secure file sharing in remote work

Secure File Sharing in the Era of Remote Work

New world, new rules

Two years after the onset of the COVID-19 pandemic, it’s clear that remote work isn’t going anywhere any time soon.

Companies scrambled in 2020 to pivot to fully remote working environments, and while some have shifted back to in-office or even hybrid environments, the need remains for secure and remotely accessible resources like file servers and videoconferencing solutions for employees scattered across the country, and sometimes around the world.

This abrupt shift to these decentralized collaboration environments opened created a world of opportunity for hackers. In the past, centralized headquarter environments granted a high degree of control to allow cybersecurity and IT professionals to manage company security more effectively.

But today’s working world is riddled with new variables – unsecured home networks, IoT devices, the use of personal devices for work, and lack of individual understanding of best security practices and common threats, to name a few. And when 88% of data breaches are caused by human error (according to a study conducted by Stanford University), the risk is too high, especially for a resource like a file server, where large numbers of users are likely uploading and downloading files frequently.

File servers in particular are a gold mine for malicious actors as much as they are essential to remote work environments. But can you keep them safe?

Can yesterday’s solutions work in today’s remote world?

Encryption is the most obvious solution for protecting file servers, but it has its downsides:

  • Time and effort. Private key infrastructure (PKI) can be an effective way to protect connections between an individual and another individual, group, or server, but is tedious to set up and maintain. A user must generate their own public and private key pair, store the private key safely, and share the private key with the person or server they’re trying to reach (use that person or server’s public key). Worse, to use the same encryption key on another device, the user would need a secure way to transfer the private key to the new device to ensure it can’t be captured in transit. While this may be a standard practice for familiar users, those unfamiliar with cybersecurity basics may find this method inaccessible. And with remote employees spread far and wide in questionably secure locations (sometimes across the world), IT support can be a costly and time-consuming nightmare for everyone involved.

  • Key ownership. Popular file-sharing services like Dropbox claim to use encryption to protect their users’ data, but they hold the encryption keys, and the encryption is broken at their central server. So if their servers are compromised by unauthorized access or insider attacks, any user communications with those servers could be leaked to a third party. In other words, if they’re compromised, so are you.

The demands of the current remote work climate require a user-friendly solution that provides the best security features available and limits the potential for human error.

Erebus: The encrypted file server for a remote world

Erebus is a cloud-hosted secure file storage system that uses built-in patented encryption software (Conclave) to encrypt files and automate management user encryption keys.

Security features at a glance

  • Symmetric and asymmetric (end-to-end) hybrid encryption

  • Perfect forward secrecy (PFS) protocol

  • Two layers of AES-256 encryption with 2096-bit initial key exchange

  • FIPS 140-2 validation

  • Immunity from IPv4, IPv6, DNS, and WebRTC attacks

  • User-specific encryption at rest

Fully automatic encryption key management with Conclave

Erebus uses Conclave encryption technology to automate the management of encryption keys for users and the Erebus server, eliminating the need for cumbersome manual key configuration, and by extension, the possibility of a data breach caused by human error.

When Erebus access is activated for a user, the software generates a dedicated proxy instance that handles encryption keys between the Conclave server and Erebus server. Users receive the full protection Conclave has to offer, without needing to rely on tedious and complicated encryption configurations. Accessing and using Erebus is as simple as signing in and uploading or downloading files in just a few clicks – while Conclave handles the rest and keeps them protected.

Secure access and file management

Whether on a desktop or mobile device, Erebus users never access the file server directly. Instead, a dedicated third-party proxy instance is generated for each Erebus user. These instances act as intermediaries in the connection, ensuring potential snoopers are misdirected and the server is protected. Not even your own users need to know where the server is hosted, adding another layer of protection against human error and insider attacks.

These user access URLs can be generated, re-generated, or destroyed in just a few clicks. Uploaded files can also be configured so they’re destroyed automatically after a certain amount of time or downloads.

Simple and intuitive access control

Erebus servers can be configured in minutes, and administrators can easily control user access to files and the capabilities within Erebus using groups and permission assignments.

All data is individually encrypted for each user assigned access to specific files, so as user permissions are modified, the data itself is modified to suit that permission. This ensures that when user access is removed, users will no longer be able to decrypt the relevant data.

20043_Graphics_1b_Scalable (Single Ad) 1200x675

Speakeasy – Videoconferencing as it should be

Millions of users rely on videoconferencing to do their jobs remotely, and in the modern environment of work-from-home, the number of users who rely on this technology to stay connected with their teams will only grow. Videoconferencing has become (and will become even more of) an essential part of business continuity for effective communication, collaboration, and productivity. However, most video conferencing solutions are provided by third party vendors, and run on vendor-owned infrastructure, in a way that allows those vendors to observe, record, store, exploit, and even potentially leak an organization’s media streams and other private data.

For organizations concerned about the privacy of their communications and the safety and security of their staff, this creates an unacceptable level of risk. In addition to these administrative risks, most modern videoconferencing solutions introduce technological risks as well.  These solutions rely on a technology called “Web Real-Time Communications” (WebRTC) to deliver their service.  But WebRTC is not designed to be secure; it’s designed to be convenient.  In order to get around firewalls and other infrastructure-specific limitations, WebRTC makes use of “Session Traversal Utilities for NAT” (STUN) and “Traversal Using Relay NAT” (TURN) services to facilitate their operation.  And they do facilitate operation…at the cost of revealing information about individual users and their network locations that those users (or their organization) might not want revealed.  What’s more, every user connects to the same videoconferencing server, which allows a third party observer to correlate which users are talking to whom, and when, and which organizations they are a part of.

Because current videoconferencing solutions do not address this risk landscape in a way that allows an organization to visualize, manage, and mitigate the dangers inherent in the technology, in order to protect their people and their intellectual property, it becomes imperative to change the organization’s whole approach to videoconference-based collaboration.

Speakeasy: secure, anonymous, untraceable video teleconferencing, from Dexter Edward  

Since 2015, Dexter Edward has been the premier provider for secure, traceless, and anonymous online communications.  With the addition of the Speakeasy product, Dexter Edward applies this track record for discreet communications to the suddenly-burgeoning area of videoconferencing for remote collaboration.

Speakeasy leverages Fognigma’s revolutionary Portal Proxy and ZeroProfile capabilities in order to provide secure conference rooms for collaboration, as well as individual, unique, single-use proxy access points for each participant. With Speakeasy, conferences are completely undiscoverable by any third party, and are protected within a Fognigma Network using ZeroProfile smart firewalls. Each participant receives a unique network path to use to access the conference, ensuring that no two users can be correlated with one another or with the videoconference server or service.

A third-party observer cannot even tell that the participant is part of a videoconference at all. And because each network path is unique and separate, there are no WebRTC STUN/TURN data leaks to worry about. Even better, Speakeasy can be completely automated, creating and destroying conference rooms and access points as needed, so your users always have what they need, when they need it, without increasing administrative overhead.

Dexter Edward’s Speakeasy capability provides these important features:

  1. Compatibility With Any Device: Users can virtually communicate face-to-face using any device running any major operating system; no special hardware or software is required.
  2. Chat and Screen Share: To maximize communication and collaboration in virtual meetings, Fognigma’s video conferencing solution has chat and screen share capabilities.
  3. Global Accessibility: No matter where in the world your team members are located, they can reach their Speakeasy conferences with the click of a button, and you can even tailor their access points to be geographically near to the participants’ worksites, so that they do not draw undue attention.
  4. You own the infrastructure: Video conferences run on servers your organization owns, meaning no one else has access to see your private company information.
  5. Completely Private and Invisible: Conferences exist only when you need them, and their existence (as well as any information about who is accessing them, and when) is completely undetectable from outside your organization. Even people within your organization will only be aware of conferences they have been invited to participate in.  So your communications are protected from external threats as well as the most dangerous risk of all: the insider
  6. AES-256 Encryption: Fognigma protects all communications within the system with AES-256 encryption.  Every session, every conference, and every interaction is uniquely keyed, every time.  When a conference is completed, the system destroys it, as well as all of the access points to it, completely, which leaves no forensic footprint for an adversary to attempt to investigate.

How It Works

Using the Fognigma console you create and issue a unique access point for the Speakeasy conference server to every user in your organization who is authorized to create Speakeasy conferences.  Users use that URL to access the Speakeasy console whenever they need to create a room for collaboration.  To create a room, the user simply clicks “Reserve Conference” and selects the number of participants who will be making use of the room.  The Speakeasy server then builds the conference room and the unique access points for each participant.  The user then provides those access point URLs to the participants, who click on them to join the conference from any network-connected device with a web browser.  Once the conference is complete, the user who reserved it returns to the Speakeasy console and clicks “Terminate”.  The server then deletes the conference room and all of the individual access points to that room, so even if an adversary managed to discover one of those unique URLs, he or she would not be able to use it to trace back to any of the participants, the server, or your organization.

Videoconferencing and remote collaboration are more important than they have ever been, and they are here to stay.  Your organization needs a solution that protects its intellectual property, its people, and its budget.  Speakeasy, from Dexter Edward, is your solution for the rapidly-evolving remote-collaboration environment.