Download CloudTier Storage Tiering SDK Setup File Download CloudTier Storage Tiering SDK Zip File
Cloud storage has gained significant popularity in recent years due to the many benefits offered over traditional data storage options. Cloud storage is a good option and can save you money, time and space. With the cloud-based storage services, you can access your data from anywhere with the internet connection. However, the security threats are the concern for the most organizations to use the cloud storage. With EaseFilter Transparent File Encryption SDK it enables you to encrypt your files with the digital rights management before you upload to the cloud storage, it can prevent your files from being unauthorized accessed, and you will know who accessed your files, and when and where the files were accessed.
Nowadays more and more companies store their files, images and videos to the cloud storage that are not under your control. Is your data safe in these cloud storages? You might wonder how vulnerable your data is to the cyberthieves. How to ensure that only authorized personnel such as you and your employees have access to the documents and files stored in the cloud? How to protect your sensitive data against the data breach? The solution to secure your data in the cloud is to encrypt your files in the client side, store your encryption key in your center server. If you want to access the file downloaded from the cloud storage, you need to get the encryption key from the center server to decrypt the encrypted file.
End-to-end encryption means that files are encrypted at the sender and only decrypted at the intended recipient. End-to-end client-side encryption is the best solution to secure your files in the cloud storage. With the end-to-end encryption, the data was kept with encrypted form in the transit of sender to the cloud server and cloud server to the recipient, your files were encrypted in the cloud server, the files were decrypted only by the authorized users or processes access your files. With the end-to-end client-side encryption, your encryption key and control information were stored in your own center server. Therefore, there is no possibility to decrypt the files on the server itself. This means that no third party, not even the cloud operator, has access to the stored data.
EaseFilter Transparent File System Encryption Filter Driver provides you the encryption at rest with 256 bit military-grade Advanced Encryption Standard (AES) algorithm. A transparent encryption filter driver will integrate the encryption or decryption in the read or write IO process in the file system level, without the extra IO it can improve your encryption performance dramatically. With the file system level auto encryption, your application doesn't need to interfere the encryption or decryption process.
With the encryption file system filter driver running, it can detect the user identity when the user accesses the encrypted file, you will get the user name and process name, based on this information, you can authorize the file access, or deny the user or process to access your sensitive files.
EaseFilter encrypts files with the digital rights management embedded, the digital rights management meta data was stored in your own server, the encrypted files can be uploaded to cloud storage, shared to other users securely, and you can share your encrypted files with fully control. You can grant, revoke or expire the file access at any time, even after the file has been shared. You can add or remove the authorized users, processes and computers at any time. Your application can seamlessly access the encrypted file without any change.
With the complete file access live tracking report, you can monitor who, when and where files are being accessed with the user and process information, computer identities and geo-location, also know all the unauthorized user information when unauthorized attempts are made and you can proactively block data leakage.
The following example is a simple C# console application, in this application, you can implement the following features:
using System;
using EaseFilter.FilterControl;
namespace AutoFileEncryption
{
class Program
{
static FilterControl filterControl = new FilterControl();
static void Main(string[] args)
{
string lastError = string.Empty;
string licenseKey = "Email us to request a trial key: info@easefilter.com";
FilterAPI.FilterType filterType = FilterAPI.FilterType.CONTROL_FILTER
| FilterAPI.FilterType.ENCRYPTION_FILTER | FilterAPI.FilterType.PROCESS_FILTER;
int serviceThreads = 5;
int connectionTimeOut = 10; //seconds
try
{
//copy the right Dlls to the current folder.
Utils.CopyOSPlatformDependentFiles(ref lastError);
if (!filterControl.StartFilter(filterType, serviceThreads, connectionTimeOut, licenseKey, ref lastError))
{
Console.WriteLine("Start Filter Service failed with error:" + lastError);
return;
}
//setup a file filter rule for folder encryptFolder
string encryptFolder = "c:\\encryptFolder\\*";
FileFilter fileFilter = new FileFilter(encryptFolder);
//enable the encryption for the filter rule.
fileFilter.EnableEncryption = true;
//get the 256bits encryption key with the passphrase
string passPhrase = "mypassword";
fileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);
//disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
fileFilter.EnableReadEncryptedData = false;
//setup the authorized processes to decrypt the encrypted files.
string authorizedProcessesForEncryptFolder = "notepad.exe;wordpad.exe";
string[] processNames = authorizedProcessesForEncryptFolder.Split(new char[] { ';' });
if (processNames.Length > 0)
{
foreach (string processName in processNames)
{
if (processName.Trim().Length > 0)
{
//authorized the process with the read encrytped data right.
fileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
//setup the authorized users to decrypt the encrypted files.
string authorizedUsersForEncryptFolder = "domainName\\user1";
if (!string.IsNullOrEmpty(authorizedUsersForEncryptFolder) && !authorizedUsersForEncryptFolder.Equals("*"))
{
string[] userNames = authorizedUsersForEncryptFolder.Split(new char[] { ';' });
if (userNames.Length > 0)
{
foreach (string userName in userNames)
{
if (userName.Trim().Length > 0)
{
//authorized the user with the read encrypted data right.
fileFilter.userAccessRightList.Add(userName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
if (fileFilter.userAccessRightList.Count > 0)
{
//set black list for all other users except the white list users.
uint accessFlag = FilterAPI.ALLOW_MAX_RIGHT_ACCESS & ~(uint)FilterAPI.AccessFlag.ALLOW_READ_ENCRYPTED_FILES;
//disable the decryption right, read the raw encrypted data for all except the authorized users.
fileFilter.userAccessRightList.Add("*", accessFlag);
}
}
//add the encryption file filter rule to the filter control
filterControl.AddFilter(fileFilter);
//setup a file filter rule for folder decryptFolder
string decryptFolder = "c:\\decryptFolder\\*";
FileFilter decryptFileFilter = new FileFilter(decryptFolder);
//enable the encryption for the filter rule.
decryptFileFilter.EnableEncryption = true;
//get the 256bits encryption key with the passphrase
decryptFileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);
//don't encrypt the new created file in the folder.
decryptFileFilter.EnableEncryptNewFile = false;
//disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
decryptFileFilter.EnableReadEncryptedData = false;
//setup authorized processes to decrypt the encrypted files.
string authorizedProcessesForDecryptFolder = "notepad.exe;wordpad.exe";
processNames = authorizedProcessesForDecryptFolder.Split(new char[] { ';' });
if (processNames.Length > 0)
{
foreach (string processName in processNames)
{
if (processName.Trim().Length > 0)
{
//authorized the process with the read encrypted data right.
decryptFileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
filterControl.AddFilter(decryptFileFilter);
if (!filterControl.SendConfigSettingsToFilter(ref lastError))
{
Console.WriteLine("SendConfigSettingsToFilter failed." + lastError);
return;
}
Console.WriteLine("Start filter service succeeded.");
// Wait for the user to quit the program.
Console.WriteLine("Press 'q' to quit the sample.");
while (Console.Read() != 'q') ;
filterControl.StopFilter();
}
catch (Exception ex)
{
Console.WriteLine("Start filter service failed with error:" + ex.Message);
}
}
}
}