Security
How CloudFiler embraces security
CloudFiler protects your data in the following ways:
- Communications between the systems are secure
- The service is highly fault tolerant with multiple copies and backups
- Security is managed via time-limited and one-time security tokens
- Authentication is via Microsoft Exchange Online
- Only those with the appropriate permissions can access the data
- You can easily take your own copies and walk away from the service at any time.
- The system security is regularly tested for weaknesses
Secure communications
Access for all operations (filing, searching and API access) is only via secure gateways and uses one-time security tokens.
CloudFiler uses the industry-standard 256-bit Advanced Encryption Standard (AES-256) algorithm to encrypt all customer data and metadata at rest. Additionally, all customer data and meta data is encrypted using the highest supported Transport Layer Security (TLS) protocol. At the time of writing, CloudFiler defaults to TLS 1.3 and requires a minimum of TLS 1.2.
The encryption keys are themselves encrypted, securely stored, and automatically rotated to new keys in line with key management best practice.
Making sure it's there when you need it
Your messages are automatically mirrored to 3 separate storage servers on the Amazon cloud (AWS) to ensure that your data is safe. These automatically mirror across to each other so if a disc or server fails, it is automatically reinstated and the data is synced across. The data is held in a data centre in the UK, however licensees of our Enterprise tier can elect to have copies stored in another Amazon data centre of their choosing. For additional resilience we take back-ups with a separate service provider in the UK. For security reasons we don't reveal the details of this provider.
Security Tokens
CloudFiler uses a range of security tokens to ensure that your data is only accessible to the right people.
Time limited tokens
Some activities such as searching are authenticated with time limited tokens that expire.
Task specific
Tokens are typically task specific and only enable one particular capability, ensuring that if the token becomes known to others, it has limited use.
One-time tokens
Tokens can be one-time usage only. For example, if you copy a search URL to a colleague or external party, it won't work for them.
Authentication via Microsoft Exchange Online
Users are authenticated via your Exchange Online service ensuring that only people with email accounts on your Exchange Online server have access to CloudFiler.
User permissions
CloudFiler provides a role based security model which is managed by you to ensure that only those with the appropriate permissions can file into or search particular locations. CloudFiler's staff can not view your messages either, due to access rights and encryption.
Who can access it + GDPR compliance
We are mindful of confidentiality and GDPR issues with customer data, so we do not share your data with any third parties, plus all processing, storage, and backups are performed by us directly and not by third-parties.
Emails are stored in separate storage volumes for each customer and have their own individual security and permissions. We do not have access to any customer's data.
We have an auditing and logging system to monitor access.
Allowing you to keep your own copies
Licensees of the Professional and Enterprise services can configure connectors to sync the message files to their own storage, which can be either on-prem or in your own managed cloud.
Walk away at any time
Whether you use a 'connector' to sync the data to other storage or you just decide to cease using CloudFiler, you can easily copy the original message files out of the system, ensuring that you can walk away at any time without losing any data.
Data centre security + Safe harbour
Customer data is stored in an Amazon AWS data centre, about which Amazon state the following:
Every AWS Region is designed and built to meet rigorous compliance standards including ISO 27001, ISO 9001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC3, PCI DSS Level 1, and many more. Our Cloud Compliance page includes information about these standards, along with those that are specific to the UK, including Cyber Essentials Plus.
Enterprise licensees can elect to have copies stored in another Amazon data centre of their choosing.
On-going assurance
We undertake regular third-party penetration testing to ensure that our security is maintained.