Never Trust, Always Verify

The Zero Trust Data Access (ZTDA) architecture at the core of FileFlex Enterprise provides the security required in today’s remote work environment.

Zero Trust Data Access by Design

Built from the ground up with an architecture that always authenticates and always verifies all transactions all the time based on “never trust, always verify” zero trust data access security.

By building zero trust data access security first into the platform, it becomes inherent to all the capabilities of the platform, both present and future.

FileFlex Enterprise employs file/folder level micro-segmentation – every time someone attempts to access and share corporate data.

Detailed Activity Logging

  • Monitors data access and sharing across all storage locations.
  • Logs all user and administrator activities – even for in-app activities via public clouds – for audit and regulatory compliance issues.
  • Activity log can be imported to the most popular risk management and SIEM systems using common import protocols.

Active Directory and LDAP Integration

  • Supports integration with Lightweight Directory Access Protocol (LDAP) and Active Directory (AD) and Azure AD.
  • When a new user is added, they can automatically only access storage as allowed by Active Directory.
  • When a user is deleted from AD, they instantly lose access to any storage through FileFlex Enterprise and all their file sharing is turned off reducing risks associated with timing delays or human error caused by having to manage the deletion as two separate actions in two separate systems.

Support for Single Sign-On (SSO) (SAML)

  • Supports SSO and SAML (Security Assertion Markup Language) open standard as well as the following custom versions from the following providers: OneLogIn; Google; Microsoft Azure; HelloID; MiniOrange; Okta; TraitWare and SmartLogin.

User Authentication of Shared Files

  • Sharing to unauthenticated users is prohibited. Sharing is done and consumed in the app using patented technology to authenticate users and does not permit open links that can be forwarded or shared on social media providing organizations control over shared files.

Restricted Administrator Access

  • Even administrators cannot use FileFlex Enterprise to access any restricted information beyond what their own permission levels permit. Administrator activities are logged.

Device Authentication

  • Device authentication ensures that only authorized devices can use FileFlex Enterprise.
  • When combined with login credentials can be used as an unobtrusive type of two-factor authentication.
  • Helps protect against phishing as credentials are only accepted when sent in conjunction with the device fingerprint.

Support for Multi-Factor Authentication and U2F Devices

  • Strong two-factor authentication and easy-to-use U2F device support using public key crypto that protects against phishing, session hijacking, man-in-the-middle and malware attacks.

Secure Data Transmission

  • The FileFlex Enterprise connector agent accesses information, encrypts it and sends it back through a gated AES 256 encrypted hybrid point-to-point system.
  • No files are stored on the FileFlex Enterprise server thereby reducing the organization’s threat surface.
  • Encryption keys are not generated in system memory. They can either be generated in the included PKI server or they can be generated in the secure SGX enclaves of an Intel processor. This protects data transmission even on a system compromised by malware.
  • Optional double encryption ensures that the transmitted data is encrypted all the way through from sender to receiver addressing threats such as man-in-the-middle; snooping and intercept.

Optional Intel® SGX

Has the option of using Intel® SGX platform hardened secure enclaves for encryption key generation to provide added protection at the deepest level – within the silicon itself – and ensure that shared data is not snooped or tampered with at any stage of access or transmission – even if the system is compromised.

No Access To Infrastructure

Neither users nor the FileFlex Enterprise server can access the storage infrastructure. The connector agent fulfills the request, encrypts it and sends it back to the user abstracted from the infrastructure.

Protection of Credentials

  • To protect user and device credentials, FileFlex Enterprise uses an exchange of anonymous secure tokens for every request.
  • FileFlex generates new encryption keys every session and tokens are available only per session. The use of tokens protects user and device credentials since they are not stored on the FileFlex Enterprise server, the service provider or with Qnext.

Secure, View-Only Option – Downloading Prohibited

  • Administrators can make selected files, folders or devices ‘view-only’ with downloading of shared content prohibited or they can allow access only and prohibit sharing altogether.
  • Users can also set their sharing options so that downloading of shared content is not permitted.
  • Unauthorized copying of shared files can be prohibited to maintain control over privacy of files shared.

Virus Scanning

Supports active virus scanning using your AV software of choice to track malware that may be hidden in transferred documents.