Release Notes: Customer Managed Encryption Keys for Cloud Storage

  • 1
  • Announcement
  • Updated 2 years ago
We are pleased to announce the availability of Customer Managed Encryption Keys for Cloud Storage. 
Customers using ShareFile cloud (Citrix Managed StorageZones)to store their files now have the ability to manage their own encryption keysand therefore have much better control over security. They can use Amazon WebServices to generate a master key that would then be used to encrypt ShareFiledata uploaded to the cloud using a dual encryption key paradigm. 

In this process when a file request comes to ShareFile, a request is made to Amazon's Key Management Service (KMS) for a new data key. Amazon KMS returns a plain data key and a data key encrypted with the master key. ShareFile encrypts the file using the plain key and discards it. The encrypted data key is then stored in ShareFile. 

Conversely when a file download request is made, ShareFile receives a file path to the file and the encrypted data key. ShareFile then sends the encrypted data key to KMS. Amazon KMS then uses the master key to decrypt the data key and sends the plain data key to ShareFile. ShareFile decrypts the file using the plain key and discards it. ShareFile then securely transfers the file to the endpoint. 

Customers will have complete control over their encryptionkeys and can revoke ShareFile’s access to their master keys whenever they want.When access is revoked, ShareFile can no longer decrypt the encrypted files

Customers can continue to enjoy the cost benefits of thecloud by using the cloud-based key management service at a fraction of the costof hosting a service on premise.

Click here on how to start using this feature. 


Photo of Anirban Chakraborty

Anirban Chakraborty

  • 18 Posts
  • 1 Reply Like

Posted 2 years ago

  • 1

There are no replies.

This conversation is no longer open for comments or replies.