CentreStack Enhances Security with Endpoint Encryption
The CentreStack platform has recently been enhanced to provide better security with endpoint encryption. CentreStack also provides data-at-rest encryption, but that addresses a different threat model. Let’s review both threat models and explore the advantages in security and performance that come from CentreStack’s unique approach to endpoint encryption.
Threat Models for Endpoint Encryption and Data-at-Rest encryption
CentreStack provides access to cloud storage through a mapped drive on your client machine. In order to do so efficiently, we present a directory listing of all content but nothing is downloaded until it is actually used. And once it is downloaded, the data is stored in a local cache on the disk. This approach is great for performance because it minimizes bandwidth usage and avoids overloading the device’s storage system by syncing everything down when most of it will never be used.
But what happens if the device is lost or stolen? In that case, even though the thief may not be able to logon with the user’s credentials, some data may be available from the local cache, which is unprotected.
CentreStack provides endpoint encryption to address this threat by encrypting data in the local cache.
Data-at-rest encryption provides similar protection. The difference is that the data is stored in encrypted form in cloud storage, which is great if you don’t trust your service provider. But there may be times when the service providers needs to provide additional services like backup and restore which they may want to remain independent of CentreStack. That separation will not be possible with data-at-rest encryption because they will be dependent on CentreStack to decrypt the restored data.
So the advantage of endpoint encryption is that you can address threats from end users without necessarily having to make the data opaque to service providers. There’s also a huge performance benefit since CentreStack syncs on-demand and only the downloaded files are encrypted. With most other platforms, the entire endpoint has to be encrypted to address end user threats and that creates a lot more overhead than just encrypting the files that have been cached by CentreStack.
This is just one example of CentreStack’s focus on security. For more information on how we maintain the file server’s DNA of data, NTFS permissions, AD and Administration, please visit http://www.centrestack.com/cloud-file-server.