Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-mail-logging domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the health-check domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ninja-forms domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the updraftplus domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114 5 More Things to Keep your Data Safe - NextcloudSkip to main content
Nextcloud has important security features you should know about!
Today’s blog highlights five Nextcloud features that provide the utmost security. Nextcloud provides its users with dozens of data privacy features, however we’re providing it to you in chunks.
Monitoring
To keep your files safe, you should know what is happening to them. Nextcloud has a number of ways that help users keep an eye on their files.
How to monitor your files with Nextcloud:
Track file activity – Have a clear overview of changes like newly added or deleted files in shared folders, recent edits, downloads, new comments from other users or tags, and more!
Add more monitoring capabilites with Nextcloud apps: Activities for shared file downloads which lets you trackdownloads of your shared files, and Quota Warning which sends notifications to users when they reached 85, 90 and 95% of their quota. See more in the Nextcloud App Store.
The Server Information app allows admins to monitor the state and performance of a Nextcloud server installation. It shows some basic statistics and gives access to data through an API endpoint which enables it to connect to.
Industry standard tools like Splunk, Nagios and openNMS. In fact, Splunk and openNMS have support for monitoring Nextcloud systems.
Auditing Logs allow you to log data in the nextcloud.log file to not only monitor file handling and user management, but prevent against data loss too.
Advanced Permissions allow the user to configure permissions on the files they share.
There are several types of permission options that make your files more secure like:
Setting permissions on a shared file to: read, create, edit, and / or upload.
Watermarking confidential documents to make it harder to steal data
Enabling a password protection or expiration date on a public file or folder
File-Drop: option to hide the contents of a folder where people can upload files to
Blocking downloads so the user can view and even edit the shared file(s), but not download them
With all of these features available, users can ensure their files are only accessed the way they want.
Machine learning based suspicious login detection
Introduced back in Nextcloud 16 by one of our developers, you can protect your account through machine learning, which increases security and productivity even beyond our brute-force protection and 2-factor authentification.
Suspicious Login Detection uses a locally trained neural network to detect attempts to login by malicious actors.
The way it works is that the app tracks a series of successful logins for a set period of time, and then uses the generated data to train a neural network. This network essentially learns the patterns of the user: at what time and from what location they usually log in. Once this trained model is formed, the system can detect any unusual or suspicious logins. For example, if a user typically logs into the office at 9AM, and suddenly there is a login from a different city at 11PM, something is off. When such a login is detected, the user gets a notification and can check the logs, potentially concluding in a password change by the user.
Note that Suspicious Login Detection trains and works with local data and does not send data anywhere else!
File Access Control
File Access Control is a feature that enables administrators to limit access to files in accordance to business and legal requirements.
Rather than working on individual files, it creates a definition of rules that block file access, even if an individual user would have shared a file against company policy. File Access Control is configured using Flow, which can also allow an admin or user to perform automatic actions like file conversion, getting notified based on certain conditions, and more.
For example, a company’s HR department normally works with documents only they and management can see. The administrator in this case could create a rule or “flow” implementing the following rule: “PDF files – from the HR department – should not be accessible outside company IP ranges or from outside the HR department or management.” This means specifically that PDF files, from the HR department, outside company IP ranges, will be blocked.
You can set each specific filter as simple or complicated as you wish, as seen below:
If now for instance an HR employee would accidentally share a resume with the entire company, all is fine. When that link seems like it could be accessed outside of management, the HR teams, or outside the company IP range, the rule would kick in and block access to the file.
Another example deals with a more specific and complicated flow, seen below. You set up a flow that only blocks MIME file types of images, that are a member of the admin group, that have a file size less than 5 MB, and that matches a specific IPv4 IP address. If a file access request matches these credential rules, Nextcloud will block access to the file.
There are truly countless options to the flows you can configure which ultimately safeguard your day to day workflow and business.
Audits
Audits are important security and compliance measures that can be used by companies to identify problems, track and dissect the causes of security or data loss breaches, improve efficiency, and instill trust to their partners and customers. They are often legally required and thus it is important that a collaboration platform supports them.
Nextcloud supports an audit log which stores the activities of all users of the system, suitable for review in case this is needed.
Of course, as a company, we also have our own processes and code audits. Beyond that, customers do their own audits or work with third parties on auditing the Nextcloud code base.
One prime example is the code audit conducted by Swiss IT security firm Kyos for the City of Geneva, Switzerland. The results came back with flying colors and added an extra layer of security that could be deeply trusted from the core of the code.
Today’s post just highlighted 5, however we recently posted more security features that bring our users the reassurance regarding all things security.
“When we have welcoming communities of contributors, open source software gets better and more useful to everyone.” Limor Fried, Electrical Engineer, Inventor and Founder of open-source hardware company Adafruit We believe in this ideal and love to work with our community. We are always looking to involve more people in Nextcloud, bringing in their ideas, […]
When cables are cut, sanctions are put in place or privacy legislation prohibits the use of the service your entire organization depends on, what can you do? Amidst geo-political changes, organizations face dependencies on large, centralized communication platforms. A major example of this is the SaaS-only communication platform Microsoft Teams. It is the only solution […]
We save some cookies to count visitors and make the site easier to use. This doesn't leave our server and isn't to track you personally!
See our Privacy Policy for more information. Customize
Statistics cookies collect information anonymously and help us understand how our visitors use our website. We use cloud-hosted Matomo
Matomo
_pk_ses*: Counts the first visit of the user
_pk_id*: Helps not to double count the visits.
mtm_cookie_consent: Remembers that consent for storing and using cookies was given by the user.
_pk_ses*: 30 minutes
_pk_id*: 28 days
mtm_cookie_consent: 30 days