The keys used for encryption are pseudo-randomly generated (or randomly with appropriate entropy source). In contrast to many other cloud encryption solutions, OmniCloud does not make use of password-based encryption, which is relatively easily vulnerable by brute-force and dictionary attacks. Additionally, keys are not derived from the file name or file content, which may adversely affect privacy and security.
All users must authenticate before using OmniCloud. OmniCloud supports several authentication methods (e.g., password-based authentication). OmniCloud can be linked to existing IDM systems of a company via interfaces. Thus OmniCloud can be easily integrated into existing processes for user provisioning.
OmniCloud provides a mechanism for role-based access control. Within OmniCloud it can be determined which users can perform which operations on which files. For easy management of rights users can be grouped by means of roles. The access rules can differ with respect to their degree of granularity (e.g., rules for directories, for files, file properties, for file types) in order to increase usability of rights management.
Apart from the actual contents of a file, the associated file name or directory name may also contain sensitive information. Therefore OmniCloud does not only encrypt the contents of a file, but also file names before they are stored in the cloud.
All file names are randomly generated, file extensions like ".pdf" are removed. Furthermore, the complete directory structure is deleted and managed internally. Thus, neither the attacker nor the cloud storage provider is able to draw conclusions about the files stored there.
A major reason why many companies hesitate to use cloud storage services, is the fear of binding to a cloud provider ("provider lock-in"). Since there is generally no efficient way to migrate data between different cloud providers, users are usually tied to the cloud provider, which they initially selected. To counter this, OmniCloud offers a so-called migration service that helps users to easily switch to another cloud storage service. OmniCloud's migration service itself is not running in the corporate network but as a cloud service, and thus profits from the fast data transfer rates between the cloud providers. The migration service copies the encrypted data from the old to the new storage provider. Downloading data from the cloud storage into the corporate network and re-encryption of data is not necessary here.
OmniCloud allows the simultaneous connection of more than one cloud storage or local storage. Storage strategies determine how the data is distributed to the attached storage. The data may, for example, be stored redundantly on multiple cloud storages or distributed across multiple cloud storages. New storage strategies can be easily developed and integrated.
OmniCloud stores files more efficiently. A local deduplication component recognizes files with the same contents and ensures that only one copy is stored in the cloud storage. In this way, companies can save cloud storage, traffic and associated costs. To address privacy issues that may arise in the context of deduplication, you can configure user groups for which deduplication has to be performed.
OmniCloud was designed for use in enterprises. OmniCloud uses a so-called enterprise gateway approach. OmniCloud is installed on a server, the OmniCloud gateway, within the corporate network. The communication of the user devices with the OmniCloud gateway uses standard communication interfaces (such as FTP, SFTP, CIFS), which are supported by most operating systems and application programs. An installation of an OmniCloud application on the user devices is not necessary.
This integration approach allows virtually any software to become cloud-enabled, even if the software itself has no communication interfaces for cloud storage. An existing backup solution that supports, for example, only FTP, CIFS, or SCP to store the data can be used in this way with cloud storage services such as Amazon S3 or Dropbox. OmniCloud already supports a variety of cloud storage providers.
OmniCloud