Nextcloud has important security features you should know about!
Today’s blog highlights five Nextcloud features that provide the utmost security. Nextcloud provides its users with dozens of data privacy features, however we’re providing it to you in chunks.
To keep your files safe, you should know what is happening to them. Nextcloud has a number of ways that help users keep an eye on their files.
How to monitor your files with Nextcloud:
Read more about Nextcloud Monitoring.
Advanced Permissions allow the user to configure permissions on the files they share.
There are several types of permission options that make your files more secure like:
With all of these features available, users can ensure their files are only accessed the way they want.
Introduced back in Nextcloud 16 by one of our developers, you can protect your account through machine learning, which increases security and productivity even beyond our brute-force protection and 2-factor authentification.
Suspicious Login Detection uses a locally trained neural network to detect attempts to login by malicious actors.
The way it works is that the app tracks a series of successful logins for a set period of time, and then uses the generated data to train a neural network. This network essentially learns the patterns of the user: at what time and from what location they usually log in. Once this trained model is formed, the system can detect any unusual or suspicious logins. For example, if a user typically logs into the office at 9AM, and suddenly there is a login from a different city at 11PM, something is off. When such a login is detected, the user gets a notification and can check the logs, potentially concluding in a password change by the user.
Note that Suspicious Login Detection trains and works with local data and does not send data anywhere else!
File Access Control is a feature that enables administrators to limit access to files in accordance to business and legal requirements.
Rather than working on individual files, it creates a definition of rules that block file access, even if an individual user would have shared a file against company policy. File Access Control is configured using Flow, which can also allow an admin or user to perform automatic actions like file conversion, getting notified based on certain conditions, and more.
For example, a company’s HR department normally works with documents only they and management can see. The administrator in this case could create a rule or “flow” implementing the following rule: “PDF files – from the HR department – should not be accessible outside company IP ranges or from outside the HR department or management.” This means specifically that PDF files, from the HR department, outside company IP ranges, will be blocked.
You can set each specific filter as simple or complicated as you wish, as seen below:
If now for instance an HR employee would accidentally share a resume with the entire company, all is fine. When that link seems like it could be accessed outside of management, the HR teams, or outside the company IP range, the rule would kick in and block access to the file.
Another example deals with a more specific and complicated flow, seen below. You set up a flow that only blocks MIME file types of images, that are a member of the admin group, that have a file size less than 5 MB, and that matches a specific IPv4 IP address. If a file access request matches these credential rules, Nextcloud will block access to the file.
There are truly countless options to the flows you can configure which ultimately safeguard your day to day workflow and business.
Audits are important security and compliance measures that can be used by companies to identify problems, track and dissect the causes of security or data loss breaches, improve efficiency, and instill trust to their partners and customers. They are often legally required and thus it is important that a collaboration platform supports them.
Nextcloud supports an audit log which stores the activities of all users of the system, suitable for review in case this is needed.
Of course, as a company, we also have our own processes and code audits. Beyond that, customers do their own audits or work with third parties on auditing the Nextcloud code base.
One prime example is the code audit conducted by Swiss IT security firm Kyos for the City of Geneva, Switzerland. The results came back with flying colors and added an extra layer of security that could be deeply trusted from the core of the code.
Today’s post just highlighted 5, however we recently posted more security features that bring our users the reassurance regarding all things security.
We are excited to invite you for a webinar about using the open source online office suite Collabora Online on Nextcloud. Learn how you can achieve digital sovereignty and security with Collabora Online and Nextcloud.
Sign up for this free webinar on Thursday, 18 August 2022 to learn more on how you can use online office capabilities on Nextcloud Hub with Collabora Online.
Eloy Crespo – Sales Executive & Business Development at Collabora Productivity
Eloy Crespo has lead Collabora Productivity’s Sales and Business Development since 2016. He loves to help new customers of every size, from small to huge enterprises, experience the fun of their own private, on-premise office suite.
He specializes in getting partner and customers setup, switching on their SLAs, and plugging them into the rest of the company for a smooth Collabora experience.
From 2020 to 2021, showing a continued strong growth for the market leading digitally sovereign content collaboration vendor, Nextcloud grew revenue by 75% and net income by 133%. To service the new customers, Nextcloud expanded its team by 70% and hired a dedicated hiring manager to further accelerate its hiring for 2022.
2021 has seen transformational product improvements, opening up new markets for Nextcloud and bringing thousands more businesses the certainty and security of control over their data only Nextcloud can offer.Frank Karlitschek, CEO
Since the Swedish Government marked Nextcloud as the key solution for digital collaboration, the Nextcloud user and customer base continues to grow quickly. We recently shared customer success stories with the City of Geneva, the local bank in Munich, 15K teachers in Luxembourg, over 35K middle school students and teachers in France and 750K students and researchers in Sweden.
Collaborations with major European cloud vendors Deutsche Telekom and IONOS in 2021 introduced thousands of new businesses to digitally sovereign, instant collaboration. Several multi-million-user deployments combined with the long tail of dozens of 100K+ and thousands of smaller installations grew our customer user base more than 10X in a single year.
Meanwhile on industry review platforms, users give Nextcloud top ratings, beating out many competitors. Nextcloud entered the short list quadrant on Gartners’ Capterra in 2021, and again in 2022!
The releases of Nextcloud Hub 21, with a 10X performance improvement and many Talk updates and Nextcloud Hub 22 with workflow automation and the introduction of knowledge management provided enterprises key functionality needed during the work from home period. In December, Nextcloud announced Nextcloud Hub II with a major overhaul, introducing Nextcloud Office, bulk upload and Nextcloud Backup. This release coincided with a significant uptick in interest from local and federal governments across Europe. The latest developments around GDPR compliance and anti-competitive behaviour of big tech have reinforced this interest.
This growth has continued in 2022, with two further releases of Nextcloud Hub II and the first in-person Nextcloud Enterprise Day in 2 years. Early October, the Nextcloud Conference and, to satisfy great demand, a second Nextcloud Enterprise Day, expect a combined 500 visitors over 4 days.
All this is, in no small part, enabled by our community which is continuously growing. Statistics on Open Hub show Nextcloud regularly hitting a spot in the top-3 most active open source projects. We’re both proud of and humbled by all this support and we want to thank everybody who helps make it possible for us to work with you all and make Nextcloud better, every day!
In July 2020, the Schrems II case invalidated the EU-US Privacy Shield meaning that data transfers to non-EU countries were illegal under the GDPR. From this point forward, companies immediately had to comply with the new decision. If companies needed to make a data transfer outside of the EU, they would need to confirm that the country provides equivalent data privacy rules and laws to that of the GDPR.
This ruling of the European Court of Justice (ECJ) trickles down to all EU countries, however because of the many ways in which companies work around the ruling (like through Binding corporate rules BCR), Schrems II is not often taken seriously enough at the local level. However, the Procurement Chamber of Baden-Württemberg has recently made a more binding decision that will greatly impact all public tenders in the state.
According to a Presse Box release, the Vergabekammer Baden-Württemberg, or the Public Procurement Chamber of Baden-Württemberg, has made a non-appealable decision that the transfer of personal data to a “third country” (outside of the EU) that does not have this equivalency in privacy law is impermissable under the GDPR.
This entails that even if a server is operated by a company based in the EU but has a parent company in the US, the data transfer is still not allowed due to the possibility of that data being accessed by its non-European counterparts.
After the EU-US Privacy Shield was invalidated, there still was the possibility of transfers with so called Standard Contractual Clauses (SCCs). However, this new decision in Baden-Württemberg also illegitimizes the use of SCCs which companies and organisations have used as a work around in the past.
Shadow, famous for their high-end cloud PC product, is building a collaboration platform on top of Nextcloud. They aim to release their Shadow Drive to early access users this month, and interviewed our CEO Frank Karlitschek to discuss why Nextcloud and Shadow Drive fit together.
Apps are one of the most significant components that make up Nextcloud. At Nextcloud we want to encourage app developers to show off their creative programming talent.
If you are a new app developer here is a page to help you get started!
Who’s got an idea for the next great app in the Nextcloud app store? We are announcing a friendly contest for all developers who want to participate by building an app for Nextcloud, to be announced at the upcoming Nextcloud Conference in Berlin, October 1-4.
The developers of our 5 top picks will receive travel and accommodation funding for the conference, a 1-hour private mentoring slot with a Nextcloud developer and a design review with a Nextcloud designer! And on top of that, the developer(s) who build the winning app win 500 euro and a Nextcloud mug!
Just publish your new app anytime after this announcement in the app store, until August 30, and you automatically participate in the contest 😉
On August 30 we will nominate up to 5 apps, who will receive travel reimbursement for flight/train and hotel for up to 3 people who contribute to each app. We decide the top 5 based on the idea and the implementation – of course, the app doesn’t have to be perfect or fully finished by August 30!
The final winning app will be decided upon the conference so you can still improve your app after August 30, right up until October 1st when we will pick the winning team and invite them on stage!
A team of Nextcloud GmbH engineers will vote and the app store score will be taken into account. The app that has the highest average score will be the winning app!
We are ready to help you. There is a dedicated community chat with Nextcloud developers and community members, and there is also a forum category that is watched by Nextcloud developers where you can post your questions about development.
Are you new to Nextcloud app development? Here is a page that helps you getting started.
To upload your app, you can find the instructions here. Interested in building a mobile app for Android or iOS, or an app for the desktop? Cool! That works for us, too: you are 100% included in the contest!
Are you from an underrepresented group in open source and are you new to developing Nextcloud apps or contributing code to Nextcloud? We want to support people who have been historically marginalized in open source to get involved and have a great time contributing for Nextcloud, through our Nextcloud include programme. You can apply for mentorship to get help with developing your first app and for travel funding to visit our conference by filling in this form. https://cloud.nextcloud.com/apps/forms/7x6yQHNpZDbgC3EP
Happy coding everyone! Looking forward to all new apps 🙂
What: Nextcloud app contest
When: Deadline for having the app published is August 30, 12 AM CEST
Who: Yes, you! 😉
Why: Attend the Nextcloud conference and meet other Nextclouders to exchange skills!
How: Start developing your app right away!
You love Nextcloud because it allows you to keep your data secure and under your control.
When it comes to protecting your data, we want to be your #1 trusted technology and provide you with state-of-the-art, industry leading tools that go beyond today’s technology standards.
Nextcloud offers more security features and benefits than most people realize, and today we want to zoom in on 5 of them.
Remote wipe is a Data Leak Prevention (DLP) method that allows a system administrator to remotely delete data from a device. It’s especially useful if your device is lost, has been stolen or when an employee no longer works for your organization.
Due to built-in Nextcloud support, Remote wipe will not only work on systems under the management of a company (MDM), but also on the private devices of employees in BYOD situations or for friends who have an account on your server. Therefore it is also helpful for home users, large universities, and non-profits who often don’t fully control the devices of their users.
2 examples when Remote wipe is essential:
Stolen or lost devices usually catch you unprepared. Therefore, this feature is supported by all official Nextcloud clients, for Android, iOS and desktops. Note that the Nextcloud Remote Wipe feature can only remove data from online devices.
Curious? Watch the video to see how it works:
In situations where extreme security is warranted and the identity of a recipient must be verified with absolute certainty before they are granted access, Nextcloud includes the industry-first implementation of Video Verification in a file sync and share solution.
You might be familiar with this process from the opening of online bank accounts: you have to record yourself or have to have a live session with a human. In both cases, a human has to check your identity before you gain access.
Similarly, Video Verification enforces a Nextcloud Talk video call before access is given to a share, making sure the identity of the recipient is properly checked. The call can be picked up through the Nextcloud Talk Mobile apps as well as the web interface.
At Nextcloud, we want you to feel 100% certain that your data is protected and under your control and jurisdiction.
When extreme security is warranted and the identity of a recipient must be verified with absolute certainty.
To help our system administrators assess the security of their private cloud server, we have developed the Private Cloud Security Scan.
Our scan is strictly based on publicly available information, that is, the list of known vulnerabilities relevant for Nextcloud releases as well as any applied hardenings or settings we can scan without having access to the server.
It’s available for free here, just add your server URL.
Nextcloud protects your security with up to $10,000 in our HackerOne’s Bug Bounty program.
We have partnered with HackerOne because of its extraordinary popularity among IT security professionals. The widely used platform has a global hacking community that uncovers high-risk vulnerabilities fast and which allows us to quickly leverage the collective knowledge of a huge amount of security experts. Over 3,000 hackers have already reported countless bugs for Nextcloud and reaped the benefits.
“Nextcloud’s commitment to responsiveness and putting security first puts them in the best position to attract top hacker talent to continue to supplement the good work their internal security team is doing to protect customers.” – Michiel Prins, Co-founder HackerOne.
Anyone reporting a security vulnerability in Nextcloud can earn up to $10,000, making ours one of the highest security bug bounty programs in the open-source industry!
In settings where a strong security firewall is needed between departments or organizations without impeding smooth and efficient collaboration within each team, a separate Virtual Data Room can be set up. Nextcloud offers a range of features for VDR use and its on-premises nature offers unparalleled confidentiality and control.
For Nextcloud, VDR is a set of features to implement the concept of a VDR, with flexibility in the exact implementation. In our next post, you will learn about some of these features!
Nextcloud was covered in a Wall Street Journal article, “Microsoft Goes on Offensive in Europe to Combat Cloud Concerns.” It covers a range of challenges Microsoft is facing, and how it employs its army of lawyers and lobbyist to push back.
As the article explains, Nextcloud CEO and founder Frank Karlitschek was approached by a Microsoft lawyer earlier this year to make a deal.
In the meeting, the Microsoft correspondent offered benefits in the form of collaboration and marketing to Nextcloud. For example, they wanted to promote the Nextcloud logo in Microsoft marketing material – if Nextcloud would consider dropping its anti-trust complaint.
In early 2021, under the leadership of Nextcloud, a group of companies filed an official complaint with the EU Directorate-General for Competition about the behavior of Microsoft. This coalition of European cloud companies advocates for a level playing field in the EU.
Microsoft has had a lot on its plate in Europe amidst rising concerns about the security of its products as well as bundling ts products with Windows and anti-competitive behavior in other areas. This is rather similar to the hot water other big tech companies find themselves in.
“He was basically offering us a cookie. It isn’t about having a logo somewhere or doing a quick deal. We’re not interested in that. We are concerned about the overall antitrust situation.”Frank, quoted from the WSJ article
As covered also in this article on Techzine (no pay wall), a Microsoft spokesperson was quoted:
“You can’t become allies until you stop being adversaries, and can’t stop being adversaries until we address the concerns that they legitimately have raised.”Microsoft spokesperson to WSJ
One could question whether offering some collaborative marketing was really meant to address such deep-rooted anti-competitive behavior, or if the goal was simply to let the complaint go away with some marketing dollars.
As just today came out, rather than fix the issue, Microsoft continues its marketing campaign by offering a “sovereign” cloud which in reality is just the very same public cloud, as Techzine points out:
None of the tech is new. Microsoft Cloud for Sovereignty revolves around service.Techzine
We are pleased to announce our first keynote speakers for the Nextcloud Conference!
It is with great honor to welcome Felix Reda and Renata Ávila, the key players in the open knowledge world, policymaking, global digital rights and data privacy! See you at #NcConf2022 💙
Felix Reda (he/they) has been elected member of OKF’s board since 2020. Felix is a German researcher and politician and was Member of the European Parliament (MEP) for the German Pirate Party, which he left in 2019. AS MEP he was Vice-President of The Greens–European Free Alliance. Felix Reda is an expert on copyright reform. He is an affiliate at the Berkman Klein Center for Internet & Society at Harvard and a fellow of the Shuttleworth Foundation. Felix leads the strategic litigation project „control ©“ on open access and copyright at the Berlin-based NGO Society for Civil Rights.Felix Reda
Renata Avila, CEO, Open Knowledge Foundation. Renata is an international lawyer, author and advocate. She brings nearly 20 years of experience in access to knowledge, freedom of expression, policymaking and global digital rights. Renata is an Affiliate with the Stanford Institute of Human-Centered Artificial Intelligence. Renata is a member of the Global Board of Trustees of Digital Future Society, the board of Whistleblower Network Germany, the governing board of Open Future and the advisory board of Creative Commons, among other affiliations in a vast professional network extending across Europe, Latin America and North America. She co-founded the Alliance for Inclusive Algorithms, the Progressive International and the Polylateral Association – an international platform cooperative for knowledge workers.Renata Ávila
One of the best parts about a hackathon is people coming together from around the world in the name of code. The team that created the new organizational chart is a prime example of that. Comprised of team lead Shieva Saavedra from the Phillipines, Manuel Castro, Juan Manuel Tejonero Valdes, and Alba Real Aragón from Spain, as well as Vassilis Kritharakis from Greece, it’s a real, internationally diverse team.
The organizational chart the team created is a new feature of the Nextcloud Contacts App. Using just one open source library, you can have an entire organizational chart be created in seconds from your contacts list.
Starting with the head of the organization or company, a list of employees under different heads, managers, and teams can all be made into a visual dream.
The organizational chart is perfect for the HR manager or team of any organization or business, as it works swiftly and is a place that can keep track of all the changes in staffing occuring all the time. For other employees in the organization, it’s a great visual to understand the hierachy in the organization and to be able to play around with the different teams and their leaders.
Visually appealing, interactive, and versatile, this new organizational chart is a must have! No more manual work, it’s now all automatic and easy, thanks to our hackers.
Also available is a single pull request for the code from the Contacts app.
To hear it from the team lead herself, watch the demo video below!
Under the team lead Shieva Saavedra, Manuel Castro, Juan Manuel Tejonero Valdes, Alba Real Aragón, and Vassilis Kritharakis all received the 2nd prize at the NextGov Hackathon and were awarded €3,500 for their time, efforts, and talents in creating the new Contacts feature. We thank them all for their work and dedication at the event, and in improving Nextcloud which in turn will hope to encourage public administrations to switch to more secure, open source cloud solutions.
Stay tuned for features of the rest of the winners on #AppTuesday!