FileFlex: Zero Trust Data Access Because Ransomware Is Ultimately A Data Access Issue
More and more people are working from home these days. Nearly all of us are using personal devices at work. Most of us are no longer just consuming content - we’re creating it. Mobile technology and the growth of digital entertainment are dominating the digital landscape.
The result is that 64.2ZB of data was created or replicated in 2020, 80 percent of which is unstructured data. And the amount of digital data created between 2021 and 2025 is expected to be more than double the total amount of data created since digital storage was invented.
Unstructured data is messy. With workers constantly creating and saving documents across dozens (if not thousands) of data repositories, few companies have reliable organizational access to all of their files and folders. And most organizations use multiple data repositories simultaneously, including PC storage, multiple NAS drives, multiple cloud storage on Amazon, Azure, Box, Dropbox, Google Drive, and, most popular by far, SharePoint and OneDrive.
The Correlating Rise of Ransomware
While most organizations recognize the need to implement stronger security measures to protect critical and confidential enterprise data against cybercriminals, few appreciate the importance of approaching their unstructured data in a unified manner. The result - an increase in ransomware attacks with badly protected unstructured data being the main target of attack.
According to findings from a 2021 survey, 17 percent of organizations were hit with ransomware and 69 percent of those paid the ransom demanded of them. "Ransomware has reached a true crisis situation,” says cyber risk prevention expert Ed Dubrovsky, “and unstructured data is one of the main targets for ransomware attackers today.”
Because ransomware requires access to files and folders it is ultimately a data access issue. That means that you have to monitor and control user access to files and folders as much as possible. Products that employ a zero trust architecture can give you that capability. They provide the data-centric tools for this data-centric threat.
The Inflection to Zero Trust Architecture Based Security
With cybercrime damage costs growing by millions every year, security, based on Zero Trust Architecture (ZTA) is fast becoming preferred because of its superiority to the old-school perimeter defense model based on firewalls, anti-virus, OS updates and VPN access. With current perimeter-based defenses, once a network’s perimeter has been breached, a malicious actor can move laterally through the network to find high-value targets for ransomware. For example, the VPN is being phased out to the point that, according to Gartner, by 2023 60 percent of enterprises will move from VPN to Zero Trust Architecture for remote access. That equates to an inflection of $18B to Zero Trust Architecture within two years.
Security based on ZTA is built on the assumption that, notwithstanding best efforts, invaders can and will find their way into your network. It assumes that every person and/or machine behind the firewall is potentially malicious.
In keeping with this assumption, ZTA platforms are based on three requirements.
1)User Verification - First, they require user verification every time auser requests access. This can apply to devices as well. Like people, IT can force verification of all devices before they’re granted access.
2)Micro-segmentation - Second, using a process called micro-segmentation, ZTA security-based platforms set smaller policy-based limited trust zones. They can be based on your current LDAP or AD policies or the IT administrator can set policies to determine who can and cannot access which micro-segments.
3)Least-Privilege Access - Third, they employ least privilege access. The network is dark to the user. They can only access the segments that they need.
Different Types of ZTA Platforms
There are three types of security platforms based on a Zero Trust Architecture.
1) Zero Trust Network Access – Zero Trust Network Access (ZTNA) platforms authenticate users and then allow them authorized access to a network segment or network device. Once they have access to that segment, they can access all applications and data on any server on that network segment.
3)Zero Trust Data Access – Zero Trust Data Access (ZTDA) platforms authenticate users and then provide those users with authorized access to micro-segmented files and folders. That access includes sharing, collaboration and file management.
Different ZTA Platforms have Different Trust Zone Micro- Segmentations
Another way to look at security platforms based on a Zero Trust Architecture is by looking at the trust zones that they microsegment down to.
1)Perimeter-Based Security – Traditional perimeter-based security has a large implicit trust zone – essentially anything behind the firewall. This is accessed remotely via a VPN.
2)Zero Trust Network Access / Zero Trust Application Access – ZTNA and ZTAA based platforms micro-segment the trust zone down to either a network segment or device (ZTNA) or to an application (ZTAA). Access outside of the permitted network segment or application is not permitted.
3)Zero Trust Data Access – ZTDA-based platforms micro-segment down to the smallest implicit trust zone possible – to the file and folder level. Access outside of the permitted files and folders is not permitted.
Use ZTDA to Protect The Entire IT Infrastructure
Different ZTA platforms perform different functions. Zero Trust Network Access (ZTNA) platforms, for example, help protect your network, while Zero Trust Application Access (ZTAA) platforms help protect your applications. These two ZTA platforms offer a far greater level of security than the perimeter-based model, however, since ransomware is ultimately a data access issue, the use of a ZTDA platform is strongly recommended. That is because a ZTDA platform uses the micro-segmentation process to keep the connection between users and your data secure. A ZTDA platform controls who and what data can be accessed to mitigate unauthorized access to your company infrastructure. And since all users must be authenticated and all access is controlled by a zero trust policy engine, you have a complete log of all actions. This can then be used for investigation and/or to provide alerts to suspicious activity.
Currently, FileFlex Enterprise is the only ZTDA platform available and is our recommended solution. FileFlex Enterprise is a native Windows overlay service that blankets your organization with zero trust remote data access. It protects remote workforce data access from anywhere in the world to mitigate ransomware.
A ZTDA platform controls who and what data can be accessed to mitigate unauthorized access to your company infrastructure
FileFlex integrates seamlessly into Windows applications at the native driver level. This makes it a plug-and-play remote data access solution for anyone using Office 365, Adobe and AutoCAD and other Windows applications. Users can remotely access data using zero trust without the need for a VPN.
Windows integration allows access to remote files as though they were on their local PC. No change in user workflow. No learning curve. Windows users easily share and collaborate files withoutduplication—reducing costs and increasing data security.
FileFlex scales to thousands with ease and provides least-privilege access and micro-segmentation controls to remote data access protecting your corporate data against malicious actors.
With Zero Trust architecture from the ground up, IT is in full control. Every data request is allowed or disallowed against corporate access policies including LDAP and Active Directory and most leading technology and Identity Management providers.
Understanding the Zero Trust Architecture FileFlex Enterprise has a unique patented architecture designed to:
1. Protect the confidentiality of sensitive information by providing access to data without providing access to the organization’s network infrastructure;
2. Provide IT the tools they need to control file-sharing;
3. Protect the transfer of information;
“FileFlex helps mitigate ransomware by facilitating untethered access to unstructured data”
4. Allow for only authorized access to content; and
5. Protect user credentials.
The FileFlex Enterprise solution is comprised of 3 main components. All 3 components are required in order to make the solution work. The 3 components are:
1) FileFlex Enterprise server (and PKI server);
2) FileFlex Enterprise Connector Agent; and the
3) FileFlex Enterprise Client App
The diagram below outlines a high-level architecture of the overall solution and a logical view of the interaction between the broader 3 main components of the system.
The FileFlex Enterprise Server
The FileFlex Enterprise Server is a public-facing server that is accessible on the internet and provides access to the service. The server manages access rights to the service by validation and authentication and acts as a relay service between the authenticated users and the content sources that they have rights to access.
The FileFlex Enterprise Connector Agent
The FileFlex connector agent is a software-only component that runs on a device located on the corporate infrastructure behind the corporate firewall. The connector agent can access any device or storage located on the same infrastructure, on behalf of the user using the local permissions of the user. The main purpose of the connector agent is to perform the requested task (access, relay and manipulate data) located on the same infrastructure, on behalf of a user as if the user were physically present on that infrastructure.
The connector agent is what provides access to the entire hybrid- IT infrastructure. Users can have controlled access to on-premises storage, cloud-hosted storage, SharePoint or public clouds.
The FileFlex Enterprise Client App
The FileFlex Enterprise client app provides a mechanism for the user to access, browse, manipulate and share any content from a single dashboard. The FileFlex Enterprise app works in conjunction with the FileFlex server to allow the user to perform these actions securely with assigned privileges and enforce permission activities such as download, view-only, edit, and upload.
For Windows users, FileFlex Enterprise is integrated into the OS at the driver level. There are separate clients for Mac, iOS and Android as well as a web client that can be used from any browser.
What makes Fileflex Enterprise Different?
1) It is the first and only remote data access and sharing platform built from the ground up to be zero trust compliant.
2) It is the first and only platform that brings remote access and sharing to an entire IT infrastructure of on-premises, cloud-hosted and SharePoint unstructured data storage and puts it under a single-pane-of-glass.
3) It is the first and only platform integrated into Windows at the driver level. Windows integration allows remote access, sharing and collaboration of files as though they were on their local PC.
According to Dubrovsky, “FileFlex helps mitigate ransomware by facilitating untethered access to unstructured data.” Referring specifically to FileFlex Enterprise as a Zero Trust Data Access (ZTDA) platform, he explains: “It brings a new order to the chaos of unstructured data access across B2B and B2C scenarios.”