulatory requirements, such as user anonymization or data requests.

Summary

Major companies and cloud providers are committing more and more resources to streamline, develop, and create new services. As demand continues to grow, enterprises are recognizing new trends, significant opportunities, and economic benefits. By migrating to the cloud, they are replacing traditional IT usage models in an as-a-service direction.

The ongoing changes are also affecting the banking sector, though the integration of cloud technology is on the more conservative side. This is due to the characteristics of this heavily regulated sector, to which the highest security standards have always been applied. The new reality for the banking sector becomes not only a challenge but also an exciting opportunity to benefit banks in many different ways.

 

Article written by Piotr Slupski

 

Security Recommendations, Part 2: Encryption at Rest

Continuing our 2022 Security Recommendations series, in this post, we will discuss why it’s important to use encryption at rest in all your devices.

What is Encryption at Rest?

In simple words, encryption at rest is the process of securely saving all your files on your devices. This typically means that the files stored on your computer, your phone, tablet, or other devices can only be accessed by you and anyone else who has the encryption key.

Though it sounds complicated, it is transparent to the user in practice. You will continue to use your device as usual but with added security –files saved on your hard drive or other memory cannot be easily accessed by other users.

Let’s use some examples to explain this better.

Example 1:

  1. Your computer has encryption at rest enabled.
  2. All your files are saved on your hard drive.
  3. Your computer is stolen/lost.
  4. If anyone tries to read the files from the hard drive by connecting it to another computer. However, the files cannot be decrypted, meaning all your files are protected against unauthorized access.

Example 2:

  1. You save your files on your mobile device.
  2. Encryption is enabled on your device storage.
  3. Your device is lost/stolen.
  4. No one can read your files from your device, regardless of their method to extract the files since they don’t have the encryption key.

Important note: encryption at rest will only make sense as a security measure if your computer/device has login protection with a strong password or a secure access method that no one else possesses.

How to Enable Encryption at Rest

Depending on your device and operating system, the instructions may vary.  This article will focus on Windows/macOS and Android/iOS.

Enable Encryption on Windows 10/11

To encrypt your data at rest in Windows, you must enable BitLocker Drive Encryption. Depending on your hardware, this may not be possible on your device.

The basic requirements to enable BitLocker Drive Encryption are the following:

  • The computer must have a TPM 1.2 or later. (If your computer doesn’t have a TPM, this can still be possible by saving the key to a removable device, such as a USB Flash Drive.)
  • The hard disk must have at least two partitions.
  • The operating system drive must be formatted with the NTFS file system.

You can review the BitLocker System Requirements page in Microsoft documentation for more details.

If your Windows computer supports BitLocker, you can launch the configuration window by opening it from your Windows menu.

BitLocker in Windows Control Panel

This will open the BitLocker Control Panel; from here, you will be able to enable/disable and save your recovery key. However, if your company provided your computer, the IT department typically has BitLocker enabled already.

Encryption managed by IT department

Enable Encryption on macOS Devices

Similar to Windows, macOS has an encryption tool built into the system called FileVault. Similarly, all your files will now be encrypted when FileVault is enabled. To open FileVault on your Mac, choose the Apple menu > System Preferences > Security & Privacy >  FileVault.

Enable encryption with mac FileVault

Check the FileVault help page on macOS documentation for more details on how it works and how to enable or disable it.

“Note: If you have an iMac Pro or another Mac with an Apple T2 Security Chip, the data on your drive is already encrypted automatically. However, turning on FileVault provides further protection by requiring your login password to decrypt your data.” Encrypt Mac data with FileVault, macOS Monterrey User Guide

Enable Encryption on Android Devices

Encryption at rest is not enabled by default on new devices; you must enable it manually.

Like Windows/macOS, the first step is to enable PIN/password protection to access your device.  Even though this doesn’t automatically encrypt your data, it will ensure that no one gains access to your files by unlocking the screen.

Depending on your phone brand and OS, you can open your settings/security and look for the Encryption option. Once enabled, your files will be securely saved on your device storage.

Enable Encryption on iOS Devices

Unlike Windows/macOS and Android, since iOS 8, personal data on iPhones are encrypted by default, as long as the phone is locked with a passcode or Touch ID.

Depending on your iOS version, the passcode/Touch ID/Face ID location may be located differently, but generally, you can find it under General Settings>Passcode Lock. Use a solid passcode to ensure your data is not easily accessed.

Enable encryption on iOS

Final notes

Enabling encryption at rest is one of the top recommendations to improve the security of your files. In a previous article, we explained how to protect your personal information. We will continue to provide you with general recommendations to protect your information online and offline.

 

Article written by Daniel Alarcon

 

Security Recommendations, Part 1: Protect Your Personal Information

Many of the topics that we will cover in this new series are common sense; however, every year, we need to revamp our personal security practices in person and online.  This installment will cover how we can protect our personal information throughout our day-to-day actions.

 

Don’t Share Your Personal Information Freely

This may seem like an obvious action, but this is also one of the most common mistakes.  This wasn’t such a high-risk problem in the past (some 5-10 years ago).  Nevertheless, we are in 2022, and your data like SSID, date of birth, full name, preferences, etc., comprise essential security access information.

For example, you may be invited to share your personal information with a store to win a prize or become eligible for a discount code.  It doesn’t matter if it’s handwritten at a physical store or if you enter your details on an online form; submitting this kind of information is no longer an innocent thing to do. The store could share or sell your information unless you specifically opt out of this kind of third-party interaction. The store could also be the victim of a hack, in which case your information would be compromised. The best way to protect yourself is to be wary of sharing your information; anyone can use it to steal your identity, hack their way into your online accounts, or any number of unsavory tasks.

In summary, don’t give out your identifying information unless you need to.

 

Separate your personal information from your work ID information

What does this mean?  Basically, for any personal matters (online shopping, social media, communication with friends and family, etc.), use your personal information, private email, private phone, etc.  For work-related communications, only use your work identity to communicate with co-workers and external contacts (vendors, customers, partners, etc.)

The objective is to separate your identities and keep them separated in every interaction.

This applies to your computer usage as well.  Most internet browsers can save multiple profiles (like Google Chrome).  This will help you keep your data where it belongs, so you can avoid mixing your identities and help categorize your information.  Your search history, open tabs, browser extensions, and more can be saved to distinct profiles and easily accessed or updated if you have “Sync” enabled:

Creating and maintaining this separation in your mobile device can be somewhat challenging, but you can still apply the same principles and set up profiles for web browsing and apps.

 

Secure Your Information on Your Mobile Device

Security on mobile devices is a major topic on its own, but you can take certain steps to protect your personal information by following some simple recommendations:

  1. Always enable security to unlock your phone. Even though face ID is replacing the fingerprint scanner, choose the fingerprint scanner when possible.
  2. Don’t store important information in notes on your phone. Even though it may be practical, never store personal information on messages, pictures, notepads, or similar apps on your device. If you want to keep this information at hand, use a secure application or database for storage and access, like KeePass.
  3. The device and its content should be encrypted at rest. Always enable encryption, when possible, even with microSD storage. In the event of a lost phone, no one will gain access to the information stored in the device.


These are just basic recommendations to protect your personal information. In future articles, we will go more in-depth on encryption at rest, email communication, sharing private data securely over the internet, and other topics.

 

Article written by Daniel Alarcon

 

Cybersecurity Trends in 2022

In an increasingly online world, cybersecurity has become more critical than ever. This is particularly true for companies and organizations that handle personal or sensitive data of consumers and citizens.

Why is Cybersecurity so Important?

With the huge prevalence of remote work during the COVID-19 pandemic, businesses and organizations are increasingly doing their work online. No matter if all business is done in the cloud or completed on a company’s VPN, this method of working needs to take in a whole new consideration of cybersecurity. Is your client’s personal information secure? Have your employees been trained in common phishing and social engineering attacks?

man in front of screen with cybersecurity icons

Increasingly, clients and organizations look into a company’s cybersecurity protections to determine if they want to give them their business. In fact, Gartner reports that, “By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.”

Not only do businesses need top cybersecurity strategies to keep their own organizations secure, they also need it to attract and retain clients.

Of course, cybersecurity changes year by year, so it’s important that companies focus on it and make sure the tools and software they use have top security features and options. To that end, let’s look at some top cybersecurity trends for this year.

Top Five Cybersecurity Trends for 2022

Ransomware

Ransoms have less to do with kidnapping now and more to do with cybersecurity. Hackers are creating malware that threatens to publish private information or permanently encrypt important data unless they’re paid a ransom to remove the malware.

Many hackers now use RaaS (Ransomware as a Service)—ransomware that’s already been created to perpetuate attacks more easily.

Ransomware is being used in large attacks too, like it was for the Colonial Pipeline attack in 2021. The pipeline supplies gas to about 50% of the East Coast of the US and caused panic buying along with spikes in gas prices. Colonial had to pay $4.4 million to have the ransomware removed. Attacks like this will only become more prevalent as hackers become more sophisticated and go after bigger and bigger targets.

Internet of things

The IoT (Internet of Things) is an aspect of cybersecurity many people don’t consider, but in our increasingly tech-focused world, the IoT applies to the physical “things” in our lives filled with sensors and software that communicate and send data online. These “things” can be anything from the smart devices that turn on your lights and music to smart-driving cars. IoT will only increase in everyone’s daily life and make us more reliant on the internet and our devices. What many people don’t realize is that all these devices can be hacked as well. Devices and the companies that create them need to focus on increasing their cybersecurity as well.

Attacks on the Cloud

Increasingly, companies are using the cloud to store their data and files. At a time when WFH is here to stay, the cloud is an important tool that allows employees to access data and files from anywhere at any time. However, hackers are also taking note of the increased reliance on the cloud, which means they’re increasing their attacks on it as well.

Phishing/Social Engineering

Phishing and social engineering use employees against their own companies by sending malicious links and messages to employees to try to gain access to their passwords or devices. These techniques have been around for years, but they are consistently one of the top ways hackers gain access. Many believe that these schemes will only become more targeted and sophisticated, so it’s important that companies have training in place to teach their employees what to look for.

Increasing Regulations

We’ve talked a lot about the ways in which hackers are becoming more sophisticated and problematic. Countries are trying to tackle these emerging issues by enacting laws to increase cybersecurity protections. Regulations like the GDPR (a data protection law) requires certain security protections for EU residents/citizens’ information. Failure to comply with this regulation and the many others like it can result in huge fines for companies, possibly even civil or criminal charges, if they don’t take cybersecurity seriously.

Thankfully, companies and organizations are not alone when it comes to protecting their data.

FileCloud as a Hyper-Secure Solution

FileCloud is a file storage and sharing tool that allows companies to keep track of and protect their data.

Security has always been a top priority for FileCloud, and with the increase in hackers and malicious software, FileCloud understands that now is the time for a hyper-secure file sharing and storage tool that companies can still use with ease.

FileCloud’s Compliance Center helps organizations achieve and maintain compliance with ITAR, HIPAA, and GDPR tabs that provide best practices and easy-to-enact rules.

In addition, FileCloud has many excellent security and compliance options like:

  • Robust DLP, content governance, and permissions
  • Content Classification Engine (CCE) and custom metadata
  • Antivirus and ransomware protection (along with the option to enable detection of files with encrypted payloads to block and warn when ransomware enters the system)
  • Digital rights management
  • Granular folder permissions
  • 256-bit AES SSL encryption at rest
  • SSL/TLS protocols for data in transit
  • Active Directory integration
  • Two-factor authentication

Cybersecurity is not something companies and organizations can ignore or put on the back burner anymore. The trends show that hackers are only getting more sophisticated and malicious.

However, it is possible to keep your company or organization secure and compliant by using a hyper-secure file sharing and storage solution like FileCloud. FileCloud helps protect your data so that you can continue focusing on important work, knowing that you (and your clients) are secure and compliant.