jamespetts

Personal cloud for confidential documents

Recommended Posts

I should be grateful for any ideas that people may have about a suitable solution to my professional IT requirements. I am a barrister (a type of lawyer in England and Wales), who, as is traditional in the English legal profession, is self-employed, but works from a set of chambers (offices) in which certain facilities are shared. I have recently moved to a different set of chambers with a different IT setup. Previously, I had access to a(n excruciatingly slow) Windows based server on which to store documents: I could access them at home by a remote desktop connexion or remote file access or in chambers by using a number of aeging Windows PCs dotted about and available for general use. I have an Android tablet, but could not access my files on that device from my old chambers' Windows servers in spite of installing various SMB type applications.

My new chambers is more of a BYOD environment, and it does not have the central Windows file server (I think) available to members. I briefly looked into services such as DropBox (which would work on my home desktop and Android tablet), but there are issues as to whether using a service such as that for client confidential documents is compatible with the Data Protection Act 1998 because of the difficulty in ensuring and veryfying that the third party provider is complying with the data protection principles.

An alternative might well be one of these new personal cloud NAS devices: that would mean that I could put one of these at home and access it from my home computer and from my tablet or smartphone. I could also use it for personal documents (so that I could store my recipes on it, for instance, and access them from my tablet in the kitchen). However, just how secure are they? I have read about some security trouble with ASUS personal cloud devices recently.

Also, how do personal cloud devices work with offline storage? If I were at court, for instance, and had no good mobile signal, do any of these personal cloud devices make it easy to set up a system whereby recently accessed documents are duplicated on my Android tablet's internal memory, but ones not accessed recently are not so as not to fill the entire tablet's memory with old documents?

A further complication is encryption. I have encrypted my Android tablet, but how easy is it to encrypt files stored on a personal cloud device so as to be able to be compatible with and decrypted by both an Android tablet and a Windows (and possibly Linux) desktop?

Backup is another issue: how easy is it to back up an encrypted set of files? I know that Windows encrypted folders have an issue with backup in that, if the OS itself becomes corrupted and has to be reinstalled (catastrophic hardware failure, for instance), the encryption keys are lost forever, and the backups of the encrypted files are useless. Is there a system of encryption that does not have this disadvantage? What is the best way to backup files stored on a personal cloud in any event; how would such a backup system potentially interact with my existing backup system (the "Oops!" backup that goes with my now somewhat old WD NAS backup drive)?

I should be most grateful for any thoughts on these issues.

Share this post


Link to post
Share on other sites

One option that I found was a cloud service provider Wuala. We use it for some church documents and everything stays encrypted until unlocked. We are looking for free or low cost options since they are changing their pricing model. Good service though.

Sent from my Nexus 7 using Tapatalk

Share this post


Link to post
Share on other sites

Wuala appears to be based in Switzerland, which is outside the EU. Do you know whether it is covered by the "safe harbour" scheme for data proection? If not, I am afraid that storing personal data on it is quite out of the question.

Share this post


Link to post
Share on other sites

I am not sure, you will have to contact the company directly. I don't have anything that required a high level of protection, it was nice to have. I try to never store private information.

Share this post


Link to post
Share on other sites

I have looked into this now in some detail. The "safe harbor" scheme only applies to the US, and the EU maintains a list of countries, including Switzerland, to which it is satisfied that personal data may be exported without breaching the 8th data protection principle.

It also fares much better than Dropbox for the 7th data protection principle, as all of its files are encrypted, so that not even its own employees can access them. However, the Wuala service is unsuitable because it offers no means of automatically synchronsing folders on an Android device with its cloud.

I am looking into personal cloud storage, which means that I can manage the system myself. Asus's AiCloud looks interesting: it allows folder sync with Android and comes with the router that I am thinking of buying, meaning that I should only need a USB3 drive to complete the setup. However, it, and other personal cloud servers like it, do not come with a means of encrypting files. Does anyone know of a sensible means of encrypting files that works on Windows, Linux and Android where the encryption can be unlocked with a password or similar so that backups of the encrypted data are safe from being rendered useless by the destruction of encryption keys?

Share this post


Link to post
Share on other sites

I wonder if you'd be better off with something like EMC's Syncplicity or the lower cost Barracuda version called Copy. The latter would be something you could run on local hardware from Barracuda. You can do the same thing with Syncplicity but of course the EMC arrays are a tad more expensive. Synology and QNAP as you noted offer this type of access too, but it's not nearly as refined.

Share this post


Link to post
Share on other sites

I don't think that I could install ownCloud (at least, not easily) on an NAS, could I? In any event, there seem to be lots of reports of quite serious problems in the Play Store reviews. Synplicity is located in the US, and is not on the Safe Harbor list, and likewise Barracuda.

Edit: I did not initially register the reference to QNAP, which I have now been researching. It seems to rely on DDNS, which relies on QNAP itself being around indefinitely, although I suppose that it is at least free. Can it work with a static IP, as I will have when my fibre broadband is activated? Does anyone know whether it can be mounted from a Linux desktop not connected to the same local network (assuming a static IP configuration); and how would mounting using NFS or SAMBA work with encryption?

Edit 2: Having looked into this further, one possible solution is to combine DropBox with Viivo encryption software. I have set up the free versions of both of those with the aim of trying them to see how good that they are. The only trouble is that, whilst DropBox has a Linux client, Viivo does not, and I need to be able to access my files from a Linux machine occasionally. Does anyone know whether Viivo works under Wine?

Edited by jamespetts

Share this post


Link to post
Share on other sites

Probably not. Reason I think propiarity nas are a joke. Play their rules or no game. Limited, can't expand..

I built my own nas to get around your headache.

Debian, 6 core amd, 16gb, 8 onboard sata plus 3 $35 4port express cards. 20 sata ports, so 20 3tb barracudas in raid6 via mdadm. $20 atx case.

54tb, plex/nfs/samba, and on the net I play owncloud, or sshfs for a quick single session if I need something mounted instead of a scp or rsynch via ssh.

Weird to be riding in the car, laptop, tethered free via rooted smartphone, and mount a 54tb volume..... :D

Sent from my rooted HTC Supersonic using Tapatalk 2 Pro

Share this post


Link to post
Share on other sites

I'm afraid that I don't really have the time to build and, more importantly, maintain my own NAS, especially with the highly uncertain robustness of ownCloud. I have had many problems in the past with slightly unusual things on Linux, such as DAB receivers, where there was simply no way of getting it to work, and searches for the problem found a handful of uses posting the same issue and no solutions ever. For professional use, I need something quite certain to work reliably. There is also the issue of power consumption if one is building an "NAS" (actually, a fully fledged desktop server) using standard PC components.

I looked into Dropbox with Viivo encryption, but found that it will not encrypt (only decrypt) on Android, which is quite useless to me. Does anyone know whether QNAP has folder sync so that I can access my files offline from Android, and those files will then automatically sync to the NAS, and whether it will allow syncing to an SD card on the Android device?

Edit: Has anyone tried Foldersync on the Android? It seems to allow syncing of folders with an FTP account, which could be set up on one's personal NAS at home.

Edited by jamespetts

Share this post


Link to post
Share on other sites

Disclaimer: I don't know how what I'm going to suggest works with Android or Linux, but under Win it would solve all your problems (as far as I know).

It's actually relatively simple and similar to the "Dropbox with Viivo" approach you've already looked at. I'm bringing it up because it works very well for me and might be better than those. I'm using "Cloudfogger" to encrypt my files before they go into the cloud. It works with different platforms, is bound to an account (the key won't get lost unless you loose the login), doesn't interfere with local copies (if the cloud allows them) and is transparent on the local machine. A drawback: logging in online you only see encrypted files (just as the provider and NSA do). I'm using it mostly together with OneDrive on my PC and laptop and am happy that I don't have to bother with "exotic" OS's.

MrS

Share this post


Link to post
Share on other sites

Then spend as much money as possible, then you'll know it'll work. And you won't worry if it doesn't, because it can't.

Simple!

Sent from my rooted HTC Supersonic using Tapatalk 2 Pro

Share this post


Link to post
Share on other sites

James,

Just checked the Google store, there is a Wuala app to get to your data and is also cross platform.

I have a lot of my documents store in dropbox behind Truecrypt, that works somewhat and is platform agnostic.

Share this post


Link to post
Share on other sites

Thank you for your suggestions. Unfortunately, both Wuala and Cloudfogger provide only decryption, not encryption, on Android, meaning that there is no way for me to save encrypted files to my Dropbox account from there. I had looked into both of these already and rejected them for that reason.

Share this post


Link to post
Share on other sites

I know this is an older thread, but I think just a simple Synology unit would solve your issues.

By now, I suppose you've got this sorted out. Can you share how you chose to do it?

Share this post


Link to post
Share on other sites

I have not, in fact, solved this issue yet, but I was considering the QNAP/Synology route. Is there any reason in particular that you recommend Synology over QNAP?

Share this post


Link to post
Share on other sites

I have not, in fact, solved this issue yet, but I was considering the QNAP/Synology route. Is there any reason in particular that you recommend Synology over QNAP?

Well, I have to be careful not to speak too highly Synology when I haven't used QNAP. I know QNAP has an outstanding reputation too. But, for my needs Synology has been stellar. They have excellent on-disk encryption support and have apps for Android, iOS, etc... there's a very effective Web client that works nicely on the Linux boxes I've tried it from. Plus support for all the file sharing protocols you can imagine. Connectivity won't be a problem.

Regarding offline access to files, Synology allows you to create offline copies of folders using their app called DS File. I've used it on iOS and it works fine. It doesn't have the automatic deletion of old stuff you were asking for, but if you don't mind a little manual management, it'll do the job.

On backups, you've got a few options. With an existing WD NAS device, you can just schedule a backup job on the Synology and it will back up to the WD device. Also, it supports some nice cloud providers so you can (selectively) backup folders to the cloud, including built in support for encryption. I don't remember the name, but I know they have out of the box for a EU or UK based cloud provider. Might be all you need.

Perhaps someone more familiar with QNAP can comment on what their support is like. I expect it's probably quite similar to Synologys.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now