Stronger cloud-storage authentication winning Australian government agencies: CTERA
- 14 June, 2016 12:37
Secure-storage vendor CTERA Networks has dipped into the arsenal of military encryption and access-control methods to target its on-premises and public cloud storage to high-end organisations for whom conventional methods of authentication are proving to be inadequate.
Designed specifically for the US Department of Defense (DoD), CTERA's new 'mutual authentication' technology was designed to offer additional layers of protection above and beyond conventional integration with Microsoft Active Directory servers.
Although widely used, the Active Directory approach was proving deficient in high-security environments because compromised passwords, access codes or mobile phones could still allow unauthorised users to navigate access controls to get onto a sensitive network.
Fixing this issue as part of the DoD/DISA Enterprise Storage Services II modernisation contract with World Wide Technology, senior vice president Jeff Denworth told CSO Australia, led the security-focused Israeli software firm to leverage the established Common Access Card (CAC) authentication mechanism – also utilised within the Australian military – as an additional layer of control over access to secure file stores managed through CTERA's Enterprise File Services Platform (EFSP).
The goal “is to provide the most secure solution for enterprises in cases where they don't even trust their own internal users,” Denworth explained, noting that the solution was positioned at “material organisations like banking, healthcare and critical infrastructure”.
“Once they decide they need something for security that is appropriate for finance or HR, solutions like this become much more appropriate,” he continued.
“We have secured government customer wins where those organisations are looking for ways to modernise file access and data protection.”
The EFSP platform offers a distributed file system that can be deployed as an on-premises solution or via public-cloud services like Amazon Web Services (AWS), depending on what data is being stored and what level of protection the user wants to enforce over it.
Seamless, incremental backup processes with 256-bit encryption of data at rest and user-controlled encryption keys had combined to keep control over file storage in the user’s hands, with the company – which this month launched updates including CAC support and an overhauled mobile app for file access – positioning its technology as a more tightly-controlled alternative to popular public-cloud services such as Box, Dropbox, and Microsoft OneDrive.
The popularity of those services meant that most small and medium businesses “will embrace SaaS storage services as good enough,” Denworth said. “If your organisation only has a few hundred users in total and you're not regulated, there's a good chance that we will never talk to you.” Rather than users authenticating to a SaaS service which in turn manages all file access on their behalf, the design of EFSP allowed users to effectively authenticate users all the way through to individual resources – providing direct access to sensitive content with full logging, auditing and access-rights control.
“If I'm deploying in AWS, I can achieve nearly the same security criteria that I would in my own data centre and my files will never get accessed by a third party,” Denworth said. “However, if I'm deploying SaaS based solutions there is no way that I could ever achieve the same level of isolation and data security as I would have if I deployed a fully dedicated solution.”
While he couldn't name customers yet, ongoing deployments with several Australian government agencies confirmed recognition of the value of tighter control over file-storage assets. “We don't think of files as something that just lives on a mobile device or just lives on a desktop or on an office file server,” he said.
“Users don't really care about access method; they just care about their data, and want to be able to access it from any device, at any time. And when they get Cryptolocker or lose a file, they want to be able to recover it from any device, at any time.”