Nextcloud’s file storage solution gets a security boost

The new version of Nextcloud includes end-to-end encryption and enterprise key management.

Nextcloud’s file storage solution gets a security boost

Nextcloud today released a preview of Nextcloud 13, its online file storage solution for enterprise and individual users.

What makes this release so interesting? End-to-end file encryption.

When we’re talking about the needs of big businesses, keeping files secure is absolutely critical. There has been no shortage of data breaches and hacks in recent months – reliable encryption and security is absolutely vital to reducing those problems. 

+ Also on Network World: 4 ways to simplify data management +

From Jos Poortvliet, member of the Nextcloud, team:

“Our end-to-end works on a per-folder level and features an easy-to-use, server-assisted but fully secure key management with Cryptographic Identity Protection, our method of securely signing and handling user certificates. Users can easily access their data on any of their devices using the clients (not via the web interface) and share with other users, securely.

“On top of that, our design is unique in delivering on enterprise demands like a complete audit log, an optional offline administrator recovery key and support for a secure HSM (hardware security module) to be able to issue new identities to users.”

And Nextcloud founder Frank Karlitschek had this to day: 

"Nextcloud is first to offer seamless, integrated end-to-end encryption in its clients as part of a complete enterprise-class file sync and share solution. Secure yet easy key handling between clients and users with enterprise key management and recovery options set this solution apart from others."


Encryption features in Nextcloud 13

The folks over at Nextcloud provided a bullet list of what they feel makes their end-to-end encryption solution different from others. I’m providing it here, unedited, so you can see how they are approaching things. 

  • Does NOT compromise security by decrypting files in the browser with JavaScript coming from the server.
  • Enterprise focus: designed to protect users from mistakes.
  • Is NOT an all-or-nothing affair: Any number of folders can be end-to-end encrypted.
  • No need for exchanging passwords when sharing with other users.
  • Sharing and revoking shares without need to re-encrypt (and re-upload!) files.
  • Users can easily add new devices using a code made of 12 dictionary words.
  • Each client can, when asked, show the code and users are, of course, encouraged to save the code somewhere safe offline.
  • Supports a Hardware Security Module for enterprise environments, which enables securely issuing new keys to users.
  • Supports an off-line administrator recovery key to be kept in a physically separated location. Users get warned when this key is enabled.
  • Supports a complete audit log without compromising end-to-end security.
  • Can be combined with our unique File Access Control, enabling IT to block specific file types or files by specific user groups from uploading unless they are end-to-end encrypted. 

This certainly ticks a lot of the right check-boxes. Especially for big businesses looking to keep their files secure. The fact that it’s all open source and self-hostable is doubly good. 

I have not yet, as of this writing, had the opportunity to effectively test out this “Tech Preview,” but I plan to over the coming days. Will it live up to the claims of Nextcloud?  Based on their track record thus far, I have no reason to think that it will be anything other than exactly what they say. Still, I will thoroughly “kick the tires” and report back with my findings.


Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022