Blog | News | security

Comprehensive Encryption: Keeping sensitive data safe from prying eyes

Cyber security is an area of burgeoning concern across the digital world. Over the last several years, companies, governments and individual users are grappling with an alarming increase in the variety and frequency of cybercrimes and threats. This calls for enhanced cybersecurity initiatives and high-end automation efforts to safeguard sensitive data from being illegally accessed, disrupted or disabled.
Data Security with Comprehensive Encryption

Safeguard your sensitive and valuable data from unauthorized access through state-of-the-art file encryption architecture. The modular and flexible encryption option offered by ownCloud enables you to encrypt your files and allows for custom setups to combat all possible digital threats and comply with regulatory requirements.

To ensure a high level of data protection and data secrecy, the ownCloud comprehensive file encryption architecture offers up to three levels of file encryption:

File encryption in transit:

In-transit file encryption is active by default and design with the use of HTTPS connections and the latest TLS protocol. Encrypt your files server-wide and/or end-to-end. In fact, in-transit encryption is mandatory to ensure General Data Protection Regulation (GDPR) compliance.

File encryption process

File encryption is really simple with the ownCloud Encryption app

File encryption in rest:

Encryption at rest means to encrypt all files saved from the ownCloud application server prior to saving them on the actual storage. ownCloud uses a single master key encryption method for this method that is supported on all file systems. Only the administrator in possession of the master key can decrypt files in this setup. Master key encryption prevents files to be read from the storage, ensuring complete privacy and peace of mind.

File encryption at rest offers the advantage of preventing data breach issues related to physical access to the storage, including stolen hard disks. For an added level of security, the keys can be stored in a hardware security module (HSM), which reacts only on the request of the ownCloud application.

End-to-End Encryption Plugin:

For a superior level of data secrecy and data protection, particularly recommended for highly-sensitive data, ownCloud provides an End-to-End (E2EE) file encryption plugin. With the help of this plugin, users and authorized guest users can share fully-encrypted files. A JavaScript plugin encrypts files on upload with public keys provided by the server. File decryption also takes place in the web interface, with the use of a private key.

The user who uploaded the file can also view and keep track of the users who access the files. The end-to-end encryption feature works in any common, modern browser.

With the end-to-end encryption plugin, sending encrypted files via email is a breeze. You can easily share a file within the ownCloud user interface or by sending an email directly via the ownCloud Outlook plugin, without the need for additional encryption.

This premium plugin is available as an added subscription with the ownCloud Enterprise edition.

end to end file encryption

How it works:

Secure file storage with the ownCloud Encryption app is really simple. As soon as the app is enabled by your ownCloud administrator, all of your ownCloud data files are automatically encrypted. This means that, once the app is set, you can focus all your time and energy on your work, confident in the knowledge that your data is as safe as it can possibly be.

File Encryption is server-wide. So, once enabled, keeping your files unencrypted is no longer an option. As an added advantage, the app doesn’t require you to keep track of an extra password but uses your ownCloud login as the password for your unique private encryption key. Simply log in and out and manage and share your files as you normally do, with the flexibility of changing your password whenever you want.

Certain resources, including but not limited to file names, image thumbnails, existing files in the trash bin, file previews, the search index from the full text search app, third party app data and existing files in Versions, are not encrypted.

End-to-end encryption with a key service fulfills the highest needs for data secrecy and data protection.

Our promise: A high level of data protection

Our users trust us with their valuable and sensitive data, and we at ownCloud are committed to treating that trust with utmost respect. We are confident that we can provide the right data protection solution for your business, regardless of the industry or size.

We welcome you to discuss with us your unique data protection needs and cybercrime concerns, and we will together find the right combination of setup and add-ons to find a solution that is perfect for you and your business.

Anwesha Ray

May 3, 2022

Read now:

Understanding Web Applications in oCIS

Understanding Web Applications in oCIS

In today’s fast-paced digital world, web applications play a crucial role in enhancing user experience and functionality. Infinite Scale comes with a world-class web interface to manage file resources, but it can be extended by utilizing ownCloud Infinite Scale (oCIS) as a construction set for custom web apps.

read more