vdi file transfer

Secure File Sharing in the Era of Remote Work

New world, new rules

Two years after the onset of the COVID-19 pandemic, it’s clear that remote work isn’t going anywhere any time soon.

Companies scrambled in 2020 to pivot to fully remote working environments, and while some have shifted back to in-office or even hybrid environments, the need remains for secure and remotely accessible resources like file servers and videoconferencing solutions for employees scattered across the country, and sometimes around the world.

This abrupt shift to these decentralized collaboration environments opened created a world of opportunity for hackers. In the past, centralized headquarter environments granted a high degree of control to allow cybersecurity and IT professionals to manage company security more effectively.

But today’s working world is riddled with new variables – unsecured home networks, IoT devices, the use of personal devices for work, and lack of individual understanding of best security practices and common threats, to name a few. And when 88% of data breaches are caused by human error (according to a study conducted by Stanford University), the risk is too high, especially for a resource like a file server, where large numbers of users are likely uploading and downloading files frequently.

File servers in particular are a gold mine for malicious actors as much as they are essential to remote work environments. But can you keep them safe?

Can yesterday’s solutions work in today’s remote world?

Encryption is the most obvious solution for protecting file servers, but it has its downsides:

  • Time and effort. Private key infrastructure (PKI) can be an effective way to protect connections between an individual and another individual, group, or server, but is tedious to set up and maintain. A user must generate their own public and private key pair, store the private key safely, and share the private key with the person or server they’re trying to reach (use that person or server’s public key). Worse, to use the same encryption key on another device, the user would need a secure way to transfer the private key to the new device to ensure it can’t be captured in transit. While this may be a standard practice for familiar users, those unfamiliar with cybersecurity basics may find this method inaccessible. And with remote employees spread far and wide in questionably secure locations (sometimes across the world), IT support can be a costly and time-consuming nightmare for everyone involved.

  • Key ownership. Popular file-sharing services like Dropbox claim to use encryption to protect their users’ data, but they hold the encryption keys, and the encryption is broken at their central server. So if their servers are compromised by unauthorized access or insider attacks, any user communications with those servers could be leaked to a third party. In other words, if they’re compromised, so are you.

The demands of the current remote work climate require a user-friendly solution that provides the best security features available and limits the potential for human error.

Erebus: The encrypted file server for a remote world

Erebus is a cloud-hosted secure file storage system that uses built-in patented encryption software (Conclave) to encrypt files and automate management user encryption keys.

Security features at a glance

  • Symmetric and asymmetric (end-to-end) hybrid encryption

  • Perfect forward secrecy (PFS) protocol

  • Two layers of AES-256 encryption with 4096-bit initial key exchange

  • FIPS 140-2 validation

  • Immunity from IPv4, IPv6, DNS, and WebRTC attacks

  • User-specific encryption at rest

Fully automatic encryption key management with Conclave

Erebus uses Conclave encryption technology to automate the management of encryption keys for users and the Erebus server, eliminating the need for cumbersome manual key configuration, and by extension, the possibility of a data breach caused by human error.

When Erebus access is activated for a user, the software generates a dedicated proxy instance that handles encryption keys between the Conclave server and Erebus server. Users receive the full protection Conclave has to offer, without needing to rely on tedious and complicated encryption configurations. Accessing and using Erebus is as simple as signing in and uploading or downloading files in just a few clicks – while Conclave handles the rest and keeps them protected.

Secure access and file management

Whether on a desktop or mobile device, Erebus users never access the file server directly. Instead, a dedicated third-party proxy instance is generated for each Erebus user. These instances act as intermediaries in the connection, ensuring potential snoopers are misdirected and the server is protected. Not even your own users need to know where the server is hosted, adding another layer of protection against human error and insider attacks.

These user access URLs can be generated, re-generated, or destroyed in just a few clicks. Uploaded files can also be configured so they’re destroyed automatically after a certain amount of time or downloads.

Simple and intuitive access control

Erebus servers can be configured in minutes, and administrators can easily control user access to files and the capabilities within Erebus using groups and permission assignments.

All data is individually encrypted for each user assigned access to specific files, so as user permissions are modified, the data itself is modified to suit that permission. This ensures that when user access is removed, users will no longer be able to decrypt the relevant data.