Safeguarding Sensitive Data

Hjalti Magnússon

12. April 2024

öryggi

persónuvernd

Blog background image

In today's interconnected world, sensitive data has become increasingly valuable and prone to potential threats. From personal information such as financial records and medical records to confidential business files, the security and privacy of our data have never been more critical. The criticality of protecting this data cannot be overstated, as unauthorized access or exposure can lead to identity theft, financial loss, reputational damage, and legal consequences.

Sensitive files are often shared via email, instant messaging platforms, or file-sharing services due to their convenience and ease of use. However, these methods of transport can pose significant risks to the security and privacy of the shared files. One of the main concerns is that these files can linger on email servers and other devices long after they have served their intended purpose. This persistence of data increases the likelihood of exposure, especially in the event of a breach or unauthorized access.

For instance, let's imagine a scenario where a doctor is seeking consultation from another doctor, and they need to send the patient's medical records. Simply sending an email, which may seem like an innocuous action, can actually pose a significant risk to the exposure of these sensitive records. In fact, if a malicious actor were to gain access to either email account, even years later, the confidentiality of these records could still be compromised.

Furthermore, even if we disregard the potential compromise of email accounts, there are numerous concerns that arise regarding the storage of sensitive records. Who is responsible for managing the email server of the sender? What about the receiver's email server? Are these servers cloud-based or located on premises? Who has access to the data stored within these servers? Are there any backup systems in place? If so, where are these backups stored? And most importantly, are these backups securely stored? Additionally, if an email is deleted from the inbox or outbox, are the backups also erased? These are crucial questions that must be addressed when considering the security and privacy of sensitive data.

Our solution

Sharecurely offers a way to share sensitive documents, without leaving copies of the document anywhere along the way. When files are sent using Sharecurely, they are encrypted on the sender’s device before being uploaded to our servers and remain encrypted during transit and storage.

In a bit more detail, the process of sending a file is as follows.

  • The encryption key is securely generated client-side, i.e., on the user’s device, usually a browser.
  • The document is encrypted with the key, also on the user’s device.
  • The document is sent to our servers for storage.

A crucial aspect of this process is that the encryption key is generated on the user’s device and is never sent to our file servers. This ensures that we are unable to access the contents of your sensitive documents, and that’s exactly how we want it! This also ensures that, even in the case of a full compromise of our servers, your documents remain safe.

The encryption key is sent to the recipient, via email, through a separate channel. This part of Sharecurely is kept operationally separate from all our other systems, to ensure the security of this channel. We never store the encryption keys in any form.

In general, when processes or systems are made more secure, the user experience suffers. However, we believe that, with Sharecurely, we have struck a good balance between the two. For the sender, the process of sharing a document involves uploading the document and specifying a description and an email. After the document has been shared, the recipient receives an email with a link to their Sharecurely inbox. The only additional step that they have to take is to log in to their Sharecurely inbox and the document will be ready for download. If this is the first time they receive a document through Sharecurely, the recipient must also create an account, which only requires email confirmation.

If we go back to our example above, suppose the doctor shares the patient’s file using Sharecurely. For the sender, the experience is not much different from sending an email. They simply upload the file, enter the recipient’s email and send it. The consultant will then receive an email containing a link to the document. Clicking the link will take them to their inbox, where they download the file, which is subsequently deleted from Sharecurely’s servers. The sender will then be able to see that the recipient has downloaded the document.

Contrasting this with the scenario when the document was sent via email, although the difference to the users is minimal, we can see a great difference in terms of privacy and security. We no longer have to worry about storage and access to email servers, since no sensitive data is present in the email itself. In the case of the email accounts being compromised, an attacker could only access URLs to documents that, unless they were sent recently, will have expired.

Encryption keys

The tech savvy reader might have noticed that, since we control the channel through which the encryption keys are sent, we could technically access the data that we store. This is accurate, however, as we have no interest in accessing our customers data, we have strict controls in place for this part of our solution.

  • The environment through which the encryption keys are sent (i.e., emails) is kept operationally separate and isolated.
  • Encryption keys are never logged or stored in any form.

However, we do recognize that for the most security conscious organizations, our promises do not mean much. We are, therefore, working on allowing organizations to provide their own channel through which the encryption keys are sent. Using this feature, organizations can be sure that we have no way of accessing their data, even if we wanted to.

Conclusion

Sharecurely is designed with one primary goal in mind: to securely and efficiently transfer sensitive data from a sender to a receiver, without leaving any trace of the document along the way. It is crucial to understand that while Sharecurely significantly reduces the risk of data exposure, it does not completely eliminate it. For instance, in the unfortunate event of a compromise of either the sender or receiver's device, the data will still be at risk.

In conclusion, Sharecurely is a reliable solution for secure file sharing, minimizing the risk of data exposure. While it cannot eliminate all potential risks, it employs robust encryption methods and ensures that no copies of your documents are stored in unintended locations. By prioritizing the security and privacy of your sensitive data, Sharecurely provides a valuable tool in a world where data protection is of utmost importance.