Categories
Blog File Server Security

SECUDRIVE File Server: A simple and effective Windows file server data protection security solution with Digital Rights Management

SECUDRIVE File Server is a file server data protection developed by Brainzsquare that is efficient to use and simple to install.

SECUDRIVE File server is file server security solution that protects your confidential and personal information for your Windows file server. This solution acts like an add-on for existing file servers that enhances current file server security while providing user-based DRM features. SECUDRIVE File Server offers features such as copy protection, user-based individual DRM policies, and detailed event logs.

Installation to file servers is easy. Administrators, if you currently have a file server set up with shared folders, groups, and settings, SECUDRIVE File Server will not be a problem! By installing SECUDRIVE File Server onto your existing file server, it will ask for you to fill out the file server information. By doing so, it automatically detects your current file server settings such as users and shared folders.

Digital rights management for your file server. SECUDRIVE File Server allows administrators to assign DRM policies to individual users, preventing certain users from copying, printing, or screen capturing the files in the specified folder. The list of various application programs that this solution is compatible with can be seen from the administrator’s user interface. For example, by registering an application program such as Microsoft Word onto the access allowed list, registered users will only be able to open the files using Microsoft Word-however, while they have access to the data, they will not be able to copy, “save as” another file, screen capture, or print the file unless the administrator has allowed the function. A secure backup file will be created for auditing purposes when an authorized user copies a file from the server.

Adjusts to existing file server security settings. After installing the file server user clients on your employee PCs, the solution will adjust itself to existing file server settings. This means all the groups, users, and file server security settings that were applied before installing SECUDRIVE File Server w Administrators will be able to apply individual user-based DRM policies to registered users. This allows/denies specified users from actions such as copy, print, or screen capture of files, creating different levels of DRM policies within the file server.

Detailed event logs allow you to audit activity. Detailed event logs are recorded in real time and can be viewed on the administrator’s file server client for auditing purposes. The log records information such as registered user, date, time, PC, file accessed, and action taken, so administrators can trace data leaks when it occurs.

SECUDRIVE File Server Introduction Video

SECUDRIVE File Server can be your comprehensive data protection and security solution for your file server. With all the features that were covered in this blog, you can try a free 30-day trial of SECUDRIVE File Server. Click the link below and head over to our product and trial request page.

SECUDRIVE File Server product and trial version request page>>

Categories
Blog File Server Security

File Server Data Protection Using Digital Right Management

Let’s say you have a file server set up for your office, business, or company.

All of your employees use this file server to share and collaborate on company work files as efficiently as possible. Administrators of this file server can restrict specific users from accessing a folder on the file server. However, what if an employee that does not regularly have access to the folder needs access rights for a work situation? This poses a huge security hole that just screams internal data leakage to us techies. File activity record logs could help for later auditing purposes but if digital rights aren’t managed for employees across the board, then it can be difficult to track the leak and contain it.

The files stored on file servers may be company confidential and if leaked, could ruin the reputation and business of a company. But the convenience of file servers is almost unbeatable within a company. So why is it that there are no industry standard data protection solutions for file servers to prevent these huge risks that they pose?

To stop internal data leakage at its source, a file server data protection solution is absolutely needed to prevent just anyone from accessing and printing/copying a file to a location of their choosing. You can’t be too safe when it comes to your employees due to the steady rise in internal breaches. Part of the problem with applying data protection solutions to a file server has been the compatibility of various file formats and apps. Work efficiency can go down, causing some businesses to be apprehensive towards applying and using data protection solutions.

But you can’t be too safe with company information right? Think of what happened with NSA and Edward Snowden. This is one of the best case examples of ongoing internal data leakage. Edward Snowden was a temporary employee who worked for the NSA until he got his hands on some confidential information, was able to copy it easily off of the NSA servers (whether or not he had access or someone else gave him access to the data is unknown) onto a simple USB drive, and was able to walk out the door. Your company’s reputation can be sabotaged in the same way.

Related: SECUDRIVE File Server: A simple and effective Windows file server data protection security solution with Digital Rights Management

Categories
Blog File Server Security

The need of Audit File Server Event Logs

File servers are convenient because company administrators can assign and register employees to have access to files stored on the server. If your company has reasonable security for the file server (i.e. secure physical location, antivirus and malware protection, access control), then it’s safe to assume that your files are secure, right?

This is a common misconception and surprisingly, even with the growth of data breaches and compromises, many companies do not realize that the risks run much deeper. At this point, digital rights management should already be considered for the company file server to prevent data from leaving the server without authorization.

Related: File Server Data Protection Using Digital Rights Management

For instance, what stops an employee from copying a file off of the file server and accidentally (or maliciously) leaking the data outside of the company? According to a study done by Ponemon and Symantec Corp., 64% of data breaches and compromises are caused by human and system errors combined while only 37% are caused by malicious attacks. So what can companies do to prevent these risks and stop it at the source?

Aside from digital rights management to prevent files from leaving the server unless the employee is authorized, administrators also need file activity event logs. Event logs with recorded details such as affected files, action taken, user, time, date, and file location are crucial for auditing purposes and stopping a leak at its source. Event logs that update in real-time allow administrators to accurately audit file activity and see if any suspicious activity is occurring. Administrators can also audit files that have been taken out by an employee with permission from the FTO, and the original file is backed up on the server. This way, administrators will always know which files were taken out. On December 14, 2013, an article from the New York Times states, “American intelligence and law enforcement investigators have concluded that they may never know the entirety of what the former National Security Agency contractor Edward J. Snowden extracted from classified government computers before leaving the United States, according to senior government officials.” Think of how useful event logs could have been in the Edward Snowden Case.

Related: SECUDRIVE File Server: A simple and effective Windows file server data protection security solution with Digital Rights Management

Categories
Blog File Server Security

The Need of Digital Rights Management for File Servers

File Servers can be a conundrum to maintain security for depending on the size of your business and the number of employees you have. One of the main reasons businesses should consider a solution for their file server is due to the risks that it carries such as internal data leakage and overall data breaches. With the level of awareness for one’s privacy and protection of information (we can all thank Edward Snowden for that), it’s safe to say that current file server security lacks several features that prevent compromised data. Here are some things to consider when choosing a file server security solution.

Windows file servers, for example, provide a security feature which allows administrators to register users to specific groups and folders in “Read-only” or “Read and Write” mode. But what stops registered users from copying a file out of the server? There are some security limitations to Windows file servers and this leaves your business with a big security risk. If an administrator has a temporary employee that needs access to some documents stored in “Folder A,” that employee would have access to the data like the full-time employees. However, there is no digital rights management for the data stored in the file server, enabling the temporary employee to copy, print, or screen capture a file from the server. This is a huge security risk that many companies face today where DRM policies are absolutely needed but rarely supplied for file servers. If that temporary worker made off with important documents that could compromise the reputation of the company and its customers, it can cause irreparable damage to a company’s image. I mean, think about what happened with the NSA and how our views on the government since have not been the same.

The best way to combat this risk is to find a solution that alleviates the security limitations of the windows file server. By being able to apply user-based DRM policy settings for just the temporary employee (which denies copy or printing rights), administrators can rest easy knowing that the temporary employee can access and edit the files but cannot copy the files out of the server, which is all that is necessary to do their jobs. Meanwhile, the other employees can continue working as they normally do.

Related: SECUDRIVE File Server: A simple and effective Windows file server data protection security solution with Digital Rights Management

Categories
Blog File Server Security

Is Your File Server Secure Enough?

Increasing risks and data compromises have called for a security reformation in law firms over the last decade (Related: information security in law firms). Using file servers have been a concern for law firms as they transition into a paperless office. There are file server security solutions out there that classify existing data stored on the file server. However, this type of solution only provides passive security where the solution automatically applies some minimal defensive features like file documentation and organization. Most lack active security features such as access control and rights management for copy, print, and screen capture that can be set by administrators which can prevent intentional data leaks.

Data protection of files will always remain the primary concern when looking into file server security solutions. Preventing data leakage by external sources but internal as well will ensure that a company’s confidential information is fully protected. When it comes to sensitive information, businesses need to prepare for accidental and malicious insider data leakage, as it can cost a business hundreds of thousands of dollars in damage control. In July 2013, California Attorney General Kamala Harris released a data breach report, which contained collective information of data breaches in California and recommendations to companies in improving their data security. The amount of compromised data is staggering, as the report states that the personal information of 2.5 million Californians was compromised. Also in this report, it states that computer intrusions, by outsiders and malicious insiders, accounted for over half the reported breaches in 2012. “Tightening security controls” and extending it to training employees and contractors are advised to protect personal information. This goes for file servers too because access control is so minimally maintained in most file server security solutions.

Related: File Server Data Protection Using Digital Right Management

Individualized DRM policy settings are needed too depending on the size and complexity of your business. If some temporary employees were required to look at sensitive information on the server to do their jobs, it is advised that the policy settings that are given to full-time employees aren’t given to contracted employees. Why? What if the DRM policy allowed copying or printing? Companies and their administrators need to be prepared in the event an employee has malicious intent and leaks sensitive data. Of course, administrators could just change the policy to deny printing and copying, but this could cause an interruption to the workflow for the other full-time employees.

Related: The Need of Digital Rights Management for File Servers

The ability to view file activity and user activity for auditing purposes are highly beneficial for the administrators and the company. With a detailed event log, administrators may be able to stop a data leakage at its source, contain compromised data, or prevent it from happening. Real-time updates, actions that were taken, files affected, registered user name and date are all relevant information that administrators can use to see if there are any suspicious activity. If the event log can record denied actions, such as a copy attempt, it would be best.

Related: The Need of Audit File Server Event Logs

Categories
Blog File Server Security

Information Security in Law Firms

Paralegals work in a wide variety of working environments that are determined by the size and structure of the firm. Also dependent on the law firm’s size is the number of people that paralegals work with, internally and externally. Working and sharing information with a large number of people, including business partners and clients as part of your job, leave open chances of confidential data being compromised.

As firms move more towards a paperless office (although we probably won’t see a paper-FREE office being adopted any time soon due to the nature of our legal system where hard copies of documents are necessary for certain procedures), paralegals must be more conscious about how their digital information is stored. Many offices have adopted a file server for a more convenient way to organize, file, and share work information because let’s face it, legal departments and firms generate tons of documents and finding a document stored digitally is exponentially easier than finding a hard copy document in a file room. Based on the size of the firm, most computers on a site are usually networked to the server, allowing convenient access to information when needed.

Lawyers and their partners indeed generate a lot of paperwork-paperwork that comes with every step of a legal proceeding and correspondence. These need to be stored in a cloud computing server or a file server with access control so that only you and your partners can view or take out the files with written authorization, while allowing limited server rights to your staff and support personnel. A lot of solo practitioners nowadays seem to already have a file server networked to most of the computers in their office and worry about remote access for their new setup. I mean, it’s understandable because nowadays, everyone’s on the move and working while on the road. So, easily accessible documents whether on a mobile phone or laptop works best for a lot of smaller law firms. For larger firms, VPN is usually applied to allow secure remote access for offices around the world while keeping the convenience. However, what many of the practitioners don’t realize is that although the convenience is great, the bare minimum security to meet legal requirements is not enough to protect your firm from disaster.

But you’re a small firm and you don’t think you’ll be directly targeted? All the more reasons to be worried. According to the American Bar Association, “on November 1st, 2009, the FBI issued an advisory warning to law firms that they were specifically being targeted by hackers.” While smaller firms may think that this does not apply to them, according to Matt Kesner, CIO of Fenwick and West LLP, “China is often responsible for state sponsored hacking —and that the country doesn’t waste its “A” squads on law firms because their security is so dreadful. The rookies on the “C” squads are good enough to penetrate most law firms.” This is exactly what the situation still is today- law firms (large and small) in its current state are easily breached and many may not even know that they have been.

As many law firms make the transition to digital, the need to upgrade and apply stronger yet practical and efficient information security solutions are absolutely necessary. Aside from securing the physical location of the file server, the data stored inside must be protected as well. Password protection, access management, and a monitoring system can make the difference in keeping confidential files safe from accidental or malicious leaks.

Related: Is Your File Server Is Secure Enough?

Categories
Blog File Server Security NEWS News Letter Press Release

SECUDRIVE File Server CAD Released

Brainzsquare announces the release of SECUDRIVE File Server CAD, a copy protection solution for design file storage servers into the market. This solution is specifically designed to bring the strongest copy protection for CAD files and is compatible with various CAD applications such as AutoCAD, Adobe Suite, and more. Designers can now securely store their important designs on file servers SECUDRIVE File Server CAD.

Sunnyvale, CA-October 14, 2013- Brainzsquare announces the release of SECUDRIVE File Server CAD, a copy protection solution for design file storage servers into the market. This solution is specifically designed to bring the strongest copy protection for CAD files and is compatible with various CAD applications such as AutoCAD, Adobe Suite, and more.

Design is an immense part of our growing society, and new innovations are what push us forward. Such designs are kept highly confidential within the company and designers are kept under a strict non-disclosure agreement until the release date. But what if the design files are leaked by an employee? Internal data leakage can severely damage a company’s business and reputation and companies need to be warier of how their design files are used and by whom.

SECUDRIVE File Server CAD is designed to prevent internal data leakage with a strong copy protection system for file servers. By applying this solution to the file server, data stored in the shared folder of the file server cannot be copied to the local disk or removable disk unless allowed by the administrator, preventing unauthorized copy. Other copy and paste functions such as Clipboard copy and paste, Save As function, and screen capture tools are disabled when the file is accessed. Administrators can also disable printing or customize printing with watermarks.

This solution also provides user identification and authentication feature. Only the users who have the client program installed on the PC are able to access the file server. With a detailed event log recording the time, date, user, file accessed, and action taken, administrators can monitor the status of their design files in real time. Files that are copied out with permission from the administrator are automatically backed up for security auditing purposes.

“SECUDRIVE File Server CAD is specifically designed to securely store design files and prevent unauthorized copying and leakage within a company. With copy protection, access authentication, detailed logs, and a manager program, company administrators can easily protect their important design files from internal leakage,” said Simon Kang, CEO of Brainzsquare.

If you have any questions or inquiries about this article or its contents, please contact us.

Categories
Blog Device Control File Server Security

How to Prevent an Edward Snowden in Your Organization

By now, Edward Snowden is a name that has been heard all around the world. The confidential government documents that Snowden leaked have had a devastating effect on the government and the Obama administration. How Snowden had access to government documents is very blurred in the media, however, one thing is certain; once Snowden did get to the documents he stored them on a normal thumb drive and carried it out of the building.

What if Snowden was an employee at your company? If you handle confidential data that, if leaked could damage the company’s reputation of trust and security, it’s important to apply security to confidential documents on the client’s side before storing them on the server. Hypothetically, if the government or any other companies that fear internal data leakage had SECUDRIVE File Server and SECUDRIVE Device control installed, the incident could have been prevented.

SECUDRIVE provides simple, easy to use data security software that could help businesses protect themselves and their reputation. SECUDRIVE File Server provides copy protection with user authentication, which would only allow authorized and registered users to have access to the server and prevent users from copying or sending documents via email. Administrators would also be able to control which applications are authorized to open documents on the shared folder. Detailed event logs are also provided, which record details such as file activity (read, write, rename, change, create, delete, copy, paste), time, date, and user name in real-time. So if Snowden had tried to take the documents out of the server, he wouldn’t be able to because of the administrator’s security settings. With real-time event logs recorded, administrators would have been able to see when and what Snowden was trying to do with the documents on the server.

With SECUDRIVE Device Control, Snowden would not have been able to connect his thumb drive onto the server in the first place. In a government building, thumb drives are not allowed but in an office, it’s an everyday utility. SECUDRIVE Device Control provides controls of various ports and devices, which can prevent devices from connecting without authorization via USB port, Wireless LAN, CD-RW, DVD-RW, IEEE1394, Bluetooth, Parallel port, Serial port, and IrDA port. The smartphone too can be restricted to the only function as a removable storage device, or only allow it to use MTP, PTP, or tethering connections instead. It also records a detailed event log of when and which devices were connected and used and file activity. Companies can prevent the use of unauthorized devices within and outside of company grounds on employee computers.

Using SECUDRIVE File Server and SECUDRIVE Device Control together can prevent internal data leakages and possibly could have prevented the government’s documents from being leaked. Protect your company today.

Categories
Blog Data Erasure Device Control File Server Security Insider threats USB Copy Protection USB Sescurity

The Other Side of Edward Snowden Case

Thanks to the whistleblower case of Edward Snowden, the public is now aware of the level of private information gathering that has been performed by the U.S. government through agencies such as the NSA. Snowden release of top-secret NSA materials was referred to as “the most significant leak in US history according to the Daniel Ellsberg a former U.S. military analyst who is most famous for leaking the Pentagon Papers in 1971. What was most shocking was the degree of how much private information had been gathered in which case had brought back the fears and insecurities of when the Patriot Act was legislated in order to indiscriminately collect information under the banner of anti-terrorism.

Many journalists and information security specialists who have criticized the indiscriminate collection of private information have suggested that individuals should use client-side encryption solutions for private information, especially since storage solutions such as the cloud were becoming ever more popular. Since the Snowden case, however, public cloud services have been negatively impacted due to the heightened awareness of the lack of privacy of personal information.

In regards to information security, the Snowden case provides us, the public, with another large implication. Snowden worked for the NSA and its affiliated organization which has arguably one of the strongest internal information control systems in the world. Yet, he was able to gain access to highly confidential information that had the potential to impede national interests as well as the organization’s interests. Snowden was then able to copy the confidential information onto a USB flash drive and take it out of the office. For an organization such as the NSA and the affiliated organizations who are supposed to have a sound security infrastructure, this was a huge breach of their internal information security system, thus, making it clear that they had failed in managing internal information access and assessing the user’s ability to handle such information.

This case brings us to think more about the current situation of internal information security management systems of many U.S. organizations. A study conducted by Forrester stated that only 25 percent of data breach cases are from external attackers, meaning 75 percent of attacks are from within an organization. Even so, many organizations cannot easily integrate an internal information leakage prevention system because it often puts a damper on work efficiency. In some organizations, the management argues that it is almost impossible to prevent internal information leakage by utilizing a technological security solution and instead, they relieve themselves by getting employees’ to agree to a non-disclosure agreement and take some rudimentary education on information security. Though this is still needed, it is a much too passive solution.

It has become acceptable for workers to bring their own private devices such as laptops, tablets, and smartphones to their office to work. They store a lot of the organization’s confidential information onto the devices and are now taking the private information with them when they bring their laptop or tablet to a Starbucks, or pretty much everywhere when they bring around their smartphone. This is a huge security risk and it is important to be responsible for the security of the device as well as the information itself.

Now with cloud storage systems becoming more widely used, when companies decide to send designs for a new product, that their company spent a lot of time and money developing, through the cloud to an employee that is offsite, the company no longer has any ability to control the usage of the design. In this situation, all the organization can do is hope that nothing happens by fully trusting the non-disclosure agreement, information security education program, and their employees. Though it is good to have trust in your employees, blindly trusting them is plain idiocy. Without some sort of security system set in place, if a top-secret document is lost by employee carelessness, robbery, or even leaked by an employee with malicious intent, the organization may never find out who did it, where it happened, or even how it happened. Even if they do know the “who”, “what”, and “how”, the damage that follows often cannot simply be compensated by the dismissal of an employee or civil and criminal actions.

Ultimately, it comes down to the need for change: A need to restructure the way internal information leakage prevention systems are viewed and utilize preemptive security solutions. In order for organizations to prevent cases such as Snowden, there needs to be a push towards preemptive security solutions that can be used with existing technologies such as encryption, which only focuses on preventing leakage when the device is lost or stolen. It’s because many chose to be oblivious the fact that those that are authorized to use the data are possibly the biggest threat in terms of information leakage.

A possible solution to the prevention of internal information leakage, are storage devices that utilize features such as copy protection. Secudrive (www.secudrives.com) provides solutions that even small and medium companies can easily integrate into their security policy. They provide products that can prevent unauthorized copy of A/V files, office files and even CAD files, supporting various storage devices such as USB flash drives, file servers, and public cloud storage systems. Alongside their copy protection products, Secudrive also provides device control products that allow only registered devices, such as USB flash drives, tablets, and smartphones, to be able to access a port of a registered PC.

Categories
Blog File Server Security

A Way to Prevent Insider Threats

With the growing number of BYOD (Bring Your Own Device) policies being implemented at work, companies are now more concerned about their data security than ever before. As much as a company can trust their employees and coworkers (and we realize that Non-Disclosure Agreements exist for a reason), no company should ever go without data leakage prevention measures. Have you ever worried about accidental or worse, malicious internal data leakages? Once it spreads, it is an arduous task to find the source of the leakage and can lead to inefficiently containing it. This can ruin a company’s reputation for a long time.

Especially those companies that share their important confidential data via file servers throughout the company. Yes, there are benefits to using file servers such as efficient data sharing, collaboration, and the works. However, file servers today come with little too inefficient monitoring capabilities, security, and protection. There are solutions to these current issues that have been brought up in multiple IT discussions such as file encryption, physical isolation of the file server, and antivirus vaccination software.

But these solutions can only curb the dangers from accidental data leakage. How can a company know when a malicious data threat is on the way before it happens? The key is to be prepared and prevent potential data threats. A new copy protection software for file server has been released into the market by Brainzsquare called SECUDRIVE File Server.

Copy Protection to prevent files from being copied and leaked
By applying copy protection to the file server connected to the network drive, administrators can prevent registered users from copying the file to the local disk drive, or other outside sources. Prevention of screen capturing and printing is also included. So even if there was a malicious attempt or accidental cause to copy the data out of the file server and distribute it without authorization, you’d be covered.

A simple User Interface that detects and keeps current file server settings
Don’t fear, file server administrators! By installing SECUDRIVE File Server onto the file server, fill out the file server information and it will automatically detect your current file server settings (users, shared folders, etc.) and keep them when setting up. Registering new users, or new shared folders and setting sharing policies and copy protection policies for each user is simple with SECUDRIVE File Server.

Brainzsquare offers 30-day trial versions of SECUDRIVE File Server on their website.