Q: What is SecureMyFiles?
SecureMyFiles is a technology that protects your files locally and in the cloud. It uses client-side encryption to process your local files and encrypt them. Then it sends those files to your preferred cloud storage provider for additional storage or collaboration with others. The encryption keys and access controls are managed by SecureMyFiles.
SecureMyFiles is a technology that protects your files locally and in the cloud. It uses client-side encryption to process your local files and encrypt them. Then it sends those files to your preferred cloud storage provider for additional storage or collaboration with others. The encryption keys and access controls are managed by SecureMyFiles.
Q: How does SecureMyFiles work?
SecureMyFiles is a software that you install on a device (Windows, Linux, Mac OS X). It creates a virtual drive (or mount point) onto which you can freely work with your files. Behind the scenes SecureMyFiles transparently encrypts the files you work with so they stay protected at all times.
SecureMyFiles is a software that you install on a device (Windows, Linux, Mac OS X). It creates a virtual drive (or mount point) onto which you can freely work with your files. Behind the scenes SecureMyFiles transparently encrypts the files you work with so they stay protected at all times.
Q: What is client-side encryption?
From Wikipedia's article on Client-side encryption:
Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service. Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy.
Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client side of the exchange. This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users.
Current academic scholarship as well as recommendations by industry professionals provide much support for developers to include client-side encryption to protect the confidentiality and integrity of information.
As of February 2016, neither Apple iCloud, Google Drive, or Dropbox provide client-side encryption.
From Wikipedia's article on Client-side encryption:
Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service. Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy.
Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client side of the exchange. This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users.
Current academic scholarship as well as recommendations by industry professionals provide much support for developers to include client-side encryption to protect the confidentiality and integrity of information.
As of February 2016, neither Apple iCloud, Google Drive, or Dropbox provide client-side encryption.
Q: Why do I need to encrypt my files in the public cloud?
By encrypting your files before uploading them to a public cloud storage provider (such as Dropbox) you're adding an additional layer of defense against a breach to your account. A breach will not expose your original files. Instead a breach will exposed the encrypted files which are of no use to an attacker. This is an important consideration when seeking maximum protection and regulatory compliance for your data.
By encrypting your files before uploading them to a public cloud storage provider (such as Dropbox) you're adding an additional layer of defense against a breach to your account. A breach will not expose your original files. Instead a breach will exposed the encrypted files which are of no use to an attacker. This is an important consideration when seeking maximum protection and regulatory compliance for your data.
Q: I have Full Disk Encryption enabled (FDE). Do I still need SecureMyFiles?
Full disk encryption is provided by most major operating systems. Microsoft uses BitLocker, Apple has FileVault and Linux has a couple of different options. VerCrypt is also a popular third-party disk encryption software. But FDE only encrypts the physical hard disk on your computer. It does not encrypt the files when they are moved out of your hard disk and shared over email or through a cloud account such as Dropbox. Additional encryption is needed in this case. FDE also works only when your computer is turned off. If you’re logged into your operating system’s user then your hard disk is decrypted and accessible to anyone with access to your laptop. SecureMyFiles provides client-side per-file encryption that works along side FDE to help cover the additional use cases of file sharing and per-file access control. With SecureMyFiles you don’t even need FDE. Your files are always encrypted both offline and online.
Full disk encryption is provided by most major operating systems. Microsoft uses BitLocker, Apple has FileVault and Linux has a couple of different options. VerCrypt is also a popular third-party disk encryption software. But FDE only encrypts the physical hard disk on your computer. It does not encrypt the files when they are moved out of your hard disk and shared over email or through a cloud account such as Dropbox. Additional encryption is needed in this case. FDE also works only when your computer is turned off. If you’re logged into your operating system’s user then your hard disk is decrypted and accessible to anyone with access to your laptop. SecureMyFiles provides client-side per-file encryption that works along side FDE to help cover the additional use cases of file sharing and per-file access control. With SecureMyFiles you don’t even need FDE. Your files are always encrypted both offline and online.
Q: Doesn't other cloud providers support encryption? Why use SecureMyFiles?
There are two main reasons to use a client-side encryption solution for your sensitive files stored in the cloud:
There are two main reasons to use a client-side encryption solution for your sensitive files stored in the cloud:
- First, cloud storage providers such as Dropbox and Google Drive already support encryption in transit and at rest. But they have to manage the keys for you in order to make their service seamless. This makes it much easier for an attack to obtain sensitive files when your account is breached. By keeping the encryption keys separate from your cloud storage provider you guarantee that an attacker will have no way of accessing your files if a breach to your cloud account happens. SecureMyFiles keeps the keys away from your cloud storage provider and helps you lose nothing in case of a breach to your account.
- Second, if you're syncing files between your devices, the synced files are not encrypted. They are wide open for anyone with access to one of your devices. Your files are also at risk to ransomeware attacks. By always keeping your files encrypted on all your devices and on the public cloud you're protected at all times. It doesn't matter if the files are synced, they are still encrypted. If a ransomeware infects one of your devices and starts scanning for documents it won't find any because the filenames are obfuscated and the contents of the files unintelligible to the ransomeware virus. SecureMyFiles both encrypts files and obfuscates their file names.
Q: AWS, Dropbox and OneDrive allows you to bring your own key (BYOK) or sometimes called client-side encryption key. Why do I need SecureMyFiles?
If you decide to provide your own key to your cloud storage provider you'll need to manage it yourself. This means to rotate it, share it with care and revoke it if it leaks. Now imagine trying to share sensitive files with different people across different organizations and each person needing her own key to access your files. Key management is a complex problem. SecureMyFiles helps you manage your keys seamlessly.
If you decide to provide your own key to your cloud storage provider you'll need to manage it yourself. This means to rotate it, share it with care and revoke it if it leaks. Now imagine trying to share sensitive files with different people across different organizations and each person needing her own key to access your files. Key management is a complex problem. SecureMyFiles helps you manage your keys seamlessly.
Q: Google Drive, Dropbox, Box and OneDrive specify they are compliant to regulations in my industry (HIPAA, PCI-DSS, FIPS etc). Why do I need SecureMyFiles?
Using a cloud provider that "supports" a regulation doesn't mean that you're compliant. Each cloud provider has special guidelines on how to achieve such regulatory compliance but it requires serious consideration and architecture in your application.
For example:
Google HIPAA architecture guidelines: https://cloud.google.com/solutions/architecture-hipaa-aligned-project
AWS HIPAA architecture guidelines: https://d1.awsstatic.com/Industries/HCLS/Resources/Architecting for HIPAA one-pager 2018.pdf
SecureMyFiles uses a different strategy. It guarantees that your files are regulatory compliant on the client side so your cloud provider doesn't need to be. We use encryption and access controls to provide additional protection to your files which enhances regulatory compliance.
Using a cloud provider that "supports" a regulation doesn't mean that you're compliant. Each cloud provider has special guidelines on how to achieve such regulatory compliance but it requires serious consideration and architecture in your application.
For example:
Google HIPAA architecture guidelines: https://cloud.google.com/solutions/architecture-hipaa-aligned-project
AWS HIPAA architecture guidelines: https://d1.awsstatic.com/Industries/HCLS/Resources/Architecting for HIPAA one-pager 2018.pdf
SecureMyFiles uses a different strategy. It guarantees that your files are regulatory compliant on the client side so your cloud provider doesn't need to be. We use encryption and access controls to provide additional protection to your files which enhances regulatory compliance.
Q: What is the difference between SecureMyFiles and it's competitors Cryptomator, Keybase, BoxCryptor, VeraCrypt?
The commonly used cloud encryption tools such as Cryptomator, Keybase, BoxCryptor, VeraCrypt and others are primarily consumer focused. This makes them not suitable for large enterprises with a complex technology stack. SecureMyFiles was designed for the big enterprise. It supports encryption at scale, manages keys, integrates with enterprise key vaults, has fine grained access controls and a robust API to ensure integrations into many existing enterprise systems. It has the ability to support large number of files efficiently and securely. It can help large enterprises be secure at scale.
The commonly used cloud encryption tools such as Cryptomator, Keybase, BoxCryptor, VeraCrypt and others are primarily consumer focused. This makes them not suitable for large enterprises with a complex technology stack. SecureMyFiles was designed for the big enterprise. It supports encryption at scale, manages keys, integrates with enterprise key vaults, has fine grained access controls and a robust API to ensure integrations into many existing enterprise systems. It has the ability to support large number of files efficiently and securely. It can help large enterprises be secure at scale.
Q: Why should I trust the security of SecureMyFiles?
SecureMyFiles is using widely accepted and highly regarded open source technologies to secure your files:
SecureMyFiles is using widely accepted and highly regarded open source technologies to secure your files:
- AES-GCM mode of encryption with 256 bit randomly generated keys per file from a secure CSPRNG. For more information see the original NIST publication.
- Scrypt memory hard password strengthening.
- SQLite for implementing efficient file system operations.
- Elliptic Curve cryptography (curve 25519) for handling public key encryption.
- FUSE file system extension to integrate with all major operating systems.
- Google Protobufs to handle file headers.
- Additional entropy enrichment process to guarantee high quality key generation.
Q: Has SecureMyFiles undergone a security audit?
Not at this point. There are ongoing discussions with third party audit firms to perform such an audit. But if someone would like to do an audit we'll be happy to provide our source code under an NDA.
Not at this point. There are ongoing discussions with third party audit firms to perform such an audit. But if someone would like to do an audit we'll be happy to provide our source code under an NDA.
Q: What is the performance of SecureMyFiles?
We are using a hardware-accelerated mode of encryption (AES-GCM) which performs at near native speeds on systems with CPUs equipped with the AES-NI instruction set. Most chips nowadays come with support for AES-NI. This means that SecureMyFiles incurs very slight hit on performance as compared to working with no encryption. This allows us to encrypt and access millions of files at near native speeds. You can check Intel's documentation on AES-NI instruction set support.
We are using a hardware-accelerated mode of encryption (AES-GCM) which performs at near native speeds on systems with CPUs equipped with the AES-NI instruction set. Most chips nowadays come with support for AES-NI. This means that SecureMyFiles incurs very slight hit on performance as compared to working with no encryption. This allows us to encrypt and access millions of files at near native speeds. You can check Intel's documentation on AES-NI instruction set support.