Thursday, July 13, 2017

TeamDrive against data loss and ransomware attacks

With our new Snapshot feature, called Point in Time Recovery (PiTR), TeamDrive presents a new security solution for cloud computing. 

In which cases PiTR can be useful?

During a ransomware attack company data are encrypted by cyber criminals. Access to the unencrypted data stock is only possible after the payment of a sum X. This can happen to any company at any time. WannaCry gives an impressive example of how fast even millions of companies face this scenario of helplessness. 

With our Point in Time Recovery there is always a copy of the data on the TeamDrive servers, which can be easily restored in the event of an incident. We also provide additional data security in case of an unintended loss of data such as by mistake or hardware crash.

How PiTR works in practice:

PiTR automatically creates a snapshot of the data stock over all computers connected to the service. Snapshots are generated every four hours. In the professional version the snapshots can be taken every 30 minutes. 

If a data loss or a ransomware attack occurs, so that the user can no longer access the data, the data backed up just hours earlier can be restored with a few simple steps. 

PiTR and TeamDrive service:

PiTR is kind of a fourth security level in our service. As the three first levels may be considered a complete end-to-end encryption, the zero-knowledge architecture and strict data retention exclusively in German data centers according to national data protection legislation.

All TeamDrive customers, using the TeamDrive Cloud storage, benefit from the new security feature, regardless of the client version which they use. The server side snapshots will be automatically created indepentently. Tweaking the solution, changing the pre-defined settings requires the latest TeamDrive 4.5.0 client.

Monday, May 15, 2017

"Trust in Cloud" seal for TeamDrive Sync and Share Services

We are delighted to have been presented with the 50th “Trust in Cloud” seal of quality at the Google Cloud Conference in Munich. The seal, which is awarded by the Cloud Ecosystem Association, confirms that our sync & share service adheres to all the cloud-based service guidelines that are of importance to German businesses. These guidelines cover areas such as German data protection legislation, security aspects, service level, contractual arrangements, and other quality criteria that play a crucial role during the selection of cloud solutions in Germany.

The seal is important because it helps German companies to make informed decisions when choosing which cloud services to use. Although TeamDrive sync and share services already always store all clients’ data, end to end encrypted, in accordance with Germany’s strict data protection requirements, the seal of quality provides additional confirmation of this from an impartial third party. It underlines that all Data is stored in Data Centers in the EU/Germany.

FrankTuerling (Cloud Ecosystem),   Detlef Schmuck (TeamDrive),   Folker Scholz (Cloud Assessment Center)
The new seal presented to us at the Google Conference is one of many independent awards we have received in recognition of the features and, above all, the security of our TeamDrive service. The Schleswig-Holstein Independent Center for Privacy Protection (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein – ULD) has been certifying our compliance with scrupulous German and European data protection regulations and security standards for years. Moreover, in a comparison of cloud-based sync & share services, the Diplomatic Council, a think tank that provides advisory services to the United Nations, recently confirmed that we offer the best levels of data protection out of the 12 solutions investigated.

Tuesday, April 4, 2017

TeamDrive named winner of the Diplomatic Council Cloud Sync&Share Services report 2017

TeamDrive is the winner of the DC Cloud Sync&Share Services report 2017 of the Diplomatic Council (DC), a global think tank in consultative status with the United Nations. 

Volker Oboda, Detlef Schmuck and Hang Nguyen Diplomatic Council
The report was compiled due to a growing demand for an impartial comparison of IT services that offer a secure and reliable means of exchanging data over the internet (the cloud). In particular, the apparent “rampant activities of the intelligence services”, the rise in cybercrime including industrial espionage, and the legal uncertainty surrounding some global data protection regulations have resulted in increasing requests for us to recommend individual services. According to the report, the German-based service TeamDrive is the most secure services. 

Three security criteria
Widely-used alternatives from US suppliers, such as Dropbox, Box, Google Drive or Microsoft One Drive, are expressly not recommended, because, according to the report, they “do not support significant security criteria such as end-to-end encryption, a zero knowledge system and hybrid data storage”. The Global Information Security Forum of the Diplomatic Council classifies these three security characteristics as particularly significant. End-to-end encryption ensures that data is not left unencrypted either during transfers or when stored on the Internet. A zero knowledge system means that even the supplier cannot decrypt the data and therefore cannot read it – not even if required to do so by a court order, for example. Hybrid data storage means that the user can choose the place of storage and apply additional classifications. Redundant storage and unchangeable version control ensure that no data is lost either through technical failures or as a result of attacks via the Internet. The relevant data can always be restored. The think tank’s report describes hybrid data storage as a “crucial criterion for selecting a cloud-based sync & share service”, in order to ensure that, even if data is lost in the cloud, this data still exists.

12 services compared
In total, the Diplomatic Council examined twelve cloud-based sync & share services for its investigation: Dropbox, Box, Google Drive, Microsoft One Drive for business, Spider Oak, Syncplicity, TeamDrive, SSP Europe, Telekom MagentaCloud, Strato HiDrive, Ctera Portal and Tresorit. As well as being the most secure services according to the report, TeamDrive and Secure Data Space are also credited by the think tank’s Global Information Security Forum for being the only service to receive the ULD Data Protection Seal of Approval from the Independent State Center for Data Protection. TeamDrive is the only service recommended by the German Lawyers Association (DAV) for professionals with confidentiality obligations, such as attorneys and notaries. In the opinion of the Security Forum of the Diplomatic Council, a service that meets this high standard is also worth recommending for industrial use.

Dr. Thomas Lapp, Chairman of the Global Information Security Forum of the Diplomatic Council says: “One would hope that the operators of all the services recognize the security defects in their services immediately and remedy them as swiftly as possible. A high level of security is in the interests of all stakeholders.”

Saturday, December 31, 2016

Season Greetings

Dear TeamDrive User,

the TeamDrive team wishes you a happy holiday season! Thank you for being with us this year and see you in 2017!

It has been a challenging year with ransome viruses and cyber attacks for many users and organizations. Thanks to TeamDrive all our customers where able to restore uncorrupted files whithout paying to criminals.

Our engineering team is absolute great and developed many new extensions for TeamDrive which you will see in the coming quarter.

Achievements in 2016 where TeamDrive 4 with a great UI improvement, an easy audit trail with notifications and faster and even more secure protocols to keep you content private and secure.

Our Enterprise customers gained a new TeamDrive WebClient, Inbox URL´s and a ton of added management and configuration settings to better organize and mange their teams.

Stay tuned for the upcoming releases in early 2017!

We wish you a happy New Year
Your TeamDrive Team

Friday, July 22, 2016

TeamDrive and G DATA announce strategic partnership for Secure Cloud Services

German IT security specialist G DATA Software AG and TeamDrive GmbH have concluded a wide-ranging partnership in the areas of data security and virus protection. Both companies will provide services from the Microsoft Cloud Germany. The partnership is aimed at acquiring new business customers, partners and consumers for Microsoft Cloud  Germany. Besides market development, the two companies are planning a technology cooperation. TeamDrive and G DATA presented the first insights into their collaboration at the Microsoft Worldwide Partner Conference in Toronto last week.

Data protection, data security and compliance are of critical importance in the era of progressive digitisation of all areas of life and work for private users and businesses. “Besides protection against malware attacks, backing up data is immensely important,” says Andreas Lüning, CTO of G DATA Software AG. “With Microsoft Cloud Germany, we can offer our customers a Cloud solution that is firstly aligned with the strict German data protection laws and secondly guarantees high security for the data backup.” Initially, integration of the TeamDrive Sync & Share software based on Microsoft Azure into G DATA solutions for private users is planned for the partnership. Additional cooperations in the B2B sector are envisaged.

End-to-end encryption and virus protection are indispensable
Consistent end-to-end encryption represents the core of the high TeamDrive security. The encryption processes and technologies used by TeamDrive offer secure protection against unauthorised access by third parties. “This means that TeamDrive can also be used in very sensitive areas such as healthcare in connection with patient data or by lawyers,” explains Volker Oboda, CEO of TeamDrive Systems GmbH. “Together with G DATA solutions, security on end devices and during data transfer is significantly increased.”

Microsoft Cloud Germany: Data stored securely in the German Cloud with German data trustee
Microsoft will provide the public cloud services Azure, Office 365 and Dynamics CRM in future also from German data centers. The Microsoft Cloud Germany is primarily aimed at organizations in data-sensitive industries, such as the public or the financial sector that are subject to particularly strict compliance guidelines: Data is exchanged between the two data centres in Magdeburg and Frankfurt am Main via a private network isolated from the Internet, guaranteeing retention of the data in Germany. T-Systems, a subsidiary of Deutsche Telekom, is the data trustee that controls access to customers' data. The services will be available in the second half of 2016 to customers in the 28 countries of the European Union and the four members of the European Free Trade Association.

Wednesday, December 30, 2015

Happy New Year

TeamDrive wishes its loyal customers and friends a peaceful Holiday Season and a Happy New Year.

In 2016 our team will continue to enhance the secure collaboration and file synchronisation solution TeamDrive EFFS.  We listend to our customers and we have a load of new features coming this year, which will make the work even more productive and keep it easy to use.

End to End encryption and our Zero Knowledge design will continue to stand out for enterprises, small businesses and private users.

We cannot make the world better, but we can provide tools which protect your privacy while enjoying the comfort of the internet!

We wish you a peaceful 2016

Friday, August 21, 2015

Wuala Cloud Storage Shutting Down

Wuala has announced they are shutting down their servers and closing their doors. The real question here is, why? Wuala emerged as one of the pioneer sync and share companies to provide secure cloud storage services. Some time ago they discontinued providing free clients and since then there have been many unanswered questions. Were they hacked? Was their owner, Seagate, forced by U.S. authorities to stay away from zero-knowledge services?

The demand for zero-knowledge cloud services is growing at an exponential rate and there are really only a few alternatives for business users to choose from. Many products promise security. Most lack full end-to-end encryption while others are simply too complicated to use in a team.

TeamDrive is well positioned as a new home for Wuala users. Albeit it is a zero-knowledge cloud service and provides complete end-to-end encryption, TeamDrive is the only supplier who delivers a free choice of servers. Customers have the flexibility to combine multiple servers at will. Private use of TeamDrive Professional clients is free for anyone. The clients themselves have zero restrictions, however, a fee is charged for cloud storage beyond 2 GB and support. In addition these clients support plain, vanilla WebDAV servers as an alternative storage provider to the TeamDrive cloud or other TeamDrive hosting servers. As a European service provider all encrypted data are, per default, stored in the EU. TeamDrive has been around since 2009 and all of its provided services have been audited and are recommended by the Independent Regional Centre for Data Protection of Schleswig-Holstein, Germany, (a German governmental agency, which focuses on privacy protection).

 Moving Data from Wuala to TeamDrive is a simple process.

 1.) Please download the content in your Wuala account and safely back it up to your device, as instructed on the Wuala website. The content will be stored in a folder structure on your hard drive.

 2.) Download and install the TeamDrive client and register a new account. 3.) Right-click on one the Wuala folders in your file system and use the context menu "Convert to Space" to convert the Wuala folder into a TeamDrive Space.

That’s it! Now you are all set. TeamDrive will now begin encrypting and uploading your data. You can now, also invite others to your new TeamDrive Space and share your data. You can also install a TeamDrive mobile client and access your files on the go. Accessing your data using your mobile device is also fully end-to-end encrypted, which is not the case with SpiderOak.

Thursday, June 18, 2015

German Lawyers Rely on TeamDrive

The German Lawyers Association (Deutscher Anwaltverein e.V. or DAV) represents roughly 68,000 lawyers and recommends the TeamDrive DAV solution to all of its members. The service is hosted in Germany and follows Germany's strict privacy protection regulations and laws.

The framework agreement between DAV, TeamDrive and Noris Network, as the technical partner, is intended to guarantee a consistent, efficient and legal solution. “Law firms and lawyers will have the certainty and comfort of not violating the interests of their clients when storing, synchronizing and sharing data and documents,” pledges TeamDrive CEO Volker Oboda. It is at all times ensured that confidential data are transmitted in encrypted form only and stored under specified conditions in a dedicated, high-security data center located in Germany.

The TeamDrive DAV solution is based on TeamDrive 4 technology; the data center operator, Noris Network, hosts an extremely flexible, robust and scalable server farm based on Ceph Object Store and includes load balancing and backup. The TeamDrive DAV solution was revealed at the 66th German Lawyer’s Day on June 11, 2015 and is now available for download from the DAV website.

Wednesday, February 25, 2015

Maintenance Update to prepare the TeamDrive 4 Launch in March

In preparation of our TeamDrive 4 Launch in March we do a Database Maintenance today Wednesday, 2015-02-25, 6:30-8:00am CET.

Sync of existing Spaces will continue to work.

During this time, the TeamDrive Registration Server won't be available for TeamDrive Clients or via the Administration Console. Running Clients will indicate that the Registration Server can not be reached (for example, the TeamDrive 3 Desktop Client has an LED-like indicator icon in the bottom right corner, which will turn from green to red in case the Registration Server cannot be reached).

During this time, the following Client operations will continue to work:
- Running Clients can still operate on their existing Spaces (e.g. adding/removing files, uploading new versions)
- Clients can create new Spaces and delete existing Spaces
- Creating Space invitations to users stored in the Client’s local addressbook

The following operations will be not be possible while the Registration Server is unavailable:

- Performing a login after having logged out of the TeamDrive Client
- Registration of a new device/Client
- Sending out Space Invitations to other users
- Changing the password or email address, requesting a temporary password
- Distributing comments on files via email
- Enabling/disabling the Key Repository

Once the maintenance work has been concluded and the Registration Server is reachable again, the Clients will proceed as normal and the notification icon will change from red to green again.

Wednesday, April 9, 2014

TeamDrive and the Heartbleed OpenSSL bug - Is my Data Secure?

In case you have not heard about it yet, a rather nasty security vulnerability in the Open Source cryptographic library OpenSSL has been discovered. Dubbed "Heartbleed", it can result in unwanted information disclosure on both ends of a communication channel that is encrypted with SSL/TLS (for more details, check the dedicated web site about this issue at

 How does this affect TeamDrive and your data?

The TeamDrive Client uses cryptographic functions provided by OpenSSL to perform local AES-256 encryption of your data before it is transmitted to a TeamDrive Server. Because the data has already been encrypted locally, the TeamDrive Client-Server communication does not establish an additional secure communication channel via SSL/TLS - this reduces the overhead and makes it easier to propagate data through proxy servers. Therefore we're not affected by this vulnerability here, as it only affects secure communication channels established via SSL/TLS.

However, there are two scenarios in which the TeamDrive Client establishes SSL connections:

  • If you need to access TeamDrive Spaces hosted on an SSL-enabled WebDAV server 
  • If you publish versions of a file on a TeamDrive Host Server that has SSL enabled for publishing (this requires a TeamDrive Professional Client license). Publishing via SSL is currently not enabled on the host servers of our public TeamDrive cloud, but may be enabled on TeamDrive Host Servers that you manage on your own premises.
 In both cases, the client will establish an SSL connection to the server, thus making it potentially vulnerable to this particular bug, if the server has been taken over by a malicious user. However, the server itself would have to be compromised beforehand and modified in such a way that it can be used to exploit this vulnerability. Simply running a server with an affected OpenSSL library does not automatically lead to any information disclosure here, but may provide a potential attack vector for gaining access to the server.
The TeamDrive Client's version of OpenSSL depends on the client version and platform. With the exception of Mac OS X and Windows, our Clients have been built against a bundled version of OpenSSL, which is currently at version 1.0.1 for the latest builds. We'll be releasing updated clients shortly to fix this bug.

By Lenz Grimmer

Tuesday, January 7, 2014

TeamDrive receives Amazon Partner Network Advance Technology Partner Status

by Volker Oboda, CEO TeamDrive

We are proud to announce that TeamDrive Systems received the status of Amazon Partner Network Advanced Technology Partner.

Amazon Partner Network Advanced Technology Partner logo

The entire TeamDrive team has worked hard to build and refine our secure and industry leading sync and share solution and this designation is an important milestone that reinforces our past and present achievements.

We also want to thank our numerous customers and users and are thankful for your continuing support. Your input helped us shaping and improving TeamDrive and made this possible.

For all those who have not used TeamDrive yet:
TeamDrive is a collaboration software and service to sync your files easily and securely with 256 bit AES end-to-end encryption using the TeamDrive cloud or your own server.

Download TeamDrive today and check out our web site for more information.

Tuesday, October 29, 2013

Die Geheimdienste haben uns verraten und verkauft!

Wie sollten sich Unternehmen in Zukunft verhalten?

von Volker Oboda, CEO TeamDrive

Kein Tag vergeht, an dem wir nicht mit neuen Horror Szenarien durch Edward Snowden informiert werden. Dabei geht es schon lange nicht mehr nur alleine um PRISM, Tempora oder XKeyscore. Es geht um die Willkür der Geheimdienste nach ihrem Ermessen zu entscheiden, was sie tun und lassen dürfen. Jeder von uns muss sich daher nun die Frage stellen, wie er in Zukunft mit dieser Bedrohung umgehen wird, die nicht von vermeintlich bösartigen Hackern ausgeht, sondern von denjenigen Einrichtungen, die den Auftrag erhalten haben uns zu schützen.

Unternehmen sind zum Handeln gezwungen

Neben Unternehmen, Behörden und anderweitigen Organisationen, die mit besonders sensiblen und personenbezogenen Daten arbeiten, ist jeder von uns im Besitz von kritischen Informationen die schützenswert sind. Angesichts der aktuellen Spionagediskussion, aber auch durch Angriffe sowohl im privaten als auch im geschäftlichen Umfeld, nimmt die Bedrohung stetig zu. Insbesondere im unternehmerischen Umfeld sind Daten maximal schützenswert.

Mobile Endgeräte und Applikationen sind in unserer mobilen Gesellschaft und der sich ständig verändernden Arbeitsweise und Kommunikation unter Mitarbeitern, Geschäftspartnern und Kunden nicht mehr wegzudenken. Die Herausforderung besteht darin, diese Kommunikation im Interesse aller Beteiligten unter allen Umständen zu schützen. Sensible Informationen und Unternehmensdaten haben in den Händen unberechtigter Dritter und Geheimdiensten nichts zu suchen. Diese Zugriffe gilt es zu unterbinden. Das gilt selbstverständlich auch für das Erstellen, Bearbeiten und Teilen mit vertrauenswürdigen Personen.

Konzepte wie „Bring Your Own Device“ (BYOD) haben in Unternehmen zu einer neuen Dimension von Schutzbedürfnissen geführt, die für jede Organisation eine besondere Herausforderung darstellt, um unternehmenskritische Daten und geistiges Eigentum bestmöglich zu schützen. Zudem verschärft ein unkontrollierter IT-Wildwuchs (Schatten-IT) durch Dropbox und anderweitige, bevorzugt private Cloud-Lösungen, diese Situation. Das führt zu einer immensen Bedrohung der Informationssicherheit in Unternehmen, wovon gleichermaßen böswillige Hacker und Geheimdienste profitieren. Nichts desto trotz müssen Mitarbeiter mit denselben komfortablen Technologien und Lösungen weiterarbeiten können. Aber das auf eine sichere Art und Weise.

Kontrolle alleine reicht nicht aus, SSL ist unsicher

Berufsskeptiker bekommen durch die aktuellen Diskussionen wieder Oberwasser und raten der Cloud den Rücken zuzuwenden und die Aktivitäten in der eigenen IT-Infrastruktur zu stärken. Kontrolle ist ein wichtiges Thema. Wer seine Systeme und Daten unter eigener Aufsicht betreibt hat mehr Kontrolle über die Prozesse und einen besseren Überblick darüber wo sich welche Informationen befinden. Bei diesen Diskussionen wird nur immer leicht unterschätzt, dass wir uns in einer globalen Welt befinden und, wie oben geschrieben, wir auf mobile Endgeräte und Applikationen angewiesen sind, um die täglichen Geschäfte zu führen.

Mitarbeiter müssen sich mit ihren Endgeräten, Daten und Informationen also trotzdem weiterhin frei bewegen können, obwohl die Kontrolle in den Händen der eigenen IT-Abteilung liegen soll. Ein wichtiger Schritt, den jedes Unternehmen aber insbesondere jeder Anbieter von IT-Services schon seit Jahren hätte berücksichtigen müssen ist die Verschlüsselung. Es ist schon als ein Armutszeugnis zu bezeichnen, das Anbieter plötzlich damit beginnen, ihre Systeme kryptographisch zu härten und dies sogar noch als Mehrwert an ihre Kunden zu verkaufen. Sicherheit ist kein Mehrwert. Sicherheit ist ein zentraler Bestandteil eines jeden Produkts und das nicht erst seit Edward Snowden. Und dazu gehört Verschlüsselung.

SSL-Verschlüsselung ist unsicher

Hierbei darf jedoch eines mittlerweile eines nicht vergessen werden. Die NSA und der GCHQ haben einige Verschlüsselungstechnologien, die im Internet eingesetzt werden, unterwandert, darunter SSL . Das bedeutet, dass sämtliche Anbieter, die ausschließlich auf die SSL-Verschlüsselung setzen, als unsicher einzustufen sind. Einzig und allein der AES 256Bit Verschlüsselungsstandard gilt weiterhin als sicher. Schätzungen ergeben, dass erst im Jahr 2018 die technischen Möglichkeiten vorhanden sind, um eine AES 256Bit Verschlüsselung zu knacken . Die Dauer hängt zum Teil ebenfalls von der Stärke des gewählten Passworts ab. Sicherheitsexperten empfehlen eine Passwortlänge von mindestens 20 Zeichen und dabei eine Kombination aus Klein- und Großbuchstaben, Zahlen und Sonderzeichen zu wählen.

End-to-End Verschlüsselung ist unumgänglich

Trotz aller Versprechungen nützt eine Verschlüsselung nichts, wenn der Anbieter über den Schlüssel verfügt, mit dem er Zugriff auf die verschlüsselten Daten erhält. Aus diesem Grund führt kein Weg daran vorbei, dass ausschließlich der Nutzer über den privaten Schlüssel verfügt und die Daten auf dem lokalen System des Anwenders verschlüsselt werden und anschließend über eine verschlüsselte Kommunikation auf die Server des Anbieters übertragen werden, wo diese ebenfalls verschlüsselt gespeichert werden. Der Anbieter darf zu keinem Zeitpunkt die Möglichkeit haben, den privaten Schlüssel wiederherzustellen und auf die Daten Zugriff erhalten.

So sieht das auch New Age Disruption Analyst René Büst . Er hält die Thematisierung der Kontrolle über die Daten für wichtig, macht aber darauf aufmerksam, das zwangsläufig früher oder später extern kommuniziert wird und eine harte End-to-End Verschlüsselung dafür unumgänglich ist. Büst empfiehlt daher auf folgende Eigenschaften bei der Sicherheit respektive Verschlüsselung zu achten:

  • Advanced Encryption Standard – AES 256 für die Verschlüsselung der Daten.
  • Diffie-Hellman und RSA 3072 für den Schlüsselaustausch.
  • Message Digest 5/6 – MD5/MD6 für die Hash-Funktionalität.
Weiterhin macht Büst deutlich, dass die Bedeutung der End-to-End Verschlüsselung der gesamten Kommunikation immer stärker zunehmen muss. Das bedeutet dass der gesamte Prozess, den ein Nutzer mit der Lösung durchläuft, von Anfang bis Ende durchgehend verschlüsselt ist. Das beinhaltet u.a.:

  • Die Benutzerregistrierung
  • Die Anmeldung
  • Den Datentransfer (Versand/ Empfang)
  • Übertragung der Schlüsselpaare (Public/ Private Key)
  • Der Speicherort auf dem Server
  • Der Speicherort auf dem lokalen Endgerät
  • Die Sitzung während ein Dokument bearbeitet wird

Wie sich Unternehmen verhalten sollten

Das Zusammenspiel von Vertrauen und Sicherheit wird immer wichtiger. Allerdings baut ein Anbieter nur Vertrauen auf, wenn er sich öffnet und seinen Kunden technische Einblicke gewährt. Diese Offenheit ist bei vielen IT-Anbietern nicht gegeben, wodurch diese berechtigterweise in der Kritik stehen. Unternehmen müssen aus diesem Grund einen Anbieter finden, der keine Geheimnisse hat und bereitwillig mit seinen Kunden spricht. Was sollten Unternehmen neben dem Aufbau von Vertrauen weiterhin beachten:

  • Gewinnen Sie Kontrolle über ihre Daten und Systeme zurück.
  • Bauen Sie vertrauen innerhalb ihrer Organisation und zu ihrem Anbieter auf. Das kann über eine gute Beziehung aber auch über Verträge entstehen.
  • Ziehen Sie ein Hybrid Szenario in Betracht, um Ihre Mitarbeiter auch bei ihren mobilen Tätigkeiten zu unterstützen.
  • Ihre Mitarbeiter, Kunden und Partner sollten weiterhin die Möglichkeit erhalten sicher(!) auf Daten und Informationen zugreifen zu können.

Was Sie unter allen Umständen berücksichtigen sollten sie die vollständige Kommunikation End-to-End Verschlüsselung und die Vermeidung von Medienbrüchen bei der die Verschlüsselung unterbrochen wird. Identifizieren Sie zudem sichere Verschlüsselungsverfahren und berücksichtigen Sie diese bei der Ihrer Anbieterauswahl.


Intelligence Agencies Sold Us Down the River

How should enterprises proceed in the future?

By Volker Oboda, CEO TeamDrive

With every passing day we hear more and more horror stories stemming from the eye-opening information we received thanks to Edward Snowden’s leaks. Lately, the stories have not only been about PRISM, Tempora or XKeyscore, but, lately, the stories have revolved around the arbitrariness of the intelligence agencies and their decision to act at their own discretion in terms of what to and what not to do and allow. Each and every one of us needs to ask ourselves, “How can we deal with a threat like this? Not one coming from an alleged malicious hacker, but, instead, a threat coming from those agencies whose sole mission is to protect us and our privacy.

Enterprises Forced to Act

Besides government offices and agencies, enterprises, and any and all other organizations who work with particularly sensitive and personal data, each and every one of us possesses information we deem critical and worth protecting. In the face the current debates on espionage, whether based on attacks on data in personal or business environments, the overall threat continues to rise and, of course, data in business environments are particularly worth protecting at a maximum level.

Today’s mobile society is constantly changing and improving the way we work and communicate with one another. At this point it is almost hard to imagine business partners, coworkers and customers alike communicating without mobile devices and mobile applications. The overarching challenge here consists of how to successfully secure the communication in everyone's interest and at any price. Sensitive information and business critical data have no place in the hands of unauthorized third parties, intelligence agencies or, for that matter, even random standard users. It is necessary to prevent unwanted access no matter who the unauthorized person is. Naturally, this also applies to the creating, editing and sharing of data with a trusted third party.

Concepts like “Bring Your Own Device” (BYOD) have led to a new dimension of, and need for, privacy protection within the enterprise. It has also allowed organizations to meet new and existing challenges to secure business critical data and intellectual property. In addition, the uncontrolled growth of IT security holes (shadow-IT) due to Dropbox, and other preferred personal cloud solutions, cause this situation to be even more nerve wrecking.

This, in turn, leads to an increased threat to an enterprise’s ability to securely protect its critical information and data while at the same time creating a beneficial situation for both malicious hackers and intelligence agencies alike. Nevertheless, employees should continue to work with the same comfortable technology and solutions, but in a more secure manner.

Just to Control is Not Good Enough. SSL is Unsecure

Professional skeptics have once again gained the upper hand, due to the current security debates, and advise users to turn their backs on the cloud and, instead, strengthen their own IT infrastructures. Control is an important issue. Enterprises that operate and supervise their own data and systems have more, if not total, control over the processes that take place and they also have a better overview of where their data is located. However, these debates underestimate just how much of a global world we are living in and how much we rely on mobile devices and applications to run our daily business.

This means employees still need to be able to move about freely with their devices, data and information, while having the control lie in the hands of the enterprise’s IT department. An important factor each enterprise, in particular each vendor of IT services, needed to consider for years is encryption. It is evidence of incapacity that suddenly, out of nowhere, vendors started to harden their systems cryptographically sell this as an added value to their customer! Security is not an added value! Security is a central component of each product and this expectation existed before the events of Edward Snowden. That includes encryption.

SSL-encryption is Unsecure

Here is something that should not be forgotten. The NSA and GCHQ infiltrated some of the best known encryption technologies used to secure common Internet data transfers, among them SSL .This means all vendors exclusively using SSL as an encryption standard should be now classified as unsecure. Solely, the AES 256-bit encryption standard is still secure. According to estimates, we will not have the technological capabilities to crack AES 256-bit encryption until 2018 . The duration also partially depends on the strength of the password. Security experts recommend to choose a password length of at least 20 characters and to use a combination of upper and lowercase letters, numbers and special characters.

End-to-End Encryption is Inevitable

Despite all assurances, encryption is useless if the vendor owns the key that allows access to the encrypted data. For this reason there is no way around the fact that the user should exclusively own the private key, the data is encrypted in the user’s local file system and is, afterwards, transferred via an encrypted communication channel to the vendor’s servers where it is also stored in its encrypted form. On no account should the vendor have the capability to restore the private key in order to access the data.

New Age Disruption analyst René Büst also sees it that way . He thinks who has control over the data is an important topic but, however, calls attention to the idea that sooner or later external communication will be necessary and hardened end-to-end encryption is inevitable. Büst recommends to pay attention to the following respective characteristics of encryption:

  • Advanced Encryption Standard – AES 256 to encrypt the data.
  • Diffie-Hellman and RSA 3072 for the key exchange.

In addition, Büst makes it clear that the meaning of the entire communication being end-to-end encrypted needs to be strengthened. This implies that the entire process a user passes through with the solution is encrypted from beginning to end. This includes:

  • The user registration process
  • Logging in
  • The transfer of data (sending/receiving)
  • The transfer of key pairs (public/private key)
  • The storage location on the server
  • The storage location on the local device
  • The session while a document is being edited

How Enterprises Should Act

The interplay of trust and security is becoming more important. However, a vendor only gains the trust of its users if it opens up and allows its technical insights to be transparent to the user. This type of voluntary transparency cannot be found with many IT vendors, whereby these vendors are justifiably criticized. For this reason, enterprises need to find a vendor that has no secrets and is eager to communicate with its customer. Besides building trust, enterprises should also consider:

  • Regaining control over your data and systems.
  • Building trust within your organization and your vendor. This can be established with either a good relationship or with contracts.
  • Considering a hybrid scenario to support your employees while they are mobile.
  • Continuing to offer employees, customers and partners the opportunity to securely access their data and information.

What should by all means be considered is the end-to-end encryption of the entire communication and the avoidance of media disruptions during the encryption. Moreover, to identify secure encryption methods and to consider these methods during vendor selection.


Thursday, September 5, 2013

TeamDrive SecureOffice: Seamless and secure document processing for smartphones and tablets

René Büst, Principal Analyst and Senior Advisor covering cloud computing, business technology and collaboration published an insightful report about TeamDrive SecureOffice which was just released a few days ago.

TeamDrive SecureOffice is a collaborative product between the data security experts at TeamDrive and the mobile office provider Picsel combining one of the most secure tried-and-true ways to sync and share files "TeamDrive 3" with one of the most downloaded mobile office solutions "Smart Office 2".

You can find out more about TeamDrive SecureOffice right here.

Here are some interesting excerpts:

"A sandbox provides seamless security on the device

Based on sandbox technology, shared documents never leave the secure environment provided by the application. Complete end-to-end encryption is initiated when employees send and receive files via mobile devices."

"For large companies, government agencies and any other organization working with particularly sensitive data, it is crucial to adapt to the mobile habits of employees and to respond to these habits with appropriate solutions. A first look at the Android version of the app displays how the seamless workflow of Picsel’s Smart Office for mobile devices in conjunction with TeamDrive’s cloud-based sync and encryption technology for business can help to achieve this goal."

You can read the whole article right here on

Monday, July 15, 2013

So, where do we go from here? The protection of our privacy must be a priority!

Tensions have somewhat subsided since the recent news about PRISM and Tempora rocked the globe. So, what’s next? Where do we go from here? Is this somewhat relaxed state truly a relaxed state? Or is it just the calm before the storm?

As we delve deeper into the labyrinth of data we find out there is a surprisingly large interest in corporate data, an interest level far greater than many would have ever imagined. But tell me, are we really surprised? Are we truly that naïve? Truth be told, at some point we all had that burning sensation in our stomachs; we all had that feeling that in some form or fashion we were being ‘observed’. Well, now it’s official! Yep! Right there in black and white! But what does this mean for us and our privacy? Should we throw away all we have worked for, trash years worth of technological developments and head back to the drawing board? I would think not.

The show must go on; the sprockets and the wheels must keep turning. In hindsight we can see where we went wrong; we can see where we put a false sense of hope and security for our privacy in the hands of wrong people; we can see where we did not take the time to be more aware and to better inform ourselves as to how our privacy is actually being protected. Let’s not make the same mistake twice. “Fool me once, shame on you; fool me twice, shame on me.”


We like to share everything.

The ease and practicalities of easily sharing data and information with one another is steadily increasing. The main cause of this is because we, as people, like, and sometimes need, to communicate with each other. On the one hand, we are just social beings. On the other hand, we need our communicative skills for use in the world of business to promote the exchange of ideas, information, developments, solutions and to find ways of implementing all of these factors in a timely and efficient manner. This, in-turn, leads to mountains and mountains of data that other parties presumably have interest in and who, as we have now found out, are casually given access. At this point, “We like to share everything”, as described on, is as much of a punch line as it is an advertising slogan, especially when it’s written in its terms of use that data will be released to security agencies. As written by the Guardian, “The NSA document indicates that it is planning to add Dropbox as a PRISM provider”. On top of that, why should the user feel safe and feel as if his/her privacy is protected when their data will supposedly be stored in an encrypted form by their provider who, incidentally, has the keys to decrypt their data? So whose data is it really when you don’t even have the keys to access your ‘own’ data? The provider owning the keys to your data interferes with your right to have access to the data at will.

Control is good. Integrated encryption is even better.

Given the current state of our digital privacy, one could also say that an end-user who only relies on an ‘encryption at rest’* approach is betting on the wrong horse. Eventually, the data will leave its storage location and be transmitted in an unencrypted form and without further security measures. Can you say, ‘disaster waiting to happen’? For this sole reason is why all end-users, companies and private users alike, trust and confidently rely on 100% end-to-end encryption. 100% end-to-end encryption provides the level of security needed to allow end-users to communicate and easily and confidently share private data with whomever they choose. This has been confirmed by the results of a recent survey. However, the truth of the matter is that not one single US-based provider can meet this requirement. At the moment, Wuala, from Switzerland, and TeamDrive, are the only companies able to provide this high level of security.

But, what does end-to-end encryption mean exactly? As the name states, the data are encrypted before leaving the user’s device**. This means that the data are transmitted to the server in an encrypted format and also reside on the server in an encrypted format. While the data are being transmitted back to the user’s device they remain in their encrypted state. The data are encrypted during their entire time away from the user’s device. Once the data returns to the user’s device it can only be accessed if the proper encryption keys are available and these reside with the user. Yes. The user is the only person with access keys to their data. There is no master key maintained by the service provider which means there is no way for them to decrypt the user’s data and allow access to them.

Legal space and trust are a key factor

What the above-mentioned survey also reveals is that the location in which the data are stored is of high importance. 92% of voters agree Europe is the safest and most trustworthy region worldwide to store data. America tallies up a measly 2% of the votes and weighs in behind Africa which managed to receive 4% of the votes.

With all that said, it is probably pretty clear which vendor should only come into question today. Right?

* The data is stored physically encrypted.
** With third party tools the data can also be stored in an encrypted form on the user’s device. The best way to ensure 100% security is to encrypt your data locally as well.