how one to one sharing enforces secure collaboration - xonom

Connect Security World Conference Sept. 17 2015

Laurent Henocque - KeeeX - Marseille

How One to One Sharing Enforces Secure Collaboration

The situation

‣ Cloud and sharing solutions abound, but do not make our life easier

‣ Collaborating over heterogeneous clouds or systems is impossible in confidentiality

‣ Group and Access right management turns to a nightmare

‣ External collaboration requires even more care

2

How do your contacts share?

The group management nightmare

‣ External collaborators must be invited to use, and maybe pay

‣ It must be decided if a new collaborator can access the group history - or create a new group

‣ External collaborators may have their own conflicting cloud and preferences

‣ Some admins end up managing some 900+ groups

4

So, what happens?

‣ External collaborators (lawyers, accountants, customers, sub-contractors…) often receive unprotected documents.

‣ Internal collaborators deploy a wealth of Shadow IT, and send home documents via their dropbox or the like.

5

approval

previous

reference

initialfinal

Good news: file organization and management can be embedded

tag...

report

So: no tier is required to manage file organization, and files may travel anywhere

Cloud Sync folders, NFS+VPN drives can be used as transfer tunnels

Encryption is local

Cloud/Disk…

Folders act as tunnels

An app can memorize per user sharing mode and encryption settings

…

We don’t need groups

‣ Initial sharing list for a document can be used as a default for all subsequent versions, and comments, and any relevant activity…

‣ A new user can be added to a document without revealing the previous activity

‣ Encryption is the de facto default over insecure media

‣ Heterogeneous sharing is a no brainer 9

Example Version 1

Version 2: same sharing list

Preparing version 3: suggested sharing list - heterogeneous modes

DropboxWeblinks

Conclusion

‣ One to One encryption and sharing settings can be memorized by an app

‣ Encrypted files may transit via any cloud tunnel while carrying all organizational, integrity, authenticity and semantic information

‣ People can use the clouds of their choice

‣ Adding recipients to a sharing list is instantaneous

‣ Security is never compromised

13

14

Thanks for listening

Meet us at World Smart WeeeK

Laurent Henocque, laurent@keeex.net, +33 683 88 20 01

KeeeX SAS, RCS Marseille 807 570 148Pôle Média Belle de Mai CS 20038 – 37 Rue Guibal – 13356 Marseille cedex 03

Tel: +33 4 91 05 64 47