Reclaiming Digital Sovereignty
The French government cares deeply about the safety of the data of their citizens and employees. With the on-premises content collaboration platform Nextcloud we have opted for a secure, easy to use solution from the leading European vendor.
Governments are moving away from foreign cloud providers amid rising concerns about digital sovereignty. Nextcloud has emerged as the most deployed self-hosted private cloud solution in government.
Communication via paper only is out of date. Citizens expect from their government a modern, digital communication exchange, secure and discreet. In the office, at home and on the road.
Choosing an on-premises product means you can guarantee your citizens that data never leaves your organization and remains 100% confidential.
Powerful server and client side encryption options provide ultimate protection for sensitive documents.
Open Source means full control over your infrastructure. One of worlds most used and best understood software licenses protects your investment, guaranteeing complete vendor independence and zero risk of compliance issues.
Nextcloud provides users with a modern, easy-to-use and productivity-oriented solution that enables efficient online and mobile collaboration and communication. ITZBund now provides an on-premises open source solution from a German provider to keep control over their own data.
As a government organization, protecting sensitive data is important to us. With Nextcloud we have a self-hosted, well-supported solution that offers great team collaboration while keeping data secure and on-premises
Ministry of Foreign Affairs, Afghanistan
Sending around data by email or using public SaaS file sharing solutions does not provide much security for sensitive data. Encryption is complicated and cumbersome to use, reducing the real benefits due to employees working around them or making mistakes.
Keeping data on your own infrastructure or at a trusted local private or public cloud provider means you stay in control. Only then can you show your customers exactly where their sensitive documents are. Regulators can be certain that non-compliance with proper process is minimized.
Most consumer-grade solutions like Dropbox or Office 365 were not designed with privacy regulations and security concerns in mind, mixing data from consumers and businesses, spread out in data centers across the globe. Enterprise IT workloads may be processed by Cloud Providers liable to the US CLOUD Act, meaning your business data can be leaked on orders of the US judicial system, often without disclosure to you.
Rather than trying to work around their limitations, Nextcloud provides a security-first solution which puts you in complete control over the location and access policies of data with a private cloud solution as well as a managed public cloud solution offered by local and trusted providers.
Försäkringskassan is working on developing user functionality for such things as file storing internal messaging services, end-to-end encrypted and self hosted.
The need for Sweden as a country to have control over its information and the consequences of not having access to the information should be considered from the perspective of national security and sovereignty. In an international crisis or conflict, the willingness and ability of other countries to access, manipulate or deny access to information handled by a service provider should be considered.
Internal reports, citizen data and politically sensitive documents can be stored safely and shared easily among the professionals who need access.
With the growing complexity of governance comes increasing amounts of data. Nextcloud is designed for ease of use, fitting familiar interfaces and lowering the barrier to sharing and data access.
A first requirement for any secure solution to share data is that it does not force complexity on the user. Complexity leads to mistakes and mistakes can lead to data leaks!
Nextcloud makes accessing and sharing data a breeze, providing users a comfortable, familiar workspace.
Data needs to be available where the employees are. Tablets, mobile devices, laptops and desktops all have access to the same files at a moments notice thanks to the first-class Nextcloud clients.
Employees can tag and comment on files for easy collaboration, roll back files to earlier versions or find deleted files in the trash. Real time collaborative editing and secure audio/video calls and chat complement the array of features aimed at enhancing productivity.
A report from the Italian city government Comune di Macerata about how Nextcloud saved their work during the COVID-19 crisis, covering what feature and setup was used.View on YouTube
While data needs to be at professionals’ finger tips at all times, the IT department must be able to ensure policies around sensitive data are respected.
Government data is at the same time extremely sensitive and needs to be immediately accessible. Regulators are aware and privacy and security requirements are extremely strict.
Nextcloud is a popular self-hosted solution in government for its ability to strictly control access to data and industry-leading security capabilities.
The File Access Control feature of Nextcloud enables IT to codify legal and policy requirements, blocking unauthorized users uploading or downloading data following defined rules. Criteria include IP address ranges, group membership, file type and size, time and more. Data retention can be controlled as well, enabling administrators to limit the lifetime of certain files.
For ultimate protection, the self-hosted collaboration solution can even be entirely firewalled off from the internet. This is the model employed by the Germand and French federal governments.File Access Control
Nextcloud offers built-in powerful monitoring capabilities, enabling institutions to ensure smooth performance. Systems can be monitored using the web interface or through monitoring and systems intelligence tools like OpenNMS, Splunk, Nagios or others. A full auditing system logs all user actions, enabling fully compliant usage of file sync and share.Monitoring and auditing
Nextcloud uses industry-standard SSL/TLS encryption for data in transfer. Data at rest in storage can be encrypted using a default military grade AES-256 encryption with server-based or custom key management. Optionally and on a per-folder base data can be end-to-end encrypted on the client with the server assisting in sharing and key management using a Zero-Knowledge model.
Seamless integration and ease of use with key features like offline recovery keys, auditing and HSM support make Nextcloud Encryption capabilities leading in the industry.Encryption in Nextcloud
Nextcloud understands the necessity to provide core principle baseline security requirements, as such Nextcloud 11 is built on these security principles to ultimately deliver a secure solution to their customers
Complexity is the enemy of security and Nextcloud is designed to offer quick and easy integration in existing infrastructure, leaving policies and procedures in place. Its powerful LDAP and storage integration seamlessly fits with existing user directories, Windows Network Drive, NFS and Sharepoint storage solutions.
The result: a quick implementation at low cost, and easy maintenance making a self-hosted Nextcloud the cloud compliance solution with the lowest TCO.
Nextcloud integrates in government infrastructure with support for SAML and Shibboleth, LDAP, Kerberos, Oauth, and other often used authentication mechanisms and runs on all enterprise Linux systems offering support options to match their life cycle.
Data storage can be one or multiple NFS, Object Storage, Samba or a variety of other powerful storage mechanisms. This way Nextcloud provides seamless access to data on existing storage mechanisms, respecting existing access control policies and transparently handling changes on the underlying storage layer.
Fully self-hosted, meaning all data is under your control. Nextcloud can leverage your existing storage, security and privacy policies. There is no vendor lock-in or tracking by us of any kind!
Authentication through LDAP / Active Directory, Kerberos and Shibboleth / SAML 2.0 and more and external storage supporting NFS, Object Storage and other protocols ensure easy integration.
Nextcloud offers an easy to use user interface which comes with powerful search functionality, trash and versioning, favorites, tags and more ways to quickly reach the files users need.
First-class security policies, extensive security hardening features and File Access Control to ensure legal and privacy regulations are enforced at all times. Nextcloud comes with integrated logging, two-factor authentication and NIST compliant password policy control functionalities.
Desktop and mobile clients for Windows/MacOS/Linux, Android and iOS complement the web interface, integrating in the file system. Nextcloud can also be reached through WebDAV.
Nextcloud offers fine-grained control from mobile, desktop or the Web over data access and sharing capabilities. Advanced quota management with configurable accounting of external storage and configurable file retention policies.