Encrypt the files stored in file sever
Application Type
Traditional Web

Dear All,

Is there any way to encrypt the files which are stored in the file server? We are using on premise storage to save the files which are uploaded by the end user.

Whether we can encrypt the files from the application side or we need to do it from the server side by revoking the access?

Thanks in advance!


Regards,

Madhavan

mvp_badge
MVP
Solution

The article describes the following about encryption of data at rest, which if you read it carefully means you yourself do not need to do anything to ensure that at database level data is stored encrypted. heck the cloud services catalog to confirm if database encryption is available for your subscription. 

Securing data at rest on OutSystems Cloud databases

Database encryption at rest

In your OutSystems Cloud environments, each database server can be encrypted at rest using the features provided by AWS.

When the database server is encrypted at rest, this includes the underlying storage for database server instances, its automated backups, and snapshots.

The encryption of database server at rest:

  • Uses the industry-standard AES-256 encryption algorithm to encrypt the data on the server that hosts the virtualized database server used in the environment.

  • Encrypts the database servers' volumes by default upon asset creation.
     

OutSystems manages the database server encryption keys with the following policies:

  • Dedicated encryption keys are used to encrypt each database server delivered to the cloud environments provisioned for your usage.

  • Database server encryption keys are not shared between customer assets.

  • Database server volumes are encrypted using an encryption key stored in AWS Key Management Service (KMS) and managed by OutSystems.


On your cloud storage you have max 2gb file storage available (which is not part of the backup/restore service), that can be used to temporarily store files. You need to use your own encryption logic for those files.

My advice would be to use external file storage services from either Amazon AWS or Microsoft Azure, that have encryption features build in.

Using a component to integrate with an external file storage services


Online file storage services offer the scalability, reliability, and performance of full-blown cloud storage, enabling users to store files with several terabytes. It is possible to integrate with these services by creating their own extensions or reusing components already available in OutSystems Forge.

For instance, if users choose the Amazon S3 file storage service, they can use this Amazon S3 component, built by a member of the OutSystems community. This component encapsulates the Amazon S3 API in an extension that can be easily reused as a visual building block in applications.

This is a good option when filling a database with large amounts of binary information might create unnecessary (store and retrieve) load on the application server and database.

Even though OutSystems is running on AWS, the S3 service should be acquired directly from Amazon


mvp_badge
MVP

Hi,

Have a read add some sections of

 https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/Data_Encryption_at_Rest#How_to_fully_encrypt_your_sensitive_data

It contains paragraphs on encrypting data.

Alternatively an probably easier your could store your files to a zip file and add a password to protect/encrypt it. You can use the Forge component BigZip to create and password protect zip files.

Regards,

Daniel.


Dear @Daniël Kuhlmann ,

Thanks for your reply.

I read the article shared by you. I have a query from the article:

Whether we can do the data encryption only if the storage is on cloud? Because in the article they mentioned about the usage of encryption of keys (only through cloud)

 Also please find the below screenshot:


Thank you in advance!


Regards,

Madhavan

mvp_badge
MVP
Solution

The article describes the following about encryption of data at rest, which if you read it carefully means you yourself do not need to do anything to ensure that at database level data is stored encrypted. heck the cloud services catalog to confirm if database encryption is available for your subscription. 

Securing data at rest on OutSystems Cloud databases

Database encryption at rest

In your OutSystems Cloud environments, each database server can be encrypted at rest using the features provided by AWS.

When the database server is encrypted at rest, this includes the underlying storage for database server instances, its automated backups, and snapshots.

The encryption of database server at rest:

  • Uses the industry-standard AES-256 encryption algorithm to encrypt the data on the server that hosts the virtualized database server used in the environment.

  • Encrypts the database servers' volumes by default upon asset creation.
     

OutSystems manages the database server encryption keys with the following policies:

  • Dedicated encryption keys are used to encrypt each database server delivered to the cloud environments provisioned for your usage.

  • Database server encryption keys are not shared between customer assets.

  • Database server volumes are encrypted using an encryption key stored in AWS Key Management Service (KMS) and managed by OutSystems.


On your cloud storage you have max 2gb file storage available (which is not part of the backup/restore service), that can be used to temporarily store files. You need to use your own encryption logic for those files.

My advice would be to use external file storage services from either Amazon AWS or Microsoft Azure, that have encryption features build in.

Using a component to integrate with an external file storage services


Online file storage services offer the scalability, reliability, and performance of full-blown cloud storage, enabling users to store files with several terabytes. It is possible to integrate with these services by creating their own extensions or reusing components already available in OutSystems Forge.

For instance, if users choose the Amazon S3 file storage service, they can use this Amazon S3 component, built by a member of the OutSystems community. This component encapsulates the Amazon S3 API in an extension that can be easily reused as a visual building block in applications.

This is a good option when filling a database with large amounts of binary information might create unnecessary (store and retrieve) load on the application server and database.

Even though OutSystems is running on AWS, the S3 service should be acquired directly from Amazon


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.