Open Stack Secure Enterprise File Sync and Share Turnkey Solution

Abstract

The Enterprise File Sync and Share (EFSS) is one of the most important services to provide enterprises' employees with cloud file sync, share, and collaboration services. To take enterprises' concerns into account, such as security, privacy, compliance, and regulation, the existing EFSS solutions are either using private (on-premise) or hybrid cloud service model to provide their services. They usually emphasize that files stored in the solutions are encrypted on transfer and at rest and events occurred in the service are logged as the audit trail. However, support of data encryption and audit trail are not capable of protecting enterprise sensitive data from not well addressed security issues of the EFSS service. The security issues, including employee privacy protection, management of share links and synchronized cloud files, and the secure enterprise directory integration, are pointed out in this article. To address these issues, this work proposes and develops a scalable Secure EFSS service which can be deployed on the on-premise Open Stack cloud infrastructure to securely provide employees with EFSS service. Designs of an integrated security approach are introduced in this article, including data and metadata isolations, Distinct Share Link utility, encryption key management for personal and shared files, sandbox-based cloud file synchronization, and out-of-band authentication method.