Feeds

So you broke our encrypted files? Ha! They were DOUBLY encrypted

Even if they steal the cloud, they can't get the rain out

SANS - Survey on application security programs

Developers have launched a sync-and-share service aimed at small businesses that adds an extra layer of encryption absent from popular services such as Dropbox and Box.

InfraScale says its Filelocker software protects data by encrypting it locally, in-transit and again in the cloud. Files are encrypted with a user's personal passphrase before leaving a device, transferred over a standard 256-bit SSL connection, encrypted again for peace of mind server-side, and then stored in the FileLocker cloud. InfraScale said it doesn't have access to the clear text of users' data.

Presumably these measures are in place to ensure that anyone intercepting data in transit, or compromising the cloud servers, cannot easily recover unencrypted information.

FileLocker is free for five people and up to 25GBs of cloud storage (5GB per person), and supports desktop sync and mobile access albeit with a couple of limitations.

"The HTML5 mobile app will work for free and it lets you search, get your content on the go, download it, preview it and share it. But free users won't get the native mobile apps," explained Ken Shaw, chief exec of InfraScale told El Reg.

The company also offers a paid-for version of the service targeted at companies that want to run Filelocker on their own internal servers. Both versions of the technology launched on Tuesday.

That morning also marked the launch of another similar but more consumer-focused service. Scrambls for Files allows users to encrypt all types of files and folders before they are sent to cloud services such as Dropbox. The free technology is an extension of previous Scrambls services from Wave Systems Corp that allow users to control and encrypt social networking messages*.

Many sync'n'share startups are marketing file-sharing services that claim to be more secure or enterprise-friendly than Dropbox and Box. Other players in the online storage arena include TeamDrive, Microsoft SkyDrive, Google Drive, SugarSync, Accellion and many others.

End-to-end encryption is standard issue for enterprise apps, we're told. Business-grade file-sharing services also offer collaboration tools to securely synchronise of data across tablets, smartphones and desktops.

"While it is true that some consumer-grade solutions lack these basic security features, for business solutions they are table stakes," Paula Skokowski, chief marketing officer of Accellion, told El Reg. The company launched Kitepoint on Tuesday, which offers companies a unified view of content pulled from Sharepoint, enterprise content management systems, Windows file servers, and other stores throughout an organisation. The software is part of Accellion's Mobile File Sharing cloud-based platform. ®

Bootnote

*Scrambls users are able to choose exactly who can see and read any scrambled files by forming groups (based upon email address and Facebook contacts and groups, etc.) Anyone outside the group will see only obfuscated text.

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.