Secure Cloud Data with EaseFilter SDK

Download CloudTier Storage Tiering SDK Setup File
Download CloudTier Storage Tiering SDK Zip File

Introduction

Cloud storage has gained significant popularity in recent years due to the many benefits offered over traditional data storage options. Cloud storage is a good option and can save you money, time and space. With the cloud-based storage services, you can access your data from anywhere with the internet connection. However, the security threats are the concern for the most organizations to use the cloud storage. With EaseFilter Transparent File Encryption SDK it enables you to encrypt your files with the digital rights management before you upload to the cloud storage, it can prevent your files from being unauthorized accessed, and you will know who accessed your files, and when and where the files were accessed.

How to Secure Your Cloud Data?

Nowadays more and more companies store their files, images and videos to the cloud storage that are not under your control. Is your data safe in these cloud storages? You might wonder how vulnerable your data is to the cyberthieves. How to ensure that only authorized personnel such as you and your employees have access to the documents and files stored in the cloud? How to protect your sensitive data against the data breach? The solution to secure your data in the cloud is to encrypt your files in the client side, store your encryption key in your center server. If you want to access the file downloaded from the cloud storage, you need to get the encryption key from the center server to decrypt the encrypted file.

End-To-End Client-Side File Encryption

End-to-end encryption means that files are encrypted at the sender and only decrypted at the intended recipient. End-to-end client-side encryption is the best solution to secure your files in the cloud storage. With the end-to-end encryption, the data was kept with encrypted form in the transit of sender to the cloud server and cloud server to the recipient, your files were encrypted in the cloud server, the files were decrypted only by the authorized users or processes access your files. With the end-to-end client-side encryption, your encryption key and control information were stored in your own center server. Therefore, there is no possibility to decrypt the files on the server itself. This means that no third party, not even the cloud operator, has access to the stored data.

encryption on the go

Transparent file encryption

EaseFilter Transparent File System Encryption Filter Driver provides you the encryption at rest with 256 bit military-grade Advanced Encryption Standard (AES) algorithm. A transparent encryption filter driver will integrate the encryption or decryption in the read or write IO process in the file system level, without the extra IO it can improve your encryption performance dramatically. With the file system level auto encryption, your application doesn't need to interfere the encryption or decryption process.

File access control to the encrypted files

With the encryption file system filter driver running, it can detect the user identity when the user accesses the encrypted file, you will get the user name and process name, based on this information, you can authorize the file access, or deny the user or process to access your sensitive files.

Secure file sharing with digital rights management

EaseFilter encrypts files with the digital rights management embedded, the digital rights management meta data was stored in your own server, the encrypted files can be uploaded to cloud storage, shared to other users securely, and you can share your encrypted files with fully control. You can grant, revoke or expire the file access at any time, even after the file has been shared. You can add or remove the authorized users, processes and computers at any time. Your application can seamlessly access the encrypted file without any change.

secure sharing with DRM

Keep tracking and auditing to the shared files

With the complete file access live tracking report, you can monitor who, when and where files are being accessed with the user and process information, computer identities and geo-location, also know all the unauthorized user information when unauthorized attempts are made and you can proactively block data leakage.

A C# Auto File Encryption Example Using EaseFilter Transparent File Encryption Filter Driver SDK

The following example is a simple C# console application, in this application, you can implement the following features:

  1. Setup an auto encryption folder, all new created files in this folder will be encrypted automatically, the encrypted file will be decrypted automatically when the users from the whitelist access the files, it won't be decrypted when the users from the blacklist access the file, they will get the raw encrypted data.
  2. Setup an auto encryption folder, all new created files in this folder will be automatically encrypted, all processes will get the raw encrypted data when they read the encrypted files, so you can secure upload or share these files to the cloud.
  3. Setup encryption on the go folder, files are not encrypted in this folder, the file will be encrypted automatically in memory when the user from the blacklist access the files. So you can add the processes to the blacklist if you want to secure share the files for these processes.
  
using System;
using EaseFilter.FilterControl;

namespace AutoFileEncryption
{
    class Program
    {
        static FilterControl filterControl = new FilterControl();

        static void Main(string[] args)
        {
            string lastError = string.Empty;
            string licenseKey = "Email us to request a trial key: info@easefilter.com";

            FilterAPI.FilterType filterType = FilterAPI.FilterType.CONTROL_FILTER
			| FilterAPI.FilterType.ENCRYPTION_FILTER | FilterAPI.FilterType.PROCESS_FILTER;
            int serviceThreads = 5;
            int connectionTimeOut = 10; //seconds

            try
            {
                //copy the right Dlls to the current folder.
                Utils.CopyOSPlatformDependentFiles(ref lastError);

                if (!filterControl.StartFilter(filterType, serviceThreads, connectionTimeOut, licenseKey, ref lastError))
                {
                    Console.WriteLine("Start Filter Service failed with error:" + lastError);
                    return;
                }
                        
                //setup a file filter rule for folder encryptFolder
                string encryptFolder = "c:\\encryptFolder\\*";
                FileFilter fileFilter = new FileFilter(encryptFolder);

                //enable the encryption for the filter rule.
                fileFilter.EnableEncryption = true;

                //get the 256bits encryption key with the passphrase
                string passPhrase = "mypassword";
                fileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);

                //disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
                fileFilter.EnableReadEncryptedData = false;

                //setup the authorized processes to decrypt the encrypted files.
                string authorizedProcessesForEncryptFolder = "notepad.exe;wordpad.exe";

                string[] processNames = authorizedProcessesForEncryptFolder.Split(new char[] { ';' });
                if (processNames.Length > 0)
                {
                    foreach (string processName in processNames)
                    {
                        if (processName.Trim().Length > 0)
                        {
                            //authorized the process with the read encrytped data right.
                            fileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
                        }
                    }
                }

                //setup the authorized users to decrypt the encrypted files.
                string authorizedUsersForEncryptFolder = "domainName\\user1";

                if (!string.IsNullOrEmpty(authorizedUsersForEncryptFolder) && !authorizedUsersForEncryptFolder.Equals("*"))
                {
                    string[] userNames = authorizedUsersForEncryptFolder.Split(new char[] { ';' });
                    if (userNames.Length > 0)
                    {
                        foreach (string userName in userNames)
                        {
                            if (userName.Trim().Length > 0)
                            {
                                //authorized the user with the read encrypted data right.
                                fileFilter.userAccessRightList.Add(userName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
                            }
                        }
                    }

                    if (fileFilter.userAccessRightList.Count > 0)
                    {
                        //set black list for all other users except the white list users.
                        uint accessFlag = FilterAPI.ALLOW_MAX_RIGHT_ACCESS & ~(uint)FilterAPI.AccessFlag.ALLOW_READ_ENCRYPTED_FILES;
                        //disable the decryption right, read the raw encrypted data for all except the authorized users.
                        fileFilter.userAccessRightList.Add("*", accessFlag);
                    }
                }

                //add the encryption file filter rule to the filter control
                filterControl.AddFilter(fileFilter);

                //setup a file filter rule for folder decryptFolder
                string decryptFolder = "c:\\decryptFolder\\*";                
                FileFilter decryptFileFilter = new FileFilter(decryptFolder);

                //enable the encryption for the filter rule.
                decryptFileFilter.EnableEncryption = true;

                //get the 256bits encryption key with the passphrase
                decryptFileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);

                //don't encrypt the new created file in the folder.
                decryptFileFilter.EnableEncryptNewFile = false;

                //disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
                decryptFileFilter.EnableReadEncryptedData = false;

                //setup authorized processes to decrypt the encrypted files.
                string authorizedProcessesForDecryptFolder = "notepad.exe;wordpad.exe";

                processNames = authorizedProcessesForDecryptFolder.Split(new char[] { ';' });
                if (processNames.Length > 0)
                {
                    foreach (string processName in processNames)
                    {
                        if (processName.Trim().Length > 0)
                        {
                            //authorized the process with the read encrypted data right.
                            decryptFileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
                        }
                    }
                }

                filterControl.AddFilter(decryptFileFilter);

                if (!filterControl.SendConfigSettingsToFilter(ref lastError))
                {
                    Console.WriteLine("SendConfigSettingsToFilter failed." + lastError);
                    return;
                }

                Console.WriteLine("Start filter service succeeded.");

                // Wait for the user to quit the program.
                Console.WriteLine("Press 'q' to quit the sample.");
                while (Console.Read() != 'q') ;

                filterControl.StopFilter();

            }
            catch (Exception ex)
            {
                Console.WriteLine("Start filter service failed with error:" + ex.Message);
            }

        }

    }
}