Stormshield Data Security for Cloud & Mobility is a solution enabling to protect and view corporate data placed in the cloud from the workstations or mobile devices of the company. Data is protected when it is shared on secured shared spaces such as Microsoft Office 365 (SharePoint Online and OneDrive for Business) and Dropbox.
The Stormshield server (Stormshield Data Management Center) allows centrally managing Data Security clients installed on users' workstations and mobile devices. It is hosted by Stormshield‘s Cloud services.
When you created your corporate account, you had to choose between two user key management modes:
Built-in Key Management: SDMC contains an internal directory that allows users to collaborate seamlessly without the need to deploy either the LDAP server or the PKI.
Select your mode carefully as the SDS for C&M built-in key management solution cannot be migrated to solutions using external PKIs. The external PKI would not be able to reuse keys.
In the documentation, Stormshield Data Security for Cloud & Mobility is referred to in its short form: SDS for C&M, and the Stormshield Data Management Center in the form: SDMC.
From the SDMC administration server you can:
- Define administrators,
- Delegate administration roles,
- Define policies for mobile devices and desktops.
- Define shared spaces,
- View statistics on how your shared spaces are used,
- View the list of users and associated devices,
- View actions performed by users.
Nobody must be able to access your data without your consent. This is why Stormshield has designed SDS for C&M based on zero-knowledge proof. This means that no third party, not even Stormshield, can access your data. Before it is transferred to the SDMC server, the user's data will be protected by SDS for C&M on his device with keys that only the user holds.
The general principles of protection are:
- The user’s account is protected by a password that only he knows.
- Protection keys are generated by the user on his workstation or mobile device. Neither Stormshield nor the service host has the ability to access keys to user accounts.
- To allow the user to restore his account on a new device, his account is stored on the SDMC server. The server authenticates the user before restoring the account on the new device.
- Every corporate account has a security administrator account that corresponds to the recovery account. This administrator can:
- Reset the password and release user accounts (Helpdesk role),
- Delegate a user's account to another user (Recovery role).
- Assign both or either of these roles to other users.
All recovery operations are carried out on the recovery officer's workstation, never on the SDMC server.
For further information on security in SDS for C&M, refer to Architecture and security.