Threats: Data Breach, data hack, data abuse, data privacy invasion
Solution: End-to-end encryption
End-to-end encryption (E2EE) is your best bet when dealing with highly-sensitive and valuable data and communications. It is undoubtedly the safest and easiest way of file sharing between two or more users irrespective of the existing internal security infrastructure of your company.
It closes all possible gaps in data secrecy and data protection, setting the groundwork for a zero-trust environment in your organization. In the simplest terms, it ensures that only the sender and the intended, authorized recipient(s) are able to access the data – no one else, thus ensuring that your data and communications are safe from hackers and unauthorized third parties in the course of file sharing.
This centralized setup also eliminates the need for installing additional software and cumbersome multiple encryption and decryption systems, making it an easy and user-friendly system of file sharing.
Who is end-to-end encryption for?
End-to-end encryption is the most viable option for you if your organization works with sensitive and valuable data, for example, personal data, government data, financial or insurance data, healthcare records etc.
Whether you are striving to step up data security measures in your company or looking for a simpler solution to replace your existing encryption setup, ownCloud E2EE is a gold standard data protection and file sharing solution for your company.
How does ownCloud end-to-end encryption work?
When the plugin is enabled for a user, the user can encrypt any empty folder. Additional users can be invited by using the share option.
Before being uploaded to the server, the file is encrypted in the browser with public keys fetched from the server, leveraging a JavaScript plugin that is delivered to the user’s browser securely.
Files are decrypted directly in the user’s web browser. To prevent unauthorized access of the private key, it is possible to outsource the decryption of the file key to an external key service, which also supports communication with external hardware tokens.
This decrypted file key is then used by the browser to decrypt the file.
Ultimate data protection with end-to-end encryption
In this setup, in the course of file sharing, neither the sender nor the recipient is bound to a specific environment. End-to-end encryption ensures that nobody in your organization, not even the system administrators, can access the encrypted files. What’s more, the files cannot be decrypted by a third-party even in case the hardware is accessed or stolen.
Hardware key for added security
The ownCloud end-to-end encryption system adds an extra level of security during file sharing by providing an additional key service. This service enables the private key to be stored outside of the browser, even in the form of a smart key (a piece of hardware that remains on the hardware device and work only in combination with the device on which the key service is installed.)
Transparent overview and complete user control
By combining the ownCloud Public-Share function with the plugin, every user can create a secure and encrypted file drop by sending a link to an encrypted download area (for example, by email) to the respective recipient.
The file can only be accessed by those ownCloud users who are transparently displayed on the upload website. For every file uploaded, the uploader can view exactly who the file has been sent to and who has access to it.
End-to-end encrypted emails with Outlook
The ownCloud end-to-end encryption setup also keeps your emails safe from unauthorized access and data breach attempts during file sharing. With the help of this plugin, you can easily share fully-encrypted files, either within the ownCloud user interface or by sending an email directly through the ownCloud Outlook plugin, without the hassle of additional encryption.
Once registration is completed, an individual key pair is created for the recipient consisting of a public key on the ownCloud server and a private key on the user’s local computer.
As an added bonus, this plugin completely eliminates file size limitations. This advantage is owing to the fact that attachments are no longer sent during the file sharing process, but only retrieved by the recipient on the ownCloud server. The share settings can also be changed at any time as and when needed.
Constraints of the end-to-end encryption setup
There are certain factors that are to be kept in mind with respect to using end-to-end encryption for file sharing. These include the need to consider data protection requirements in each folder and the performance overhead on the client side.
Also, that since the system administrators cannot access the encrypted data, they will also not be able to retrieve any data for the user. In case the private key is lost, there is no way of decrypting the data.
When the encryption is activated, leveraging collaborative editing or any server-side function, including virus scanning, is no longer possible.
Get ownCloud end-to-end subscription
ownCloud provides an End-to-End Encryption plugin in addition to the ownCloud Enterprise Edition subscription. The plugin subscription pricing starts at 1000 EUR/ year for up to 50 users. The plugin is also available as a part of the free Enterprise trial.
