Posts

Showing posts from 2017

CentreStack Enhances Security with Endpoint Encryption

Image
The CentreStack platform has recently been enhanced to provide better security with endpoint encryption. CentreStack also provides data-at-rest encryption, but that addresses a different threat model. Let’s review both threat models and explore the advantages in security and performance that come from CentreStack’s unique approach to endpoint encryption.Threat Models for Endpoint Encryption and Data-at-Rest encryptionCentreStack provides access to cloud storage through a mapped drive on your client machine. In order to do so efficiently, we present a directory listing of all content but nothing is downloaded until it is actually used. And once it is downloaded, the data is stored in a local cache on the disk. This approach is great for performance because it minimizes bandwidth usage and avoids overloading the device’s storage system by syncing everything down when most of it will never be used. But what happens if the device is lost or stolen? In that case, even though the thief may …

Secure File Sync and Share

CentreStack is different from other file sync and share solutions by focusing on security and centralized management. There are many security features already, such as leveraging NTFS permission, using drive based access model and etc. As a recent feature, now there is a group policy item that controls client side encryption.  This feature is very unique to drive based access model. As you may be aware, there are two methods when it comes to file sync and share. One method is that there is  a local folder that is 100% sync to cloud. The other is that there is a virtual drive letter that is sync to cloud. The first is folder based, and the second is drive based. In the folder based model, the local folder is basically controlled by the local operating system and there is not much you can do besides the BitLocker or some third party app like TrueCrypt. However, in the dive based model, since the access is going through the file system driver layer, the drive can be encrypt the local cac…