Blog | News | security

13 Data Security Measures by ownCloud for Ultimate Protection of Your Files

Data security is our top priority at ownCloud. We have 13 measures in place to ensure the ultimate protection for your sensitive data, files and emails.

By Anwesha Ray

Data security

The importance of data security in today’s digital world cannot be undermined. All over the globe, enterprises are investing time, effort and finances to step up their cybersecurity capabilities to protect their intellectual property, critical assets and customer information, and ensure compliance.

Our users entrust their most sensitive and valuable data to us, and it is our top priority to ensure that their data remains as secure as possible from hackers, data breach attempts and unauthorized access. To that effect, as a user of ownCloud, you have access to as many as 13 data security measures to bomb-proof your data protection solutions.

Auditing: Enjoy full user control over sensitive data

The ownCloud Audit app delivers a solid data security and compliance system by enabling organizations to enjoy full control and access to actions performed on its platform.

The ownCloud Audit App records, logs and traces any actions that users and administrators of an enterprise conduct on a platform. The ways in which the users handle sensitive data can be accessed and proven by the enterprise if and when needed, for example, in an instance of data breach.

The Audit app ensures data security by enabling enterprises to:

  • Maintain full control over actions performed by users and administrators on the platform
  • Prevent data abuse, data breach and cybercrimes
  • Enable flagging and monitoring of suspicious digital activities
  • Safeguard highly-sensitive and strictly-regulated data, for example, in the healthcare or financial sector
  • Report and audit operations
  • Prove compliance with corporate guidelines
Data security with ownCloud Audit app

Protect, track and report your data with the ownCloud Audit App.

Splunk Integration: Get detailed audit reports at your fingertips

The ownCloud integration for Splunk, consisting of an app and an add-on, further enhances enterprise observability. With the Splunk integration, it is easy to retrieve log, audit and metrics data from the ownCloud Metrics API and the ownCloud Enterprise Audit App.

Splunk analyzes this data to create reports, visualizations, filterable views and alerts for specific incidents at high speed, making it easy for organizations to immediately flag potential data breach or compliance issues and take necessary action, adding a strong armour of data security.

Multi-factor authentication: Are they who they say they are?

Multi-factor authentication by own Cloud offers a highly-efficient data protection solution with the help of time-bound one-time passwords (TOTP) as well as biometric locks, instead of just a username and a password. This makes sure that even if a user’s credentials are leaked or otherwise compromised, the data still remains safeguarded.

A multi-factor authentication setup ensures that users accessing a digital resource are actually who they claim to be, making it next to impossible for hackers and unauthorized third parties to get access to your sensitive data.

The ownCloud Enterprise Edition also integrates with SAML2-compatible identity providers like Shibboleth, Microsoft ADFS and privacyIDEA.

Comprehensive encryption: Keep data safe from prying eyes

ownCloud’s state-of-the-art comprehensive file encryption architecture empowers your organization to combat the rising wave of cyber attacks by allowing you to encrypt your files and comply with regulations.

This simple and user-friendly data encryption system offers up to three levels of file encryption for sensitive and valuable data: data encryption in transit, data encryption at rest and end-to-end encryption.

Data Security with Comprehensive Encryption

Comprehensive Encryption provides three levels of security for sensitive data

End-to-end encryption: Bomb-proof your data security solution

When working with highly-sensitive data (for example, healthcare records, personal data, financial data etc.), end-to-end encryption is your best bet in bomb-proofing your data security. It sets the groundwork for a zero-trust environment in your organization and ensures that only the sender and the intended recipient(s) are able to access the data – no one else, not hackers and not even the system administrators.

To add an extra layer of data security, the ownCloud end-to-end encryption system provides the option of maintaining a hardware key that can be stored outside of the browser and would work only in combination with the device on which the key service is installed.

Outlook Plugin: Send fully-encrypted emails of any size

The Outlook Plugin keeps your emails safe from data breach attempts by allowing you to share fully-encrypted files.

The advantages of the Outlook plugin are manifold. To begin with, it completely eliminates the hassle of additional encryption and decryption of emails. You can continue to send and receive emails in a familiar environment just in a way they are used to.

With the Outlook plugin, files are not actually sent as attachments, but only a link to its safe storage location in ownCloud is transmitted. This system ensures compliance to stringent security protocols that discourage or ban sharing attachments. This also helps to keep the organization’s server growth in check and does away with file size limitations.

Users can also password-protect their files and add an expiry date for an added layer of security.

Outlook Plugin interface

Send fully-encrypted emails with Outlook plugin

File Lifecycle Management: Secure your data from creation to destruction

Policy-based file lifecycle management is crucial for storage utilization and conformation with regulations, and considerably simplifies administration and control. The ownCloud File Lifecycle Management app enables users to manage and control files in the course of their entire lifecycle: creation, storage, categorizing, delivery, review, archival and finally, destruction.

The ownCloud File Lifecycle Management function allows you to set archiving and deletion rules for each file to be fully aligned with internal policy requirements and regulatory needs. For example, files older than a certain period can be stored in a specific location by default.

The deletion of certain files can also be automatically controlled through a “file retention” policy. This feature is particularly useful in ensuring conformation to GDPR regulations that require personal data to be stored in the company database only for a specific period of time.

The ownCloud File Lifecycle Managament setup thus not only ensures compliance with data protection policies, but also protects against severe penalties for GDPR non-conformations.

File Firewall: Block threats and protect data with confidence

ownCloud File Firewall closely monitors incoming and outgoing traffic to and from a network, based on a set of preset rules, to block unauthorized and suspicious access.

The ownCloud File Firewall allows you to control access and sharing in by creating rules for allowing or denying access restrictions based on criteria like group, upload size, client devices, IP address, time of day etc.

Each firewall rule set consists of one or more conditions. If a request matches all of the preset conditions, in at least one rule set, then the request is blocked by the firewall. Otherwise, the request is allowed by the firewall.

File Firewall delivers an efficient data security solution by blocking external threats as well as insider threats within the network.

Data Security with File Firewall

File Firewall Interface

Open ID Connect: Manage digital identity with ease

The importance of digital identity and access management in data security cannot be undermined for any organization. Monitoring and restricting who can access which data forms the very backbone of organizational roles.

Organizations using ownCloud as their cloud storage partner are free to choose from among the available range of Identity Providers that support the OpenID Connect authentication standard – for example, an LDAP-based Identity Management, Microsoft’s cloud-based Azure AD, Keycloak or Ping Federate, an Identity-as-a-Service like cidaas or an on-premises open source Identity Provider like Kopano Konnect, to name a few.

Open ID Connect also allows for Single Sign-On capabilities, wherein a single set of credentials can be used to access compatible applications.

True Secure View: Restrict actions performable on confidential files

When you integrate ownCloud with Collabora, you can take advantage of True Secure View, a feature that ensures data security by preventing data breach and data abuse by restricting actions available to recipients during the file sharing process. This feature is highly recommended while working with confidential documents.

True Secure View allows you to set limitations on the actions that can be performed on the files you share, for example, downloading, editing, copying etc. Files shared this way are only streamed to the browser without actually leaving the server, making it impossible for the recipients to extract the original files.

Furthermore, to ensure deterrence and traceability and provide data security, files are watermarked for printing and exporting to PDF, in cases where the recipient is allowed to print and export to PDF.

Face ID: Ensure data Security with a smile!

ownCloud’s Face ID setup is pivotal in adding another layer of data security in order to prevent identity theft and consequent data breach. It is, by its very nature, non-invasive and offers easy implementation.

The ownCloud Apps for iOS and Android support the FaceID authentication procedures implemented through the biometric unlock mechanisms in the respective operating systems.

It allows users to lock their ownCloud app when not in use and unlock it with the help of FaceID authentication, which is significantly hard for hackers to crack.

Users can choose to use a predetermined four-digit code as a fallback option to unlock their device. On older Android and iOS devices, ownCloud supports TouchID instead.

Data security with Face ID

Face ID interface

oAuth2: Ensure data privacy with tokens

ownCloud offers OAuth, the open industry-standard cryptography protocol that uses Secure Sockets Layer (SSL) to ensure that data between the web server and browsers remain private, thus ensuring secure authorization of clients.

It greatly enhances security while facilitating the integration of third-party apps or web services. oAuth2 connects the ownCloud Clients (Desktop, Android, iOS).

Its standardized and secure authorization flow means that users do not need to enter or store their credentials in the Desktop and Mobile Apps. Rather, it uses token IDs in place of credentials, granting third parties limited access to an user’s data.

oAuth2 also provides a user authorization interface for developers to swiftly integrate ownCloud into their applications.

Ransomware protection: Don’t let your files be held hostage!

The ownCloud Ransomware protection app empowers enterprises to safeguard their data against ransomware, a malicious malware that encrypts and or locks the data on the victim’s device or even an entire network and demands ransom to decrypt or unlock them.

The Ransomware protection app uses a two-step approach to safeguard your files from being held hostage and wreaking havoc in your organization. Firstly, it prevents loss of data by blocking sync uploads from clients that are recognized as infected. Alongside, it also retains previous versions of data as backup to fall back upon in case a user falls victim to ransomware.

Some of the above features are included in the free version of ownCloud while a few others are available with an Enterprise subscription. If you are interested in implementing or stepping up data security measures in your enterprise, you are welcome to contact us. We are confident that together we can figure out just the right combination of features and plug-ins to suit the unique needs of your business, irrespective of its industry or size.

Anwesha Ray

Maggio 27, 2022

Ready to see what’s next?

Having trouble viewing or submitting this form?

Contact Us

We care about protecting your data. Here’s our Privacy Policy.

Read now: