New: Full control over the encryption of documents in the Cloud
Released on 17. March 2017
With “Fabasoft Secomo as a Service”, organisations can use controlled end-to-end encryption for documents in the Fabasoft Cloud and allow external partners to collaborate on the basis of this encryption standard.
With immediate effect, software provider Fabasoft is offering “Fabasoft Secomo“ for the genuine end-to-end encryption of documents also “as a Service“ in the Fabasoft Cloud. Organisations have so far been able to use the encryption standard developed by Fabasoft in cooperation with the Graz University of Technology as an appliance (hardware-software combination) at their own data centres. Customers of the Fabasoft Cloud Enterprise edition can now also use Fabasoft Secomo appliances at the Fabasoft data centres in Germany without any additional costs. Documents are stored in the Fabasoft Cloud in so-called “Teamrooms” that allow for a safe and agile collaboration with external partners. Andreas Dangl, Business Unit Executive Cloud Services at Fabasoft, explains how Fabasoft Secomo as a Service has been adapted to this end: “If a user is inviting an external partner for collaboration in the Fabasoft Cloud, only the key of the respective Teamroom needs to be adapted. In this way organisations can collaborate with external partners in an uncomplicated and agile manner based on the highest standards of encryption.” Organisations are creating their own unique organisation keys a single time. These keys will never leave the Fabasoft Secomo appliances. As a result, all Teamrooms of the organisation as well as the documents contained in them are encrypted. “This ensures that customers of the Fabasoft Cloud have full control over encryption besides having full control over their data”, explains Dangl.
Genuine end-to-end encryption as a Service
In practice, Fabasoft Secomo as a Service is used in the following way: An organisation wants to collaborate with external partners in a safe and agile manner. Exchanging documents via email or a download server is unsafe, does not allow for traceability and infringes the compliance guidelines of many industries. The organisation purchases the required number of user licenses for the Fabasoft Cloud. In the course of setting up the organisation, a so-called “organisation key” is created with a single mouse click. This key safely remains within the Fabasoft Secomo appliance at the Fabasoft data centre, is protected by a hardware security module and ensures that only authorised persons can read and edit the documents encrypted with this key within the context of their organisation. All authorised users of an organisation can create Teamrooms in the Fabasoft Cloud – these are protected project areas for the collaboration across company boundaries. In the case of an encrypted Teamroom, a Teamroom key is generated in the Fabasoft Secomo appliance. Together with the organisation key, this Teamroom key is protected and stored in the Fabasoft Cloud. Each document created in the Teamroom is coded with a separate document key. Whenever modifications are made, the system automatically generates a new document key. The authenticity of a modification is determined and protected with a signature in the Teamroom key for each document key. If a new user is invited to collaborate in this Teamroom, only the Teamroom key is modified. “The Fabasoft Secomo concept administers the keys on a high-security server that is separated from the data. The organisation key will never leave the Fabasoft Secomo appliance. Encryption always takes place on the end device. Unencrypted data is never transmitted”, Dangl summarises the main benefits of Fabasoft Secomo.
Using the Fabasoft Secomo appliance to administer keys at the own data centre
Starting in 2015, Fabasoft has been offering Fabasoft Secomo as an appliance to organisations that want to operate it at their own data centre. Fail-safe performance is ensured by a pair of servers in separate fire zones. When the system is originally installed, the IT administrator of the organisation creates the so-called “master key” of the hardware security module (HSM) which is then used to protect all further keys. The encryption keys cannot be extracted and are protected by the HSM. This ensures that only authorised persons have access to the encrypted documents. Fabasoft Cloud customers who are using the Enterprise edition can activate Fabasoft Secomo as a Service without any additional effort or costs within minutes or use a Fabasoft Secomo appliance at their own data centre.
Advanced end-to-end encryption
Fabasoft Secomo allows for a genuine end-to-end encryption with a key length of 4096 bit and the hash algorithm SHA-512. The data is encrypted early on at the workplace or the mobile end device, instead of being encrypted at a later point in the Cloud. Each key operation is authorised by a token from the Cloud. Fabasoft Secomo is an encryption appliance consisting of the Fabasoft Secomo software and two or more highly available servers. The software only administers keys. Therefore the keys and the data are separated with regard to hardware. The system is fail-safe and is protected by hardware security modules which will delete themselves in the case of unauthorised access (“zeroisation”).