What to think of?
The concept of cloud services are still perceived as vague and hard to understand by the majority. To simplify you can say that cloud services are IT services that runs over the Internet, especially functionality that traditionally is executed on own computers but through the cloud are managed by others. It can for example be applications, hosted servers and data storage. But cloud services can also differ a lot between each other when it comes to code base, facilities, hardware and routines for personnel etc. It is often hard to get a comprehension about who are behind the service and about which vendor is best suited. On top of this, many companies in the cloud business often has just now established on the market.
One of the best ways to understand cloud services are to examine where the business critical data to be stored is handled. From the computer desktop, a smart phone or tablet to a data center. Below you can read about how it works at Storegate.
Data protection at Storegate
Cloud guarantee with integrity and security in focus
Customer data at Storegate is stored in a reliable environment where the customer can use the services in a safe, secure and efficient way. The hardware is owned by Storegate and co-located in Telia International Carrier data centers located in Stockholm, Sweden. As well facilities, system and personnel meets high standards and we offer a fully redundant environment with optimal conditions for power supply, cooling, climate, fire detection and fire extinguishing.
Storegate’s services are monitored 24/7. If disturbance occurs, an automatic alarm is sent out to the technician on duty. Entrance to the data centers are protected by burglar alarms, air locks and security personnel.
Storegate never scans information for business development purposes or sell to advertisers.
Access to account and authentication
The stored information is accessible only to the person who have stored it, on presentation of user ID and password. Storegate uses https-encrypted login authorizations, which means that user ID and password are encrypted and thus not available to unauthorized persons. In addition to this Storegate have:
- Recovery of password from the administrator or through the support
- Limited numbers of log in attempts (brute force)
- Automatic log out when inactive
- Oauth-based log in on web interface and client level
- Two-step verification based on (TOTP) protocol (e.g. Microsoft- or Google Authenticator)
Single Sign On
For Enterprise customers Storegate offer support for Single Sign on. This will give companies a centralized control over user accounts on Storegate. If a company inactivate a user centrally, this user is not able to log in any more. In the same way you can, as an administrator for a Team account, manage and control your users. This is managed when you are logged in as an administrator at Storegate.com.
Mobile users can access their accounts through mobile web browsers or using a specific Storegate app. When a user connects through a mobile device (iPhone, iPad, Android, Windows Phone etc) we use HTTPS encrypted authentication. All data transferred between server and the mobile device are encrypted with the bank norm SSL. If a mobile device is stolen or lost, the administrator can block the affected account and prohibit access to all information in the cloud at real time.
Upload and file transfer
After logging into the service through one of our interfaces, you can upload files and folders. The upload process is easy from a user perspective, but we optimize the security in the transmission. All data are encrypted with 128-bits SSL-encryption. This means that you do not need to use VPN-tunneling or similar to access your data from different geographical places. The same procedure is used when downloading files to devices.
Permissions and sharing of information
When your files have been stored at Storegate and are ready for sharing or collaboration there are functionalities in place to control who shall have access to the information. Each user can, for example, set permissions in Team folders. Through sharing folders externally you can decide which partners who shall be able to share the information and also upload to your account. Shares can be restricted with due date and/or password to access the content.
On a global level the Team administrator can set limitations for one or more users. On top of this, the administrator can decide upon on:
- Who can create folders or upload files
- Who shall be invited to the Team
- What quota users shall have in home folder or for backup
- If deleted files shall be moved to recycle bin or not
- How many versions shall be saved
- When or who shall have backup reports
- Termination of users
Storage and encryption
All files stored at Storegate are encrypted using a system generated encryption-algorithm. Above this are all files stored in the systems with scrambled paths and file names. This makes it impossible to track what files and paths are connected to which user (account owner). For all services and protocol at Storegate 128-bits SSL encryption is used in transit. For Backup Pro the files can be encrypted with a user generated encryption key (256-bits AES-encryption). The system has in-built protection against SQL-injection and brute force-attacks. This means that the system will automatically block repeated failed attempts based on IP-address and username.
Deletion of stored information
Files in recycle bin are left until the user chose to empty whole or parts of recycle bin. Files deleted from the recycle bin can never be restored. If account is terminated the stored information is left for 60 days, after this Storegate deletes all information in accordance to the Swedish Personal Data Act. Contact Storegate at firstname.lastname@example.org if you any questions about deleting files.
The security around your information is equally important at our office, in our data centers and in our routines. All employees at Storegate have signed agreements which includes non-disclosure against customers and partners. Like other services in the cloud, there are a small number of employees who must be able to access user data for the reasons stated in our user agreement (e.g., if legally required to do so). However, these are rare exceptions and not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and logical security measures to protect user information from unauthorized access.
Storegate do also work continuously with the security within the office network. Such as:
- Network intrusion detection systems
- Application logging, reporting, analyze, archiving and preservation of data
- Continuously internal monitoring
Handling of your data
Technicians or customer support at Storegate may temporarily need access to customers’ accounts to manage technical and support issues. If this is necessary, we have strict policies and warranties that prevents misuse.
Application and hardware architecture
In each data center Storegate have full redundancy with load balancing, routers, servers, switches and failover configurations etc. Data is stored and replicated in real time on multiple servers.
Storegate’s system is a complex environment that demands different layers of security. From hardware, such as storage systems, to soft values such as the personnel who works at Storegate. Storegate’s highest priority is, and remain, the security around customer’s digital information. If you need more information about a specific area, please contact Storegate and we are happy to answer your questions.