Zafepass UFS

Storing and accessing data easily and securely, both locally and in the cloud, while maintaining data privacy and sovereignty, presents a complex set of challenges, which are of utmost importance in an era where data breaches, unauthorized access, and data misuse are significant concerns.


Zafepass offer two unique,

methods;

VFS - Virtual File Share and,

UFS - Universal File Share.


UFS (Unified File System):

UFS is designed for system

owners to take back the

control of providing users

access to network shares

(anywhere). UFS present the

user for a “list of shares”,

shown as folders. The user(s)

won’t know about the under-

lying technology, nor where

the data is residing. This is managed from the IT side – including the applicable guard-railed micro-perimeter security policies for the individual UFS setup(s).


What is the UFS-Claim-To-Fame?


NFS (Network File System) a legacy distributed file system protocol, a fast and efficient way of making data available throughout an enterprise. Connecting Windows users to NFS shares is often a technical challenge, requiring installation of an NFS client driver (complexity), it doesn’t facilitate user authentication at all (security) and access to NFS shares depends solely on the host being connected from.


SMB (Server Message Block) is widely used for providing shared drives across a network, supports authentication and works over the internet. It’s a challenge though, as access functionality makes it complex to allow mapping of network-shares on different servers through firewalls.


S3 Buckets are public cloud storage-containers for objects stored in Simple Storage Services (S3), similar to AWS, Google Drive etc.


UFS is designed with the intend to provide the system owner with full control of these network shares, presenting to the user with a list of “shares” available, shown in a folder structure. When a user select a folder, UFS opens a connection to the UFS proxy (a Zafepass service) – which ‘relay’ the connection between the user and the network share. A UFS Proxy is ONLY accessible through a Zafepass gateway – and therefore extremely secure and well protected.


The users don't need to install anything anywhere, as it’s a Zafepass client requesting access. Zafepass clients can be launched from any device. For SMB-shares, the UFS Proxy authenticates against the Windows server.


S3 etc., are often publicly available, but since access is controlled by Zafepass, no-one can accidentally share access information. The configuration is done by IT, who also determine how guard-railed micro-perimeter security policies are being enforced.


A UFS Proxy also includes it's own file sharing mechanism, making it possible to share a folder on a hard-drive on the server where the UFS Proxy is running, essentially enabling “file sharing” without the server is sharing any thing or using any conventional protocol.


Controlling UFS access:


UFS shares are created using the Zafepass policy engine, enabling control flexibility and agility. Access can be allowed to sensitive data only from ‘approved environments’.


Ransomware proof:


UFS is resilient to mal-/ransomware. The UFS interface does not present itself as a drive and does not allow copy-and-paste or OLE functionality etc.


Protecting the file-server:


UFS benefit the protection of file-servers against Zero-Day compromises and exploits, as the user (and more importantly, applications running on the users PC) does not communicate directly with the file-server(s).


The user can’t mount (enable) UFS drive(s) themselves. In the connection and validation process, established by the Zafepass client, the provisioning server is instructed to mount a "Secure-Drive“ for as long as the user have an active session at the site.


Once the user's session ends, the UFS drive(s) is/are automatically unmounted.


Zafepass, is a security-first platform, which helps IT-admin to control and manage storage areas and provide permissions. This could be a supply-chain partner, that need blue-prints or other material, but being controlles by the 'data-owner".