Blog File Server Security

SECUDRIVE File Server: A simple and effective Windows file server data protection security solution with Digital Rights Management

SECUDRIVE File Server is a file server data protection developed by Brainzsquare that is efficient to use and simple to install.

SECUDRIVE File server is file server security solution that protects your confidential and personal information for your Windows file server. This solution acts like an add-on for existing file servers that enhances current file server security while providing user-based DRM features. SECUDRIVE File Server offers features such as copy protection, user-based individual DRM policies, and detailed event logs.

Installation to file servers is easy. Administrators, if you currently have a file server set up with shared folders, groups, and settings, SECUDRIVE File Server will not be a problem! By installing SECUDRIVE File Server onto your existing file server, it will ask for you to fill out the file server information. By doing so, it automatically detects your current file server settings such as users and shared folders.

Digital rights management for your file server. SECUDRIVE File Server allows administrators to assign DRM policies to individual users, preventing certain users from copying, printing, or screen capturing the files in the specified folder. The list of various application programs that this solution is compatible with can be seen from the administrator’s user interface. For example, by registering an application program such as Microsoft Word onto the access allowed list, registered users will only be able to open the files using Microsoft Word-however, while they have access to the data, they will not be able to copy, “save as” another file, screen capture, or print the file unless the administrator has allowed the function. A secure backup file will be created for auditing purposes when an authorized user copies a file from the server.

Adjusts to existing file server security settings. After installing the file server user clients on your employee PCs, the solution will adjust itself to existing file server settings. This means all the groups, users, and file server security settings that were applied before installing SECUDRIVE File Server w Administrators will be able to apply individual user-based DRM policies to registered users. This allows/denies specified users from actions such as copy, print, or screen capture of files, creating different levels of DRM policies within the file server.

Detailed event logs allow you to audit activity. Detailed event logs are recorded in real time and can be viewed on the administrator’s file server client for auditing purposes. The log records information such as registered user, date, time, PC, file accessed, and action taken, so administrators can trace data leaks when it occurs.

SECUDRIVE File Server Introduction Video

SECUDRIVE File Server can be your comprehensive data protection and security solution for your file server. With all the features that were covered in this blog, you can try a free 30-day trial of SECUDRIVE File Server. Click the link below and head over to our product and trial request page.

SECUDRIVE File Server product and trial version request page>>

Blog File Server Security

File Server Data Protection Using Digital Right Management

Let’s say you have a file server set up for your office, business, or company.

All of your employees use this file server to share and collaborate on company work files as efficiently as possible. Administrators of this file server can restrict specific users from accessing a folder on the file server. However, what if an employee that does not regularly have access to the folder needs access rights for a work situation? This poses a huge security hole that just screams internal data leakage to us techies. File activity record logs could help for later auditing purposes but if digital rights aren’t managed for employees across the board, then it can be difficult to track the leak and contain it.

The files stored on file servers may be company confidential and if leaked, could ruin the reputation and business of a company. But the convenience of file servers is almost unbeatable within a company. So why is it that there are no industry standard data protection solutions for file servers to prevent these huge risks that they pose?

To stop internal data leakage at its source, a file server data protection solution is absolutely needed to prevent just anyone from accessing and printing/copying a file to a location of their choosing. You can’t be too safe when it comes to your employees due to the steady rise in internal breaches. Part of the problem with applying data protection solutions to a file server has been the compatibility of various file formats and apps. Work efficiency can go down, causing some businesses to be apprehensive towards applying and using data protection solutions.

But you can’t be too safe with company information right? Think of what happened with NSA and Edward Snowden. This is one of the best case examples of ongoing internal data leakage. Edward Snowden was a temporary employee who worked for the NSA until he got his hands on some confidential information, was able to copy it easily off of the NSA servers (whether or not he had access or someone else gave him access to the data is unknown) onto a simple USB drive, and was able to walk out the door. Your company’s reputation can be sabotaged in the same way.

Related: SECUDRIVE File Server: A simple and effective Windows file server data protection security solution with Digital Rights Management

Blog File Server Security

The need of Audit File Server Event Logs

File servers are convenient because company administrators can assign and register employees to have access to files stored on the server. If your company has reasonable security for the file server (i.e. secure physical location, antivirus and malware protection, access control), then it’s safe to assume that your files are secure, right?

This is a common misconception and surprisingly, even with the growth of data breaches and compromises, many companies do not realize that the risks run much deeper. At this point, digital rights management should already be considered for the company file server to prevent data from leaving the server without authorization.

Related: File Server Data Protection Using Digital Rights Management

For instance, what stops an employee from copying a file off of the file server and accidentally (or maliciously) leaking the data outside of the company? According to a study done by Ponemon and Symantec Corp., 64% of data breaches and compromises are caused by human and system errors combined while only 37% are caused by malicious attacks. So what can companies do to prevent these risks and stop it at the source?

Aside from digital rights management to prevent files from leaving the server unless the employee is authorized, administrators also need file activity event logs. Event logs with recorded details such as affected files, action taken, user, time, date, and file location are crucial for auditing purposes and stopping a leak at its source. Event logs that update in real-time allow administrators to accurately audit file activity and see if any suspicious activity is occurring. Administrators can also audit files that have been taken out by an employee with permission from the FTO, and the original file is backed up on the server. This way, administrators will always know which files were taken out. On December 14, 2013, an article from the New York Times states, “American intelligence and law enforcement investigators have concluded that they may never know the entirety of what the former National Security Agency contractor Edward J. Snowden extracted from classified government computers before leaving the United States, according to senior government officials.” Think of how useful event logs could have been in the Edward Snowden Case.

Related: SECUDRIVE File Server: A simple and effective Windows file server data protection security solution with Digital Rights Management

Blog File Server Security

The Need of Digital Rights Management for File Servers

File Servers can be a conundrum to maintain security for depending on the size of your business and the number of employees you have. One of the main reasons businesses should consider a solution for their file server is due to the risks that it carries such as internal data leakage and overall data breaches. With the level of awareness for one’s privacy and protection of information (we can all thank Edward Snowden for that), it’s safe to say that current file server security lacks several features that prevent compromised data. Here are some things to consider when choosing a file server security solution.

Windows file servers, for example, provide a security feature which allows administrators to register users to specific groups and folders in “Read-only” or “Read and Write” mode. But what stops registered users from copying a file out of the server? There are some security limitations to Windows file servers and this leaves your business with a big security risk. If an administrator has a temporary employee that needs access to some documents stored in “Folder A,” that employee would have access to the data like the full-time employees. However, there is no digital rights management for the data stored in the file server, enabling the temporary employee to copy, print, or screen capture a file from the server. This is a huge security risk that many companies face today where DRM policies are absolutely needed but rarely supplied for file servers. If that temporary worker made off with important documents that could compromise the reputation of the company and its customers, it can cause irreparable damage to a company’s image. I mean, think about what happened with the NSA and how our views on the government since have not been the same.

The best way to combat this risk is to find a solution that alleviates the security limitations of the windows file server. By being able to apply user-based DRM policy settings for just the temporary employee (which denies copy or printing rights), administrators can rest easy knowing that the temporary employee can access and edit the files but cannot copy the files out of the server, which is all that is necessary to do their jobs. Meanwhile, the other employees can continue working as they normally do.

Related: SECUDRIVE File Server: A simple and effective Windows file server data protection security solution with Digital Rights Management

Blog File Server Security

Is Your File Server Secure Enough?

Increasing risks and data compromises have called for a security reformation in law firms over the last decade (Related: information security in law firms). Using file servers have been a concern for law firms as they transition into a paperless office. There are file server security solutions out there that classify existing data stored on the file server. However, this type of solution only provides passive security where the solution automatically applies some minimal defensive features like file documentation and organization. Most lack active security features such as access control and rights management for copy, print, and screen capture that can be set by administrators which can prevent intentional data leaks.

Data protection of files will always remain the primary concern when looking into file server security solutions. Preventing data leakage by external sources but internal as well will ensure that a company’s confidential information is fully protected. When it comes to sensitive information, businesses need to prepare for accidental and malicious insider data leakage, as it can cost a business hundreds of thousands of dollars in damage control. In July 2013, California Attorney General Kamala Harris released a data breach report, which contained collective information of data breaches in California and recommendations to companies in improving their data security. The amount of compromised data is staggering, as the report states that the personal information of 2.5 million Californians was compromised. Also in this report, it states that computer intrusions, by outsiders and malicious insiders, accounted for over half the reported breaches in 2012. “Tightening security controls” and extending it to training employees and contractors are advised to protect personal information. This goes for file servers too because access control is so minimally maintained in most file server security solutions.

Related: File Server Data Protection Using Digital Right Management

Individualized DRM policy settings are needed too depending on the size and complexity of your business. If some temporary employees were required to look at sensitive information on the server to do their jobs, it is advised that the policy settings that are given to full-time employees aren’t given to contracted employees. Why? What if the DRM policy allowed copying or printing? Companies and their administrators need to be prepared in the event an employee has malicious intent and leaks sensitive data. Of course, administrators could just change the policy to deny printing and copying, but this could cause an interruption to the workflow for the other full-time employees.

Related: The Need of Digital Rights Management for File Servers

The ability to view file activity and user activity for auditing purposes are highly beneficial for the administrators and the company. With a detailed event log, administrators may be able to stop a data leakage at its source, contain compromised data, or prevent it from happening. Real-time updates, actions that were taken, files affected, registered user name and date are all relevant information that administrators can use to see if there are any suspicious activity. If the event log can record denied actions, such as a copy attempt, it would be best.

Related: The Need of Audit File Server Event Logs

Blog File Server Security

Information Security in Law Firms

Paralegals work in a wide variety of working environments that are determined by the size and structure of the firm. Also dependent on the law firm’s size is the number of people that paralegals work with, internally and externally. Working and sharing information with a large number of people, including business partners and clients as part of your job, leave open chances of confidential data being compromised.

As firms move more towards a paperless office (although we probably won’t see a paper-FREE office being adopted any time soon due to the nature of our legal system where hard copies of documents are necessary for certain procedures), paralegals must be more conscious about how their digital information is stored. Many offices have adopted a file server for a more convenient way to organize, file, and share work information because let’s face it, legal departments and firms generate tons of documents and finding a document stored digitally is exponentially easier than finding a hard copy document in a file room. Based on the size of the firm, most computers on a site are usually networked to the server, allowing convenient access to information when needed.

Lawyers and their partners indeed generate a lot of paperwork-paperwork that comes with every step of a legal proceeding and correspondence. These need to be stored in a cloud computing server or a file server with access control so that only you and your partners can view or take out the files with written authorization, while allowing limited server rights to your staff and support personnel. A lot of solo practitioners nowadays seem to already have a file server networked to most of the computers in their office and worry about remote access for their new setup. I mean, it’s understandable because nowadays, everyone’s on the move and working while on the road. So, easily accessible documents whether on a mobile phone or laptop works best for a lot of smaller law firms. For larger firms, VPN is usually applied to allow secure remote access for offices around the world while keeping the convenience. However, what many of the practitioners don’t realize is that although the convenience is great, the bare minimum security to meet legal requirements is not enough to protect your firm from disaster.

But you’re a small firm and you don’t think you’ll be directly targeted? All the more reasons to be worried. According to the American Bar Association, “on November 1st, 2009, the FBI issued an advisory warning to law firms that they were specifically being targeted by hackers.” While smaller firms may think that this does not apply to them, according to Matt Kesner, CIO of Fenwick and West LLP, “China is often responsible for state sponsored hacking —and that the country doesn’t waste its “A” squads on law firms because their security is so dreadful. The rookies on the “C” squads are good enough to penetrate most law firms.” This is exactly what the situation still is today- law firms (large and small) in its current state are easily breached and many may not even know that they have been.

As many law firms make the transition to digital, the need to upgrade and apply stronger yet practical and efficient information security solutions are absolutely necessary. Aside from securing the physical location of the file server, the data stored inside must be protected as well. Password protection, access management, and a monitoring system can make the difference in keeping confidential files safe from accidental or malicious leaks.

Related: Is Your File Server Is Secure Enough?