Nextcloud’s Solution for Ensuring Zero-Trust Document Collaboration

The world of cryptography and Cloud security is congested with buzzwords and promises of data privacy.?The jargon and marketing spins can be confusing to the uninitiated.?What exactly does data security within Clouds look like? What on earth is a PKI, and how does it work??What is Zero-Trust and how does it relate to Clouds and PKI??Fear not.?This article is intended to answer these important questions and, more importantly, offer you a solution for data privacy in Clouds.?Let’s begin with a working example by talking about a specific Cloud provider, Nextcloud.?

What exactly is Nextcloud??

Many of you will undoubtedly be familiar with Nextcloud.?For those of you who aren't, Nextcloud is widely acknowledged as the world's best open-source, content collaboration platform.

Nextcloud supports all of the popular operating systems, to include Linux, Windows, Mac0S, iOS, and Android.?In line with its open-source philosophy, the Nextcloud “backend” software interface services always run on a Unix server, allowing for multitasking and multi-user functionality.?Nextcloud can be hosted on end-customer premises, or at any preferred Cloud service provider.?

Many people mistake Nextcloud as only a Cloud storage provider, like Google Drive or Dropbox.?But data storage is only one of Nextcloud’s many services.?Nextcloud differs from most Cloud data platforms because it also allows companies to self-host the software, or to sign up with a Nextcloud hosting provider if they prefer a more convenient, and easy setup.?

Nextcloud has all the basic features expected from a Cloud storage service.?At the centre of Nextcloud's offerings is its Nextcloud “Files” feature, an enterprise file-sharing and syncing solution.?This file-sharing software makes it easy for employees to collaborate on files and documents in real-time.?One can search, edit, comment, attach notes, and even lock files while in use.?

Traditionally, platforms like Nextcloud are secured by employing Public Key Infrastructure (PKI) or, to be more precise, Transport Layer Security (TLS). ?This mention of TLS allows for a smooth segue to unravelling the complex cryptography terminology surrounding PKI.?

What is PKI?

Public Key Infrastructure, or PKI, is an essential digital infrastructure that has become a vital part of our everyday lives.?Yet, many people reliant on the global TLS service, and the PKI operations within, have no idea what these two acronyms mean or how they relate. ?To begin with the dry definition, a Public Key Infrastructure consists of roles, policies, hardware, software, and procedures necessary to create, manage, distribute, use, store and revoke digital encryption certificates and manage the use of public-key encryption.?

More simply, PKI is a system of processes, policies, and technologies that provides data encryption and is ultimately used by nearly all digital services to protect our text messages, emails, passwords, credit card information, and any other data for which privacy is required.?

Understandably, a difficult topic to understand for those of us not entrenched in the world of cryptography.?To simplify, let’s use an analogy.?The analogy usually involves two work colleagues, Alice and Bob, who are trying to share a private message, but have to protect it from the villainous Eve, or sometimes Trudy.?Maybe a little tedious??

Let's make it more interesting by making the analogy about spies.?Let’s say there’s a spy named James who wants to send a sensitive piece of information to his senior officer, George. ?James wants to ensure this information is only read by George.?James can't send this information in plaintext because his enemies, Boris and Natasha, could easily read or alter the information if they were able to intercept it.?So, only George must be able to translate the information to readable format.?In other words, James needs to encrypt the information using a code that only George will be able to understand.?

But here arrives the problem.?If James locks (encrypts) the message using a key (some logic code), how will George unlock (decrypt) it??George would have to also know the key.?One method is for James to give the key to George.?But this face-to-face meeting would be impractical.?And sending the key via mail or courier would risk it being intercepted and copied while in transit.?

Such an encryption method is even more problematic in the virtual world, than it is in the physical.?Each time two computers were to communicate securely, they’d have to agree on a common encryption key for every interaction.?A very time-consuming mathematical process.?And suppose there’s a server location (at a bank, for instance) that communicates with thousands of users.?In that case, the server would have to perform a computational process for every client transaction, slowing it even further.?These key exchanges would involve various complex processes and agreements that must be handled quickly.?

This is where PKI comes in.

In addition to conventional encryption (also known as symmetric encryption), where the same private key is used for encryption and decryption, PKI involves the use of a pair of keys.?But unlike symmetric encryption, as described above, PKI uses a private key and a public key to encrypt and decrypt coded information.?This asymmetric encryption process is known, generally, as public-key encryption.?

One of the keys encrypts data, and the other decrypts it.?Both keys are distinct, but mathematically related to one another.?This means that the data encrypted with one key can only be decrypted using the other key.?As you can probably gather from their names, the public key is available publicly, while the private one is kept private by each individual party.?

So, if James and George were to use public key infrastructure instead of only private key encryption, James could encrypt the secret message by using George's public key.?Then George, using his private key, would be the only person able to decrypt the message.?PKI allows the two spies to communicate securely and prevent their enemies access to readable text.??

Hopefully, this analogy has made PKI a little more understandable.?

Most organizations recognize that PKI is a core component of enterprise security.?However, it is not infallible. PKI can be compromised and become a source of data breaches if not correctly implemented and managed.?I’ve written about the failings of PKI in The Mendoza Line....?In addition to discussing PKI technical weaknesses, the paper reveals shocking examples of poor PKI implementation.?

In the mid-1990s, PKI was developed for the intended use in communications and bulk-data file encryption.?In today’s 21st-century digital world of inter-connected hybrid Clouds, mobile edge platforms, nested IoTs, layered-apps, blockchain, and data fabrics, PKI’s performance drag, algorithm weaknesses, and reliance on centralized certificate key authorization makes it woefully ill-suited to meet today’s security threats.?The world has accelerated well beyond bulk data and end-to-end data packet encryption.?The bottom line, in my opinion, is that PKI cannot take you to the Zero-Trust destination.?VIBE’s certificateless key technology can meet the extreme data security demands posed by today’s globally-connected digital world.?

At the start of this article, I promised you solutions to your Cloud security concerns; well, here goes.?

VIBE Cybersecurity is a proud technology partner of Nextcloud.?

VIBE Cybersecurity has partnered with Nextcloud to provide unique end-to-end encryption and authentication technology that is integrated within Nextcloud clients and server software in order to provide enterprises with Zero-Trust Cloud security.?

Despite the vast array of Cloud service providers, we chose to partner with Nextcloud because they are the best available choice. ?And here’s why:?

They have an extensive services ecosystem.?

With over 80 million users, over 500 Enterprise customers, and a developer network exceeding 2000, Nextcloud is the most-deployed, self-hosted file synchronization and content collaboration platform. ?Nextcloud offers the broadest range of add-on capabilities and applications integration across the industry.?Nextcloud eliminates the confusing morass of differing SaaS platforms and, equally important, the security, cost, compliance, and productivity headaches that accompany these disparate interconnected SaaS systems.?

Nextcloud’s data file sharing is the easiest to use.?By far.?

The digital era in which we live needs an easy-to-use, secure cryptosystem that administrators and users can quickly master and operationalize.?It must be as easy to learn and use as are today’s popular software applications.?Nextcloud usability fits these criteria.?

Easy to learn and use.?Nextcloud does not overwhelm its users with unnecessary interface software clutter.?Customers often remark on how few support tickets the platform creates for their IT departments.?

Now with VIBE inside, Nextcloud provides the best security.?

For many businesses, data security and privacy are perhaps the most critical aspects of Cloud service. ?Nextcloud provides the best security for its users’ data by ensuring its own security software and processes are attested via thorough external and internal security penetration testing.?

With industry-leading features like machine-learning login protection; two-factor authentication; brute force protection; and unique measures like video verification, end-to-end, and server-side encryption, VIBE-enabled Nextcloud is the most secure Cloud solution in the market.?Nextcloud’s focus on maintaining the integrity of its data security ecosystem is reflected in its security bug bounty program.?

VIBE provides Zero-Trust Architecture.?

Zero Trust has become something of a buzzword in our industry.?

Rooted in the principle of "never trust, always verify," Zero-Trust is a strategic approach to cybersecurity that secures an organization’s data and processes by eliminating implicit trust and continuously validating every stage of digital interaction between the system and users, devices, and applications.?

Intended to protect modern system environments and enable continuous digital transformation, the Zero-Trust approach uses robust authentication methods, a leveraging of network segmentation, prevention of lateral movement, provisioning of “Layer 7” threat prevention, and granular simplification “least access” policies.?

In short, a Zero-Trust system trusts no user, device, or application.?They all must be continuously authenticated, access-checked, and monitored.?

With accelerating digital transformation taking the form of a growing hybrid workforce, continued migration to the Cloud services, and transformation of security capabilities, adopting a Zero-Trust security strategy has never been more important.?

At VIBE Cybersecurity, we offer a Zero-Trust Nextcloud solution.?And it’s a very good one.?Even as its capabilities and performance continuously improve, VIBE-enabled Nextcloud now offers data-sharing file protection that far exceeds that afforded by other Cloud providers.?And at a much lower price point.?Needless to say, VIBE-enabled Nextcloud has eliminated the complexity, cost, and operational frailty inherent in PKI.

Nextcloud is malleable and is an important ingredient in building systems which don’t rely on today’s popular Cloud providers, ensuring data sovereignty.?