FileFlex architecture accelerates privacy & security compliance
With no duplication, no third parties and files kept on your own storage in their source locations behind your firewall, the superior privacy and security implications of the FileFlex architecture cannot be understated.
Your files stay stored in their source locations behind the firewall & nothing is moved or copied to a third party
FileFlex is a highly secure hybrid point-to-point software-only solution applied to your existing storage. Files stay in their source locations on your storage, behind your firewall.
With FileFlex, privacy and security of information can be contained completely on-premise. FileFlex provides granular capabilities to enforce controls around access and sharing of your existing data storage.
Addresses the security issues inherent to traditional EFSS solutions
Storing your files on the third party servers of an EFSS vendor can be problematic. To provide quality global access to your files, EFSS vendors will duplicate your files on redundant servers that are strategically located in different geographies. This may create issues of data residency and legal jurisdiction because your files may be stored outside the authority of your own government, violate privacy regulations or break the privacy standards of your professional association.
Also, your EFSS provider may be required to inspect every file you store on their computers to make sure you are not using their platform for illegal activity. And increasingly they are required to allow law enforcement secret access to your files without your knowledge.
FileFlex addresses the security issues of the traditional cloud solutions (EFSS or hybrid) because it does not use cloud storage or store your files on third-party servers. It uses your own storage instead and allows access and sharing of your files from their original source locations.
Thinking of EFSS – The Security Surprises They Don’t Talk About
Download the eBook
This paper , written by Storage Switzerland, explores the issues EFSS vendors don’t talk about, but issues nonetheless that you need to be aware of and understand the implications of before embarking on any long, complicated and expensive implementation of EFSS.
Reduced threat surface
When files are duplicated on public, private or EFSS clouds, in addition to the source location, multiple images and data resides with the service provider typically on-line, near-line, in redundant locations or off-line in backup managed and controlled by the service provider. This large threat surface significantly increases attack probabilities and reduces the control an organization has over its data. FileFlex, unlike the cloud or EFSS, provides access, sharing and collaboration to files in their source locations. No cloud is needed. No duplication or syncing is necessary. FileFlex minimizes the attack surface to source file and folder locations behind your firewall. This makes potential security breaches much more difficult.
Simplified storage infrastructure
The file duplication and syncing structure inherent in public, private and EFSS clouds creates a complex storage infrastructure. With FileFlex, organizations manage a much smaller environment, rather than a large and complex one. Overall, this translates to a lower risk posture and improved security.
Superior Governance, Risk Management and Compliance (GRC)
With growing pressure to empower employees, associates, and customers with the latest mobile technologies and BYOD, governance, risk management and compliance (GRC) around information are vital for an organization’s security strategy. The problem using the cloud and EFSS means your ‘latest technologies’ can quickly become a compliance headache.
To keep compliance on track, FileFlex keeps data in their source locations on your existing infrastructure and behind the firewall. So data that is already under your GRC framework and under your control stays that way.
FileFlex addresses the security issues inherent to traditional EFSS solutions using a hybrid point-to-point communications framework. As opposed to EFSS, the FileFlex server establishes an encrypted tunnel between files in their source locations behind your firewall and the user’s device without opening any new ports. Both sides must be online and FileFlex limits the role of the server to be only used to facilitate the communication. None of your files or folders are stored on the server and you can even host the FileFlex server yourself, under your own GRC, on your own hardware and on your own property.
AES 256 Encryption
If you are serious about being the only one who can access your remote access and share communication, using a service with the best encryption methods available is critical. FileFlex uses the AES-256 encryption algorithm to protect all traffic that passes our servers. AES-256 is the first publicly accessible and open cipher approved by the United States National Security Agency (NSA) for top-secret information. It remains today the only algorithm listed by the National Institute of Standards and Technology (NIST) for protecting classified data. Being one of the most advanced encryption protocols available, AES-256 provides you with peace of mind and the highest level of security possible.
Double Encryption Option
FileFlex Enterprise now also includes a double encryption option that brings extra protection against snooping and intercept.
Aids HIPAA Compliance
FileFlex Enterprise is the ideal EFSS file sharing and collaboration tool for HIPAA Covered Entities and HIPAA Business Associates. That is because the FileFlex server is hosted either by the HIPAA Covered Entity itself or by the HIPAA Business Associate that provides FileFlex to the HIPAA Covered Entity. No Protected Health Information (PHI) or Personally Identifiable Information (PII) is ever stored or transferred to Qnext or third-parties.
Accelerates compliance to GDPR, data residency and privacy standards
When the General Data Protection Regulation (GDPR) goes into effect in May 2018, it requires that organizations do not store or transfer data of EU citizens in or through countries or organizations outside the European Economic Area that do not have equivalently strong data protection standards. According to industry research the majority of cloud providers do not meet these standards – this is where FileFlex comes in.
Since FileFlex allows for remote access and sharing of files from their source locations, the files stay on-premise keeping them in-jurisdiction and data resident. No files are stored in the cloud or with third-parties. This addresses the privacy issues caused by the use of cloud storage, supports and reinforces data residency and aids compliance with privacy regulations such as GDPR.
Active Directory integration
Since typical EFSS solutions store your files on third-party servers, they introduce a level of complexity to access that storage by adding a layer of access authentication. This creates more work for sysadmins to manage permissions, modifications and termination. With this extra admin work, the critical time window surrounding user termination is extended and this brings with it significantly more risk.
FileFlex does not need the cloud. It works from your existing storage. It is behind the firewall and is integrated into Active Directory (AD) for permissions. When a user is deleted from AD, they instantly lose access to any storage through FileFlex and all their filesharing is turned off. When you add a new user, they can automatically only access storage as allowed by your Active Directory. The additional layers of administration common to EFSS is unnecessary.
Operations and Incident Management
The evident increase in the number and severity of security incidents is forcing organizations to assign greater scrutiny to data security. But security incidents continue to increase in frequency.
The problem remains that if any file sharing solution is architected in a way that creates an additional and disparate silo, it creates a red flag for enterprise risk management programs. If that shared data cannot be analyzed in the context of your business, it has failed many compliance requirements. To ensure risk is minimized, FileFlex keeps an audit log of activities that can be exported and then imported using the common import protocols to the most popular risk management systems.
Secure, view-only option – No downloads
FileFlex allows you to set your sharing options so that downloading is not permitted. As a result, no unauthorized copies are made of your files and you maintain control over the privacy of the files you share. View-only sharing for the consumer version of FileFlex applies to media files such as photos, videos, music and movies only. In FileFlex Enterprise, FileFlex allows for view-only sharing for all files as well as media files, including business documents such as Word, Excel, PowerPoint and Adobe PDF files. Thus when accompanied with appropriate user behavior, FileFlex can be used for the sharing of Personally Identifiable Information (PII) and aid compliance to privacy regulations such as HIPAA and GDPR because downloading of PII can be prohibited.
FileFlex provides an activity log
FileFlex logs all activities – even for in-app activities via public clouds – for audit and regulatory compliance issues. Know what files have been shared and when. Know who shared what files and when. Know who accessed shared files and when, and know who downloaded shared files and when.
All remote access and sharing is permission-based
All sharing is permission-based to confirmed contacts only. It’s not a link that can be forwarded or shared on social media. Allowed sharing can be revoked at any time on a contact-by-contact or file-by-file basis. Media sharing can be restricted to ‘view or stream only’ and downloading of shared files can be prohibited on a file-by-file or contact-by-contact basis to prevent unauthorized access and unauthorized downloading. It works with Microsoft Active Directory, LDAP and device permissions to enable secure sharing and access in and out of the company in an encrypted private tunnel without opening any new ports.
Two-factor and device authentication
Two-factor and device authentication are extra layers of security designed to ensure that only authorized users can access your storage infrastructure, even if someone knows the password of one of your users.
Supports active virus scanning using your AV software of choice to track down viruses, worms, trojans, spyware and malware that may be hidden in transferred documents.
CISO level third party PEN tested
FileFlex Enterprise has been evaluated by an independent, third party CISO level information security firm who has reviewed the information security supporting capabilities introduced through the use of FileFlex Enterprise, as well as the performance of a Threat Risk Assessment (TRA) on the product to meet HIPAA requirements in regards to data privacy and security. The FileFlex application and the underlying infrastructure has been subject to and passed a red-team, penetration testing assessment that used a black-box methodology. The security testing brief can be downloaded here and full test results and testing certificate can be obtained by contacting a Qnext representative.
Download our new independent security brief, “CyberSecurity Product Analysis Whitepaper”