Cloud systems for storing and archiving files must meet high standards in terms of security. This also applies to ownCloud software. We take a closer look at the cloud service and its security features in the following article.
What is ownCloud?
ownCloud is a cloud solution that allows users to store and centrally synchronize their files online. The cloud software is a freely usable program. It was presented as an alternative for commercial providers of cloud services in 2010 by Frank Karlitschek. One year later, ownCloud was founded as a company of the same name.
The ownCloud software is available as a desktop client or an app for various end devices and operating systems. Users can store their files on their own server or a web space via ownCloud. In this way, they retain control over their data, especially when managing sensitive data.
The equally well-known cloud storage Nextcloud emerged from ownCloud. It is a further development of the source code of the ownCloud solution.
Functional scope of the ownCloud software
The free software supports the exchange of files and thus serves as an interface for collaborative work projects. As an open source interface, ownCloud is a result of several developers. In recent years, these developers have integrated new features again and again. The client solution is an option especially for private users. They can customize the software with their own apps. Therefore ownCloud is also widely used by this group of users.
Basically, employees of a company can also use the cloud solution. It enables simultaneous and shared editing of documents. Larger files can be easily stored and information can be exchanged in real time. Documents can be shared via the ownCloud server. Access rights for people can be individually assigned or restricted.
The File Lifecycle Management function
Last year, the provider added a new feature to its cloud software called File Lifecycle Management. Users can set that unused files are automatically deleted. Alternatively, archiving at another storage location is possible. The aim behind this is to remove personal content from individuals at regular intervals in order to comply with the requirements of the current GDPR.
This tool is particularly useful for long-term data management. But caution is advised, because through File Lifecycle Management, certain content can be removed automatically. Recovery of accidentally deleted documents is possible, but not a standard feature of the software. Therefore, the question is whether ownCloud’s cloud servers meet all the guidelines for the principles of proper management and retention of books, records and documents in electronic form and data access (GoBD). For tax reasons, companies are obliged to archive all files from their business operations for certain periods of time in a verifiable and openly accessible manner.
Compliance with the GoBD therefore plays an important role for cloud storage in addition to general IT security. ownCloud cannot, however, guarantee this requirement beyond any doubt. Users must therefore take care that no files that are still relevant to the tax authorities are lost through incorrect settings and use. This not only applies to the deletion of documents. Changing the storage location can also be problematic if this prevents access on the one hand and raises the suspicion of manipulation on the other. In both cases, there is no GoBD conformity, so that consequences for the company could threaten.
Although ownCloud offers the possibility of specifying the periods for storing data for each individual document, this system for storing data remains questionable. This does not guarantee an efficient workflow in everyday work, which is closely oriented to practical requirements, or GoBD-compliant and audit-proof archiving.
What role does security play in ownCloud?
The service itself advertises that security is a high priority and uses WebDAV, mobile libraries, encryption and various extensions. However, these extensions are only available in the Enterprise Edition at additional cost.
To encrypt the transmission of data, ownCloud uses an SSL connection for private servers. The data stored on the own server is also fully encrypted. However, ownCloud uses different encryption methods for these two processes – data transfer and storage on the server. It is therefore possible that when switching to the other encryption standard, the files remain unencrypted for a short time. If the SSL certificate is even switched off, the data transfer is completely unsecured.
Open source with open source code
The German Federal Office for Information Security (BSI) tested the open source solution a few years ago. The BSI criticized that users of older ownCloud versions do not update their installation with updates. Some of these users included public authorities, which ran an enormous security risk by using outdated versions. Missing software updates were also found to be missing from Nextcloud, the counterpart of ownCloud. As a result, just under 20 percent of ownCloud users responded to the warning information from the BSI and installed an update.
This is a particularly explosive situation for public administrations or companies. A freely accessible source code is vulnerable to security holes. Without appropriate know-how in the IT department and higher costs for support and maintenance of the systems, data is not secure with ownCloud.
In addition, the update process of ownCloud has not always worked perfectly in the past. This was the case, for example, when the client’s version was up to date even though a new software version was already available. For users, such a circumstance represents a hurdle in secure application. In addition, some current versions also have known security gaps.
In principle, users of cloud solutions should keep their IT infrastructure up to date at all times. Otherwise there is a risk of theft or loss of sensitive data.
The comparison of TeamDrive vs. ownCloud
Especially in the age of digitalization and the increase of flexible remote working models, companies or public authorities are dependent on platforms for collaborative work. This is the only way to make business processes effective and efficient.
However, there are still major reservations about public cloud services. Private clouds convey a deceptive picture of security and control over data. For cost reasons, however, many companies still use inexpensive solutions and run the risk of losing the desired control. TeamDrive is an inexpensive alternative to the ownCloud.
TeamDrive offers maximum security for companies and authorities through two-factor authentication and end-to-end encryption. Other arguments in favor of TeamDrive are its server location in Germany, the collaborative management of documents, and the fulfillment of all GDPR and GoBD requirements.