Data security and privacy

The concept of cloud computing is still perceived by many as rather vague. A simple description might be the processes and applications provided over the Internet. However, cloud services can also differ greatly in terms of code base, facilities, hardware, staff procedures, etc. It is difficult to get a clear idea of who is behind the service and which provider is best suited to your needs. Many of the companies offering cloud services are more than a few years old.

One of the best ways to understand cloud computing is to look at where the business data being stored is going. From a desktop, phone or tablet to a data hall. Let's see how it works at Storegate AB.

Data security at Storegate

Cloud guarantee with privacy and security in focus
Storegate's customer data is stored in a reliable environment where customers can make maximum use of the services in a safe, secure and efficient way. The equipment is owned by Storegate and the data halls are located in Stockholm, Sweden, co-located with Telia International Carrier.

Facilities, systems and personnel meet stringent requirements and we offer a fully redundant environment with optimal conditions in terms of power supply, cooling, climate, fire detection and extinguishing systems.

Storegate's services are monitored around the clock via surveillance systems. In the event of operational disruptions, on-call technicians are automatically alerted. Access to data halls is protected by burglar alarms, locks and security officers.

Storegate never scans information for business development purposes or to sell advertising.

Account access and authentication
When you create your account on Storegate, we have created the conditions for you to choose a strong username and password that is adapted to your company's policy.

• Password factors (minimum number of characters required by numbers, special characters, capitals, etc.)
• Password reset from the administrator or via support
• Limited number of login attempts (brute force)
• Automatic logout in case of inactivity

Single Sign On
For Enterprise customers, Storegate offers support for Single Sign on. This gives companies centralized control over user accounts in Storegate. If a company shuts down a user centrally, that person can no longer log in to the service. Similarly, as an administrator in a multi-account, you can manage and control your users. This is done by logging in via the administrator account on Storegate.com.

Mobile access
Mobile users can access their Storegate accounts via mobile browsers or a specific Storegate app. When a user connects via a mobile phone (iPhone, iPad, Windows, Android, etc.), HTTPS encrypted authentication is applied. All data sent between the server and the mobile application is encrypted using the SSL banking standard. If a mobile device is stolen or lost, the administrator can block the person's account so that access to the information in the service is blocked in real time.

Upload and transfer
Once you have logged into the service via one of our interfaces, you can upload files and folders. The upload itself is simple from the user's perspective, but at Storegate we optimise the performance and security of the transfer itself. All data is encrypted with 128-bit SSL encryption. This means you don't need to use VPN tunnels or similar to access your data from different geographical locations. The same procedure is reversed when downloading files to your devices.

Permission levels and information sharing
Once your files have reached Storegate and are ready for sharing, collaboration or storage, there are options to decide who and what can access the information. For example, each user can set sharing permissions in collaboration folders. By sharing folders externally via Public Links, it is also possible to determine who and what partners can access your information and upload information to your account. Public Links can be restricted by time intervals and passwords that the recipient needs to access the content.

Global settings
At a global level, Multi-account administrators can set certain restrictions on one or more users. In addition, the administrator can determine:

• Who can create folders or upload files
• Which users should be invited to the account
• How much each user can store in the home directory and in the backup section
• Which files should be permanently deleted (active/inactive recycle bin)
• How many versions of each file should be in the account
• When and who should receive backup status reports
• When a user is to be deleted

Storage and encryption
All files stored in Storegate's system are encrypted with AES 256-bit encryption. Furthermore, all files in the systems are stored with scrambled paths and filenames. This means that it is never possible to trace which files and referrals belong to the owner of the files, i.e. the account holder. For all services and protocols on Storegate, 128-bit SSL encryption is also applied during transmission. For Backup Pro, files are optionally encrypted with a user-generated encryption key (256-bit AES encryption). The system has built-in protection against SQL injection and brute force attacks. The system will automatically block failed login attempts that are repeated based on IP address and username.

Deleting stored information
When files are in the trash, they remain until you choose to empty all or part of the trash. If you delete files from the trash, they can never be recreated. If you choose to close an account, the data is stored for 60 days, after which Storegate deletes all data in accordance with the Personal Data Act. Please contact Storegate at support@storegate.com if you are unsure how to delete files.

Our guidelines
The security of your information starts in our office, in our data warehouses and with our procedures. All Storegate employees have an employment contract that includes confidentiality towards our partners and customers. Like most online services, we have a small number of employees who must be able to access user data for the reasons outlined in our user agreement (e.g., when we are legally required to do so). But these are rare exceptions, not the rule. We have strict policies and technical access controls that prohibit employee access except in these rare cases. In addition, we employ a number of physical and logical security measures to protect user information from unauthorized access.

Storegate also works to maintain the security of its own office network with:

• Network Intrusion Detection System
• Application logging, reporting, analysis, archiving and preservation of data
• Continuous internal monitoring

Administration of your data
Storegate technicians or customer support may temporarily need access to customer accounts to handle technical issues and support. Again, we have established thorough policies and powers of attorney that help us assist you with as little oversight as possible.

Application and hardware architecture
In each data hall, Storegate maintains full redundancy in terms of load balancers, routers, servers, switches and failover configurations, etc. Data that is written is replicated in real time across multiple servers.

Summary
Storegate's system is a complex environment that requires multiple layers of security. From hardware like storage systems to soft values like the staff working at Storegate. Storegate's top priority is and remains the security of its customers' digital information. If you need more information in a specific area please contact Storegate and we will be happy to answer your questions.