Stronger cloud-storage authentication winning Australian government agencies: CTERA

Military-grade authentication tightens access, audit controls over sensitive data

Secure-storage vendor CTERA Networks has dipped into the arsenal of military encryption and access-control methods to target its on-premises and public cloud storage to high-end organisations for whom conventional methods of authentication are proving to be inadequate.

Designed specifically for the US Department of Defense (DoD), CTERA's new 'mutual authentication' technology was designed to offer additional layers of protection above and beyond conventional integration with Microsoft Active Directory servers.

Although widely used, the Active Directory approach was proving deficient in high-security environments because compromised passwords, access codes or mobile phones could still allow unauthorised users to navigate access controls to get onto a sensitive network.

Fixing this issue as part of the DoD/DISA Enterprise Storage Services II modernisation contract with World Wide Technology, senior vice president Jeff Denworth told CSO Australia, led the security-focused Israeli software firm to leverage the established Common Access Card (CAC) authentication mechanism – also utilised within the Australian military – as an additional layer of control over access to secure file stores managed through CTERA's Enterprise File Services Platform (EFSP).

The goal “is to provide the most secure solution for enterprises in cases where they don't even trust their own internal users,” Denworth explained, noting that the solution was positioned at “material organisations like banking, healthcare and critical infrastructure”.

“Once they decide they need something for security that is appropriate for finance or HR, solutions like this become much more appropriate,” he continued.

“We have secured government customer wins where those organisations are looking for ways to modernise file access and data protection.”

The EFSP platform offers a distributed file system that can be deployed as an on-premises solution or via public-cloud services like Amazon Web Services (AWS), depending on what data is being stored and what level of protection the user wants to enforce over it.

Seamless, incremental backup processes with 256-bit encryption of data at rest and user-controlled encryption keys had combined to keep control over file storage in the user’s hands, with the company – which this month launched updates including CAC support and an overhauled mobile app for file access – positioning its technology as a more tightly-controlled alternative to popular public-cloud services such as Box, Dropbox, and Microsoft OneDrive.

The popularity of those services meant that most small and medium businesses “will embrace SaaS storage services as good enough,” Denworth said. “If your organisation only has a few hundred users in total and you're not regulated, there's a good chance that we will never talk to you.” Rather than users authenticating to a SaaS service which in turn manages all file access on their behalf, the design of EFSP allowed users to effectively authenticate users all the way through to individual resources – providing direct access to sensitive content with full logging, auditing and access-rights control.

“If I'm deploying in AWS, I can achieve nearly the same security criteria that I would in my own data centre and my files will never get accessed by a third party,” Denworth said. “However, if I'm deploying SaaS based solutions there is no way that I could ever achieve the same level of isolation and data security as I would have if I deployed a fully dedicated solution.”

While he couldn't name customers yet, ongoing deployments with several Australian government agencies confirmed recognition of the value of tighter control over file-storage assets. “We don't think of files as something that just lives on a mobile device or just lives on a desktop or on an office file server,” he said.

“Users don't really care about access method; they just care about their data, and want to be able to access it from any device, at any time. And when they get Cryptolocker or lose a file, they want to be able to recover it from any device, at any time.”

Join the CSO newsletter!

Error: Please check your email address.

Tags CACEFSPAustralian militaryhigh-security environmentsAWSgovernmentCtera NetworksCteraUS Department of Defense (DoD)Microsoft Active Directory

More about Amazon Web ServicesAWSCSODISADropboxMicrosoftTechnologyWorld Wide Technology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place