• No results found

ShareFile Security Overview

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "ShareFile Security Overview"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

ShareFile Security Overview

ShareFile Company Policy

All ShareFile employees undergo full background checks and sign our information security policy prior to beginning employment with the company. The handbook includes an

agreement to maintain the privacy and security of account information.

Account information and support functions are accessible only from the IP address of ShareFile’s physical office locations. Company policy prohibits employees from accessing accounts or client data except where they have been expressly granted permission by an account administrator for the purpose of support. Any logins or activity by ShareFile Support will be logged in the account activity reports and available for review by account administrators.

Servers and Storage Security

Files are stored on servers maintained by Amazon Web Services in multiple locations in the United States, Europe, Asia, and South America. A customer’s files are generally stored at the server location that is geographically nearest to the administrator and backed up in North Carolina. Contact your ShareFile representative if you require custom geographical storage requirements.

All data centers containing ShareFile servers are SSAE-16 (Formerly SAS 70 Type II) compliant, proving that they meet high standards for security. Statements of Compliance (SOC-1) reports are available for your review provided you sign the requisite

Non-Disclosure Agreements (NDAs). Physical access is tightly controlled, and double verification is required to proceed to any areas housing data. Our servers are firewall protected and regularly updated to ensure that all of the latest security patches and updates are in place. On Professional and Enterprise plans, files are stored with 128-bit RC4 encryption, and this can also be enabled for Basic plans for an additional monthly fee.

(2)

Encryption

Encryption is a method for transforming data during either in transit or storage so that it requires permission to access. The data is transformed (encrypted) using an algorithm that generates a decryption key which must be used in order to decrypt the data. When

transferring sensitive files, it is important to use encryption to ensure that any outside sources cannot read the data contained within the files.

Encryption of Data in Transit

All file transfers through the ShareFile service are encrypted using 256 bit SSL (Secure Sockets Layer). This is the same security used by banks and many e-commerce sites such as Amazon.com. SSL works by establishing a private connection and each end of the

connection is authenticated before transfer begins. Data traveling between these endpoints can only be decrypted by the intended recipient by using unique decryption keys.

Encryption of Data at Rest

Files uploaded to ShareFile servers are saved with 128-bit RC4 encryption. Each file saved in our system has a unique encryption key. When a file is uploaded, it is encrypted before being copied to its permanent storage location. Downloaded files are decrypted before their contents are sent to your browser. The file encryption keys are not stored on the same server with the files themselves, ensuring that someone with physical access to our storage servers has no access to the files contained on their hard drives.

Note: Stored File Encryption is included on Professional, Enterprise, Enterprise Gold, and VDR plans and can be added to a Basic account for an additional monthly fee.

Secure User Access

Each user on an account is given a unique username and password to login. Passwords are hashed using 128-bit MD5 so that not even ShareFile employees can access this

information. If a user enters an incorrect password five times in a row, the system will lock that user account for five minutes before they can login again.

ShareFile account users will only see folders where they have been granted permissions and are listed in the Folder Access list. Folders where they have not been granted

permissions will be invisible to them in the folder view and on any reports that they can access. By default, client users do not have access to information about other users on the account.

All activity in an account is logged and available to employee users who have access to the

(3)

storage contents, and user access audits. Professional and Enterprise accounts also allow users to run recurring reports at certain intervals and to request email notifications

whenever a new report is created automatically. On the Basic and Professional plans, usage reports can include data for the last 90 days. Enterprise and Enterprise Gold accounts can retrieve data for the life of the account.

Note: The policy to save data older than 90 days for Enterprise and Enterprise Gold accounts was put in place fall, 2009. Activity before this time may not be available.

Safe Harbor Policy

ShareFile is certified under the U.S. Department of Commerce's Safe Harbor program: http://export.gov/safeharbor

See the excerpt below:

"The European Commission's Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection. While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union.

In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework and this website to provide the information an organization should need to evaluate - and then join - the Safe Harbor"

Secure and Standard File Transfer Protocol (FTPS/FTP)

You can connect to your account using an FTP client such as WS-FTP or FileZilla. FTP Access allows you to connect to your ShareFile account and upload and download using a typical FTP client, useful if you have clients already familiar with FTP, or business

processes scheduled to run over FTP. Your ShareFile administrators can enable or disable FTP as required by your policy. FTPS Access allows you to use FTP with SSL/TLS

(4)
(5)

Account Wide Password Policy

Configurable settings include:

• Password expiration • Password history • Minimum length • Password complexity

Password complexity requirements force users to use personal passwords that match a certain set of rules allowing the administrator to force users to use passwords that conform to the entity’s security requirements. (See figure 2).

(6)

File Retention Policy

Administrators have the ability to retain files indefinitely or delete after 1, 7, 14, 30, 60, 90 days, 6 months, 1 year, or after 2 years.

Internet Protocol (IP) Address Restrictions

IP restrictions can be put in place to restrict use of an account to users logging in from certain IP addresses. These restrictions can be set to allow or deny certain IP ranges for employee logins, client logins, and/or recipient of send/request operations. By default, IP restrictions are not enabled. To implement IP restrictions contact a ShareFile

representative

Distribution Groups

ShareFile provides the administrator with the capability to create, manage, and delete distribution groups. To delete distribution groups, place check marks next to the groups that you would like to delete and click the 'Delete Selected Groups' button. To add or remove members from a group, click the group name.

Single sign-on / SAML 2.0 Configuration

ShareFile supports single sign-on via Security Assertion Markup Language (SAML) 2.0 assertions. SAML is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML 2.0 introduced a number of features not available in previous versions of the specification ShareFile requires SAML assertions to include a NameID in the format emailAddress.

Assertion Consumer Service (ACS) URL: https:// .sharefile.com/saml/acs SP-Initiated Login URL: https:// .sharefile.com/saml/login

References

Download now ( PDF - 6 Page - 309.32 KB )

Related documents

Three Months Ended Nine Months Ended September 30 September 30

For the three and nine month periods ended September 30, 2011, the consolidated financial statements include a charge to earnings in the amount of $7.1 million (2010 - $5.8

North Atlantic and Rio Tinto Joint Venture Potash Project in Saskatchewan, Canada. Resource Summary

The summary resource report prepared by North Atlantic is based on a 43-101 Compliant Resource Report prepared by M. Holter, Consulting Professional Engineer,

Medicine Shelf Stuff

○ If BP elevated, think primary aldosteronism, Cushing’s, renal artery stenosis, ○ If BP normal, think hypomagnesemia, severe hypoK, Bartter’s, NaHCO3,

Pricing Strategy and Innovation Incentives for Security Software: Theory and Evidence

Finally, we also compare the demand for the bundle relative to the demand for the components for security products (that is products with a higher variable cost) with

Additional information >>> HERE

Orchestra hip hop samples, free clipart images for business cards, music making apps iphone free, free clipart school bag, royalty free acapella packs, free clip art money

Construction-Ready Digital Terrain Models

This research discusses methods for ensuring electronic engineering data (EED) — and specifically the proposed digital terrain model (DTM) — support modern construction

Coeur d'alene Police Department Daily Activity Log

[r]

Performance Appraisal Systems in Private Banks of Bangladesh: A Study on the Mercantile Bank Limited

The bank authority should develop a uniform performance appraisal policy and should form a performance evaluation committee by the Head of the branch and Head of