Vaultize Cloud Technical Details

Vaultize – Quick View

Enterprise Platform for Secure File Sharing (EFSS) and Anywhere Access with:

•  Mobile Content Management (MCM) •  Data Protection •  Data Loss Prevention (DLP) •  Mobile Device Management (MDM) feaures

‘Innovation Leadership in Enterprise File Sync and Share (EFSS)’ – 2013

‘Innovation Leadership in Enterprise Mobility Security’ - 2014

Vaultize, What it is…

Enterprise Platform for Enabling Secure Sharing, Anywhere Access and Mobile Collaboration

with End-to-End Data Security

and Flexible Deployment Options

Enables a variety of solutions: File Sharing & Sync, Managed Data Mobility, BYOD, Secure Anywhere Access, Data Loss Protection, …

VPN not required

Choice of Appliance, On-premise, Private Cloud or Public Cloud – All highly scalable and available

How Vaultize Differentiates Why Vaultize? Part I

Large enterprises including those in regulated and security conscious verticals across the globe trust Vaultize

Unmatched End-to-end Security •  Encryption and de-duplication together at source (on user devices) for on-

transit data, - patent pending technology •  The most secure and efficient solution – VPN-free •  Others either perform encryption at or de-duplication on user device (and not

both) – compromising either security or efficiency

Privacy and Compliance •  Corporate IT can own and manage keys - Data Privacy Option (DPO)

o  Regulatory compliance (data residency or data sovereignty) o  Data in-transit and while stored in the cloud/server is risk-free (Complete privacy) o  No risk of the vendor giving out your data to authorities without your consent

(Subpoena)

How Vaultize Differentiates Why Vaultize? Part II

Enterprise Platform •  Architected from the ground up as an enterprise platform •  Complete end-to-end regulator-level enhanced security and privacy •  Competitors are built as point products

Complete Administrative Control and Visibility •  Devices can be fenced off, features disabled, or contents securely wiped

out, if the users go beyond a pre-defined geography or IP range •  MCM controls - copy/paste, printing and emailing

How Vaultize Differentiates Why Vaultize? Part III

Efficiency – Optimized for Mobility •  VPN-free

o  builds a secure channel using patent-pending at-source encryption technology, SSL and OAuth-based authorization

•  Global content-aware de-duplication o  as high as 90% reduction in network bandwidth

Flexible Deployment Options •  Cloud-in-a-Box - Appliance •  Private Cloud – Software Only

o  Perpetual License o  Annual Subscription

•  Public Cloud - SaaS

Vaultize Architectural Components

•  This presentation covers Vaultize Public Cloud hosted on Amazon Web Services

•  Private cloud deployments follow a similar architecture •  Vaultize Cloud

•  Load Balancers •  API (REST) Servers •  Meta-data (Database) Servers •  Content Store (Amazon S3) •  WebUI Servers

•  Client Components •  Vaultize Agent (Windows, Mac, Linux) •  Vaultize Apps (iOS, Android)

•  Centralized Web-based Administration •  Web GUI

Architectural Components

Copyright © 2011-14 Vaultize Technologies. All Rights Reserved.

Content Store

Vaultize Clients

API Load Balancers

WebUI Load Balancers

API Servers

WebUI Servers

Meta-data Servers

SSL + Oauth

HTTPS Encryption

De-duplication Compression

Versioning

Vaultize Load Balancers

•  Ensures high availability & responsiveness of servers •  Routes traffic to API and WebUI servers (separate LBs)

•  Weighted least connections algorithm

•  Health check of servers •  HTTPS monitoring •  Application-level monitoring

Vaultize API Server s (1)

  Vaultize API servers expose a JSON-based REST-ful API   Stateless servers – load balancing is easy

  Clients make secure API calls to server   Using HTTPS – 256-bit SSL

  Each API call has to be authorized using Oauth   Unauthorized calls rejected, but recorded   Repeated unauthorized calls result in investigation and/or ban

  Server platform   Typically virtual machine based   Multiple NICs   Stateless, so storage could be normal disks   Firewalled to allow only API traffic   Customized and hardened CentOS 6.x   Continuously auto-monitored (see next slide)

Vaultize API Server s (2)

  Web server is nginx   Lightweight, high-performance and robust

  Application server is in web.py framework   Interaction with nginx using WSGI   Some modules are in pure C for performance reasons

  Monitoring & Statistics   Internal - using monit, cron scripts etc.   External - using health monitor in Load Balancers and other

servers   Third-party - using partner services   Also used for automatic load handling (see below)

  Dynamic load handling and provisioning   Additional servers provisioned when load increases   Bad servers restarted   Amazon Cloudwatch in AWS

Vaultize Database Servers

  Vaultize meta-data is stored in MongoDB   Scalable & high performance “document” database   Built-in replication and high availability   Auto-sharding for load balancing

  Cluster of database servers   Servers added as database grows   Each server in a 3-way replica set   Periodically backed up

Vaultize Content Store

  Data chunks are stored in Amazon S3 in public cloud   Additional encryption using Vaultize secret keys before storing

  High-performance online storage (increase on-demand)

  Redundant (minimum 3-way) storage   At-least 3 different devices across multiple zones

  Support for Azure Block Storage, Rackspace CloudFiles and file systems too

Vaultize Cloud Web UI

  Web-based UI servers o  Powerful administration interface o  Simple end-user UI for accessing and sharing their data

  System & hardware configuration similar to API servers   Pages are standards-compliant

  Generated using Mako Templating Engine   HTML,CSS and JavaScript (jQuery)

  Tested/debugged using Firebug, Google Page Speed, etc.   Some pages use AJAX

  E.g. Files Browser, validations   Data exchanges in JSON (and not XML)

Vaultize Client Components

  Vaultize Agent   Talks to API Servers over HTTPS and Oauth   Maintains access rights and restrictions   Keeps device in sync for configuration, policies etc.   Performs encryption, smart de-duplication, versioning and

compression   256-bit AES encryption at source (on client device itself) using unique

customer keys   Chunking is variable-sized using sliding window technique   Signatures are HMAC (SHA-256) keyed using unique customer tokens   Compression using zlib

  Predictive Caching (for instant restore of important data)   Monitors changes to data under sync, collaboration, sharing   Book keeping done using SQLite

  Platform Independent   Written in Python and pure C   Windows, Mac and Linux

Vaultize Compatibility

  Works on laptops, desktops and servers

  Supported on Windows (XP SP2 onwards), Mac and Linux

  iOS and Android Apps

Vaultize Solution Details

Vaultize Solutions Secure Enterprise File Sharing & Sync (EFSS)

Sharing using secure links •  Easy sharing with outside party •  No FTP sites or email attachments •  Passwords, auto expiry, notifications •  Online document viewer – control download/printing etc. •  Geo, IP and time based access control

Outlook Plug-in •  Replace attachments with secure link •  Policy-based – size of attachments, recipients, sender, etc. •  Monitoring, Revoking

Group sharing – with individual access rights

Sync data anywhere, selectively

Automatic versioning

Vaultize Solutions VPN-free Secure Anywhere Access (File Server Access)

•  Securely access File Servers and NAS from anywhere

•  Access with CIFS semantics

•  Pass-through Mode – secure relaying of files

•  Access control on server •  Geo, IP, time based

•  No VPN required!

•  Support for SharePoint and other repositories coming soon

Vaultize Solutions Mobile Content Management (MCM)

Challenges with Mobile Device Management (MDM) •  Complex •  Costly •  Heavy handed – controls device (privacy intrusion)

Vaultize Secures Corporate Contents through Mobile Content Management (MCM)

•  Control copy-paste, print, email, sharing with other apps, etc. •  Built-in document editor – MS office and PDF annotation

Mobile Data Containerization •  Corporate data in secure container •  Segregate corporate data from personal data •  Encryption and remote wiping of container •  Auto-wiping based on Geo, IP, time-expiry

Vaultize Solutions Data Protection (Endpoint Backup)

  Protection policies to automatically backup files and folders Group-based policies

•  Powerful Exclude and Include filters

  Efficient backup of endpoints over WAN without VPN •  Smart De-duplication saves up to 90% bandwidth

  Continuous or Scheduled backup with pause and resume   Web and Mobile access   Self-restore

•  a version, a folder or a point in time copy and move all data from an old device to a new device

  Support for open files (including Outlook PST) •  Optimized backup of large size PST

Vaultize Solutions Google Apps

Backup Google Apps Accounts – Emails and Documents •  Secure Google Apps data (emails/documents) from malicious

destruction, hacking, user/software errors •  Automatic Backup •  Backup once-a-day (default) or as scheduled •  Retention Policy •  Super saving (de-dup across endpoints + Google Apps)

Easy Download •  Download/restore a mail, document or a complete account

Migration •  Migrate accounts within a domain or across domains

Vaultize Solutions Data Loss Prevention (DLP)

Endpoint Encryption •  Policy-based on files and folders on user devices •  Transparent to users •  Selective - more efficient than full disk encryption which is •  Leverages time-proven technology of

Windows Encrypting File System (EFS)

Tracking •  Geo tracking - IP addresses and geo-locations

Wiping •  Secure remote wiping of data in case of device loss or user leaving the

organization •  Policy-based automatic wiping if device leaves a pre-defined geography or IP

range (Geo fencing) •  Military-grade techniques •  Selective wiping of files and folders based on patterns and types

Selective encryption and wiping make it very easy to do BYOD through data containerization

Vaultize Solutions Data Privacy Option (DPO)

Compliance of Data Privacy, Data Residency and Data Protection Regulations

No Need of Any Special Hardware On-Premise (like Gateway Appliances)

Enterprise Customer Retains the Full Control Over Encryption Keys

•  Keys are never stored on any infrastructure not under enterprise control •  Data is secured while in motion and at rest in the cloud •  Ability to access data remains solely with the customer

Vaultize is the only solution that provides this option •  Other solutions encrypt data at server

Enterprise-class Administration

Administrative Controls •  Manage company-wide policies, settings and data •  User provisioning – Active Directory, LDAP or Google Apps

based •  Push policies from a centralized place •  Authentication and SSO using AD and LDAP •  Privacy

Quick and Easy Deployment Across Organization •  Active Directory GPO based push installation •  AD and LDAP authentication support

Reporting and Dashboard

Monitoring, Audit Trail and Alerts

Flexible Deployment Options

Cloud-in-a-box Appliance •  Fully integrated hardware + software – “plug and play” •  Support for HA and DR •  Licensed by number of users and storage capacity

On premise / Private Cloud •  Vaultize software on customer’s hardware or private cloud •  Single or Multi-server •  HA, DR and large scale cloud •  Flexibility to choose storage (DAS, SAN, NAS, Cloud Storage) •  Option of Perpetual license or Annual subscription •  Licensing based on number of users

Vaultize as a Hosted Service / Public Cloud •  Fully hosted - No hardware or software to manage •  Highly available, highly scalable and disaster proof •  Subscription based on users and storage capacity

How Vaultize Works in a Corporate Network

Agent-based

Agent-less

•  File Sharing & Sync •  Group sharing •  Sharing using links •  Auto Expiry •  Passwords

•  Mobility & Mobile Content Mgmt •  Anywhere Access

•  File Servers & NAS • Access Control

•  Geo, IP & time •  File/folder patterns

•  BYOD •  Data Loss Protection

•  Backup, Encryption •  Remote Wiping

•  Centralized Admin Console •  Reporting •  Monitoring •  Alerts

Mobiles

Intranet or

Internet

Versioning Encryption Dedupe MCM

NAS Roaming Devices

End-to-End Security (VPN not required)

Encryption At Source

Decryption At Destination

Fire

wal

l + V

PN

sales@vaultize.com

http://www.vaultize.com

THANK YOU!

Questions?