Although many corporate or government work processes can be made more effective and efficient through collaboration platforms, many institutions are reluctant to leverage appropriate public cloud offerings. They prefer to keep their sovereignty over the data and processes and therefore build private clouds . They use freely available software to keep costs down.
OwnCloud is a widely used collaboration solution in private clouds, also because it can easily be extended with its own applications. The BSI has therefore analyzed risks in operating ownCloud and published the results in the document " Operation and security of ownCloud ". It is intended to provide IT managers with an overview of the possibilities, security measures and restrictions for the operation of ownCloud. On 29 pages, the paper describes the safe operation of the private cloud collaboration platform ownCloud, identifies the relevant threats and identifies appropriate security measures for normal protection needs.
Holger Dyroff, Managing Director of ownCloud GmbH, assesses the BSI exam as positive: "Naturally, the document is not a product recommendation, but the publication is a clear sign of the noticeable increase in importance of ownCloud as the world's most widely used open source software for Enterprise Filesync and -share. "Encryption is optimized
ownCloud includes security functionalities such as file firewall and encryption. File Firewall examines connection and file action requests on the ownCloud server and prevents ownCloud from granting access if the firewall policies are not met. The encryption of files is done by the server. ownCloud acts as an encryption gateway when connecting external storage systems such as Swift or Amazon S3. Using such Object Stores, the names of files and directories can already be hidden today so that they are not visible and users can adhere to security standards. Alternatively, an encrypted storage medium (Encrypted File System) can be used.
With regard to encryption, the BSI refers to storing the encryption key on the servers of companies using ownCloud. The company ownCloud does not receive information about the keys. But the solution provider wants to introduce in a coming version the strong flexibilization of the encryption functions. "In collaboration with major clients, ownCloud's development department is working to make encryption more flexible. Our customers will have the opportunity to integrate key key servers while accessing external KeyStores. You will be able to choose between different key servers or encryption algorithms and also be able to use several algorithms.
