Key Features

Business data such as prices, sales volumes, profit margins, customer records etc. are invariably stored in flat files in a centralized server. By the very distributed nature of today's business operations, servers with sensitive information may be in far away branches with no local systems expertise. As attackers will always attempt to bypass the weakest protections, it is of paramount importance to ensure that all information on all systems is fully protected.

Managing and securing the regulated information is a growing concern for Information Technology (IT) departments. To address these concerns companies must embrace new solutions that do not interfere with their normal operations. File-GENERAL™ is a new type of a file repository that is dedicated to storing only the confidential files in a secure and compliant manner. Unlike a regular file server, File-GENERAL™, is built with security in mind. A cryptographic routine provides high-speed encryption, while a FIPS-certified security module or cryptographic tokens are used to store encryption keys. All accesses to the protected data are logged, and immutable logs are created to generate reports that can be used for auditing or as forensic evidence. Real-time alerts ring alarms in case privileged insiders ("root" users) attempt to access the protected data. Here are some of the key features:

No dependency on existing network/system administrators:
File-GENERAL™ is a secure file repository with its own set of administrators. Unlike a regular file server, the privileged users within a network have no control over File-GENERAL™. A regular privileged user is not even allowed to view sensitive files stored in the "Crypto-Shares". Access to the sensitive files is granted only by a designated File-GENERAL™ administrator with a smart-cards.

Transparent file data encryption:
File-GENERAL™ transparently encrypts all file types using AES-256 before storing them. Since the encryption process is transparent, there is no requirement to change the application code or install an agent on the client. Hence the user experience is not altered.

FIPS compliant key management:
The security of any cryptography-enabled system ultimately depends on the security of the cryptographic keys and certificates used. Key generation, storage, and/or distribution are always critical aspects of any distributed secure system. File-GENERAL™ uses several cryptographic keys to provide a comprehensive solution. The encryption keys are stored on FIPS 140-2 Level2/3 compliant smart-cards. The key management system is equipped to revoke or rotate keys.

Protection against “privileged user”:
Misplaced trust in the privileged user (“root”) exposes regular file servers to ever-increasing malicious activity. File-GENERAL™ eliminates this very critical flaw. Role-based access control mechanism is used to manage the File-GENERAL™ platform.

Tamper-resistant file access logs:
Every file access operation is logged and cryptographically signed and stored in a separate encrypted vault. Even the File-GENERAL™ administrators can't alter such log files.

Support for standard file access protocols:
Authorized personnel/programs can stored sensitive files on File-GENERAL™ using SMB, NFS*, SSHFS and SFTP.