Hello all. Sorry if this has been asked and answered. We are using NC and love it. We have about 20 computers using the sync client to sync data from a NC instance on a linux box in the cloud. The computers consist of MAC’s and windows boxes. Now I know we can setup encryption on the NC server and that is well documented and easy. But what about the client side encryption? It is great that NC can encrypt at rest on the server but there is an instance of all the sync files on all these computers that is not encrypted. Do we need to rely on some sort of 3rd party encryption method on the computers themselves or does the NC client somehow encrypt the data at rest on all of these computers?
Sorry if this is a basic question.
The client syncs the plain unencrypted files. You need 3rd-party products to protect files locally. Also server-side encryption makes sense for external storage. If you have all data on the same server, there is very little protection against an attacker who has full access to your server.
Thanks very much. So if the files are encrypted on the server will the sync client even function? It seems like if you sync files from the server using the sync client then you can’t have the server files encrypted. Am I understanding this correctly? And if we put a third party solution in place to encrypt files locally then how would they sync to the server (which is either encrypted or not encrypted?)
Basically they are applying for insurance and one of the questions on the questionnaire is if the data is encrypted at rest.
It’s server-side encryption, the file is stored encrypted but it is sent unencrypted to the client (with SSL you have transport encryption). Because the server is doing the encryption and decryption, someone who controls the server can get his hand on unencrypted data during this process.
Then the files will be stored encrypted. Side-effect, you can edit or read files on the web interface. If you share files with other users, you have to tell them about the client-side encryption and they need to implement it as well.
If no client is connected, someone steals the hard disk or a backup, the data is encrypted. The keys are as well on the system but secured with the user’s password. If everything is correctly implemented it comes down to run brute force attacks against the password.
Encryption added a few bugs in the past. If you want to use it, I’d recommend to test a full backup and recovery procedure.