Enhance Secure Data Collaboration with Egnyte

Egnyte’s centralized administration and secure content framework integrate data governance, control and compliance into each stage of the content life cycle. It facilitates end-to-end file server security across all of the locations where your users access data, and for the mission-critical files that your company manages.

We use a combination of technologies and practices to maximize file server security.

Security Architecture

Egnyte’s secure file server gives IT teams a single access point to monitor and control stored files. Your files are protected by full audit capabilities and comprehensive data protection for content at rest and in transit.

User Accounts

Built-in controls like password strength and rotation with two-factor authentication help secure users’ accounts. IT teams can customize account expiration dates and manage external users for enhanced safety.

User Devices

We utilize 256-bit AES file encryption to enhance file security. Egnyte Enterprise Key Management provides complete control of encryption keys and allows you to set access restrictions based on the user’s device type.

Files in Transit

Every data transfer session is secured through the TLS protocol and 256-bit encryption.

Data Centers

Egnyte uses secure data centers around the world to provide fast access to your data while constantly replicating for geographic redundancy.

Data Security Solutions

Egnyte scans all uploaded data for known malware and monitors files and behavior for evidence of malware and ransomware attacks to shut them down quickly. In the event of corrupted files, Egnyte offers Snapshot Recovery to quickly and easily restore entire file systems going back up to 4 weeks.

Compliance Standards

Egnyte’s ISO/IEC 27001-certified information security management system complies with GDPR protocols and facilitates data sovereignty.

The user management system is the first line of defense in Egnyte’s file server security arsenal. It handles all activities related to providing users with authenticated access, establishing permissions, and resetting or decommissioning access. Single Sign-On, Lightweight Directory Access Protocol (LDAP), Multi-factor Authentication (MFA), and Microsoft’s Active Directory (AD) can be selected and configured to match your organization’s security model.

Automated Management

Permissions based on groups and roles scale to large numbers of users, which increases your efficiency and saves time. No more checklists for replication across systems every time you add or delete a user. You can add users to groups, ensuring permissions are seamlessly assigned. New roles can be administered centrally and instantaneously rolled out to the user population.

Strict Controls

With Egnyte, protecting your data from unauthorized access is a high priority. You can immediately be notified of a potential malicious log-in, by using a lockdown or by removing a particular user’s access. Egnyte can also provide the data for root cause analysis, should further research be required.

Audit Compliance

We have built our secure file system based on compliance and licensing requirements. Our platform simplifies audit reporting while helping you meet your regulatory requirements.

File encryption is the cornerstone of file security. Egnyte manages this at two levels – when files are in transit and at rest.

Encryption in Transit

In today’s globalized world and hybrid working environment, users access files from anywhere and on any device. However, doing so can expose them to the risk of file interception during transit. HTTPS protocols create a secure transmission channel for your data. Egnyte uses AES 256-bit encryption to maintain data integrity during transfers. The same standard applies while sharing files with customers, vendors, and associates outside of your network.

Encryption at Rest

We provide the highest levels of file server security by implementing AES 256-bit encryption on files at rest in our data centers. Even if someone gained access to a file, it would be impossible to read without the encryption key.

Encryption Keys

We store all encryption keys in a secure key vault. It is only accessible through Egnyte’s proprietary software. Customers can also manage their own encryption keys using third-party software or their on-premises setup. Integration is readily available for Microsoft Azure Key Vault and Amazon AWS CloudHSM.

With anytime, anywhere, anyhow access via desktops, laptops, tablets, mobile devices and web browsers, you require top-of-the-line device control capabilities for unbeatable file server security. At Egnyte, we use the following controls to maintain data security:

• Passcode Locks

  Administrators can set mandatory passcode locks for mobile devices and tablets. Employees must enter the code to access the app or if their phone has been idle. You can opt for controls and settings that empower you to delete all locally stored files after a certain number of incorrect attempts.

• Access Controls When Offline

  Our file security controls enable you to disallow local downloads of files that contain highly sensitive data. A high-level setting lets you decide whether users can download files on their mobile devices. Additionally, local copies can be deleted periodically to keep data safe.

• Remote Wipes

  Administrators have a centralized view of all end-user mobile, desktop and laptop devices through a web UI. Regardless of OS (Windows, Mac, iOS, Android), they can pick a device to initiate a quick erase of all Egnyte files, helping to prevent unauthorized access.

• Redundant by Design

  We host all servers on redundant Local Area Networks (LAN). They are equipped with redundant electrical supplies to protect against unforeseen outages, for round-the-clock access to your data.

• Zero Data Visibility

  Our data servers are only accessible through your application. Egnyte employees do not have access to your data and cannot remotely administer any tasks. A few administrators conduct hardware inspection and maintenance activities, only after they complete stringent background checks and security training.

Every organization and every team have unique collaboration processes. Financial and legal teams likely have multiple touchpoints with customers and vendors. Others may share highly sensitive information with a limited user base within the organization. Regardless of your needs, Egnyte’s centralized file server security enables you to share information and content however you see fit.

Access Permissions

Individual users and groups can be granted view, edit or owner access at a granular level. You can set permissions across all connected repositories to prevent incorrect sharing of potentially sensitive information. For example, you can:

• Set highly sensitive folders and content to ‘Preview Only’ to prevent users from downloading, copying or printing the information in those folders.
• View detailed activity logs to see when and where users have accessed content.

Sharing Securely on the Go

Organizations often struggle to share content securely with suppliers, partners and customers. Our secure file server and file encryption capabilities facilitate end-to-end security. For instance, you can:

• Share links to documents from your desktop, laptop, mobile device or tablet through secure links via e-mail. You can configure the links to provide limited read-only, download-only access, or enable recipients to edit and collaborate with you.
• Enable project-based teams to share and access files online and offline, making it easier for teams to work cohesively at different locations. Users can make and store edits offline and sync them later. Files get versioned to permit seamless co-editing.
• Share links to sensitive files like contracts during negotiations and then revoke access on completion, to prevent unauthorized access to confidential data after negotiation has been completed.
• Scan documents to identify sensitive data based on the compliance regulations that apply to your organization. Initiate rules to ensure only the right people have access to the content. You can even mark confidential documents as ‘Not Shareable’.
• Create upload links to securely receive information from customers and vendors. Files automatically get stored in a secure location that only you can access. You can set permissions so that links expire at a specific date and time.

Strong governance serves as the bedrock on which you can build sustainable file server security and comply with data privacy mandates. Centralized management and end-to-end visibility allow administrators to effectively design IT Security programs, identify and plug loopholes and mitigate risks.

Egnyte has built security processes into each phase of the content life cycle.

Discovery

Securing your sensitive data starts with first identifying it as such. The AI-based Classification Engine can help you scan scores of documents and identify sensitive data like credit card numbers, US Social Security Numbers, addresses, etc. using pre-built templates. Whether you have unique requirements for your business or are looking to follow requirements that are laid down by regulations like HIPAA, FINRA, etc., Egnyte makes it easy to keep an up-to-date repository of your data set.

Definition

Organizations can create Content Safeguards that decide how their information is shared, who has access to it, how much access they have, when they have access until, and more. Dashboards can show a list of unsecured shared information and highlight any risks to file security.

Remediate

Egnyte empowers you to disable compromised accounts, detect potential ransomware, force password resets, disallow links on sensitive content, delete unused accounts or groups, and more.

Alert

Unusual activity linked to potential insider threats, malicious actions or risks to file security are immediately flagged, and alerts go out to identified administrators. Organizations can identify any such problems in the ‘Issues’ tab, including, but not limited to, compromised accounts, sensitive content, suspected ransomware, public links and more.

Report

Audit reports offer a 360-degree view of all actions related to users’ access (login/logout/password resets, etc.), file activities (uploads, downloads, links, etc.), permission changes (addition/revocation), and more. Centralized control makes it easy for organizations to meet regulatory requirements, especially in highly audited industries like healthcare and finance. Businesses can generate ad-hoc reports based on their specialized needs.

Retention, Archival, and Deletion

Many businesses must delete certain content periodically to meet contractual obligations. Others need certain content to be held for several years or more to fulfill legal obligations. Hence, file server security also involves strong practices and controls associated with the archival and deletion of content. You can set retention periods on files, after which they get sent for archival. Deleted files are sent to Trash folders with restricted Admin-Only access.

1. Will Egnyte’s audit reports help me to meet my regulatory requirements?

   A: Definitely. We have 500+ built-in patterns to identify sensitive and regulated content. In case of litigation, you can place legal holds on a specified user’s content.

2. My organization would like to restrict access to our content in North Korea, for example. Is such geographical constraint possible?

   A: Yes. North Korea is already part of the US State Department’s export control list. So, Egnyte automatically restricts access to data from that nation. However, you can also edit the list to add locations that are based on your own business needs.

3. Can I restrict sharing for just one file in a folder?

   A: Yes. Administrators can set policies to allow file-level control. You can set a file to the ‘No Sharing’ option, which means that even a link to that file would not be available. If you require Preview Links, the system can make that available. You can set controls to ensure nobody downloads, copies or prints the content on the link.

4. What are the different Egnyte permission levels and what do they mean?

   A: Egnyte allows four permission levels at file and folder levels:

   • Viewer - Read only
   • Editor - Rename, Read and Write
   • Full - Rename, Read, Write, and Delete

   • Owner - Rename, Read, Write, Delete, and Manage Permissions

5. Are permissions inherited between parent folders and sub-folders?

   A: Yes, the waterfall model automatically assigns parent folder permissions to existing sub-folders and any newly created folders. The administrator can then set unique permissions on the new folder. In case of a conflict, narrower permissions take precedence.