Protecting your Data from Attack: FileOpen's Approach

Posted by Sanford Bingham on Feb 3, 2010 12:24:00 PM

Last time we talked about how the "Aurora" attack on Google's servers illustrated the dangers of storing valuable data in the cloud, even in encrypted form. Owners of valuable data should not use centralized, big-name hosting services because those are servers most likely to come under attack from hackers.

So, how does FileOpen Systems approach this problem?

It was partly to avoid multi-user data breach that the FileOpen software was designed around a distributed architecture, with no single point of failure or co-location of publisher data. Each licensee of our Toolkit or PermissionServer operates a separate, private, wholly-owned implementation of the software: neither FileOpen Systems nor any other entity can monitor or remotely access that implementation without the licensee's permission.

However, some implementations of the framework - including our own FileOpen Hosted offering - operate as multi-publisher systems, so do centralize the data of multiple licensees. The FileOpen Hosted system has some structural features designed to minimize risk of data loss. Among these are:

  • Distributed Document Storage: FileOpen's software operates only as a document permissioning service, not as a portal for the encrypted documents themselves. There is no single location containing all of the documents managed by the system.
  • Local encryption: all documents encrypted into the FileOpen Hosted system are processed locally, on the desktops of the licensees. The unencrypted originals are never transmitted to any remote location.
  • Database segregation: each licensee of the FileOpen Hosted system is provisioned as a separate instance of the PermissionServer code and a discrete database. This ensures that licensees' data is never comingled, each publisher has unique login credentials that resolve to a private database instance, and also enables migration of the database from the Hosted platform onto a private server upon request.

Using "cloud-based" hosted services is faster and easier than building-out dedicated servers, and in many cases can actually provide more security at lower cost than the same functionality implemented in-house. The safe deposit box at the bank is more secure than the safe in your basement. But at the same time, the crook is more likely to break into the bank vault than to raid hundreds of basements.

FileOpen's different products give you the flexibility to manage your entire secure publishing operation in-house, or outsource the database and authentication processes to us. But either way, your data remains with you and your authorized users--not in a centralized repository vulnerable to attack.

Sanford Bingham  |  President  | FileOpen Systems

 

Topics: protecting data data loss minimize risk cloud-based computing