The Ponemon Institute recently published a report stressing the fact that organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees. nCrypted Cloud is an interesting offering that tackles this and other threats by adding a strong security layer to the data used and shared via popular cloud-based data storage providers.
Patent pending key managing system
If you are planning to use a product of this kind to protect your private or corporate data, you should be interested in its inner workings. An nCrypted Cloud account is created by submitting an email address and a password. Besides being used for authentication purposes, this information will also be run through the Password Based Key Derivation Function 2 (PBKDF2) in order to generate your User Personal Key. This private key will be stored on your computer, not on nCrypted Cloud’s servers.
The patent pending system uses AES-256 bit encryption for protecting the data. When each of your files gets encrypted, a unique per-file password will be derived from your personal key and the additional entropy. The result will be a password-protected zip archive containing the original file together with some other data that I’ll mention later. Zip containers were chosen because the system creators wanted to use something that isn’t proprietary. From the security perspective, it is important to stress out that the encryption and decryption of data are always performed on the client.
Support for popular cloud storage providers
nCrypted Cloud consists of a web interface and client software that can be installed on Windows, OS X, iOS and Android devices. Your first interaction with the service will be through the web interface and you’ll need to setup access to the cloud storage services you are using. nCrypted Cloud currently supports Dropbox, Google Drive, OneDrive, Box and Egnyte.
When you successfully link your account(s), you will be able to browse through the stored files via the nCrypted Cloud web interface. The interface is smooth but the files are arranged only by name and you cannot rearrange the listing according to size or date.
The next step is to download and setup the client software on the systems you’ll use. The process is rather straightforward and as soon as you activate your account, you will be ready to go. While you will be using the newly created shared folder for synching your stuff, have in mind that you first need to install sync software from your cloud storage provider.
A new shared folder named nCryptedCloud will appear and by default it will analyze your system and create specific folders for every storage provider that is setup on your system. As nCryptedCloud is just a secure wrapper service around your storage provider, locally encrypted files will be uploaded to the cloud service of your choosing after you synch them.
Trusted sharing and collaboration platform
A survey released just a week ago by secure file sharing provider Soonr shows that the majority of full-time employees accesses files remotely and three out of four share the files via email.
nCrypted Cloud makes it easy to share any file or folder with a click of button. This can be done both from the web interface, and from your local shared drive. The only difference is that when sharing the file via web, you can enable a watermark option which isn’t supported in the nCrypted Cloud software application (at least in the OS X one). The watermark is placed over a document identifying the original recipient of the shared file.
Other options include:
- Viewing rights: Will the recipient be able to just view the file or will the download option be provided as well?
- Access rights: Does the recipient need to be an nCrypted Cloud user or not; will an additional access code be needed to open the file?
- Expiration settings: When will the shared link expire – never, immediately after the first access, or after a specific time period (minutes, hours, days, months)?
From a technical standpoint, trusted sharing via nCrypted Cloud uses a unique symmetric key for every file or folder you share. When you share something with co-workers inside your organization, the symmetric key will be added to their key storage. As soon as sharing rights are revoked, the key gets deleted and further access is denied.
Enterprise management and compliance
In combination with a selected file storage provider, nCrypted Cloud is a powerful enterprise data storage and sharing solution. It provides detailed management of data sharing inside the organization and can be used to manage users and their devices.
Auditing mechanisms can be used to track all company data and its behaviour inside the corporate infrastructure. Per user and per organization tracking is available, so one can see who has been accessing and sharing what data, and who are the recipients.
The service enables its users to have multiple identities, which comes in handy when you need to separate your personal and corporate identity. This is a nice touch and broadens the appeal of nCrypted Cloud. If an employee leaves the company his corporate key will be revoked, but he will still have access to the files encrypted by using his personal identity. Similarly, the company cannot access its employees’ personal files.
Depending on the number of deployed users (see the pricing section), you will be able to use some advanced functions such as SAML 2.0 for deploying single sign on (SSO) capabilities, Active Directory integration, DLP integration with reverse proxy, MDM controls etc.
The service enables covered entities and business associates to maintain HIPAA/HITECH regulatory compliance related to cloud based storage and sharing when delivering health care services. It can also aid in addressing data security elements of various families of controls developed by NIST for FISMA compliance.
nCrypted Cloud never stores your private keys, but there is a smart failsafe mechanism that uses another set of generated keys. Besides the User Personal Key, the system will also create you a Public/Private key set dubbed User Recovery Key. This key is stored locally on the client’s computer but you can store an encrypted variant of it on nCircle Cloud servers as well. When you encrypt a file, its unique password gets encrypted as well by using the User Recovery Key. This value is then stored in the comments file of the resulting zip archive. This allows users to recover an encrypted file if they still have the recovery key.
Running an encrypted zip file through zipinfo will show the encrypted password in the comments section (parts of the output redacted).
nCrypted Cloud costs $10 per user on a monthly basis. Depending on the size of the company (25+, 250+ and 2500+ users), every tier has its own set of extra features. The pricing is for US based companies, for customized or international pricing you’ll need to contact their sales team. Consumers (one user, unlimited devices) can use the service for free.