Solution Highlight: DRACOON

One challenge faced by employees is the ability to securely share files with other employees, or external parties like partners and customers – this is where DRACOON steps in. DRACOON provides secure, platform-agnostic access to corporate data, from anywhere and any device.

DRACOON is available as a web app from any compatible web browsers, or a dedicated app available on desktop computers as well as mobile devices. There are also plug-ins for a deeper integration with Microsoft Office apps, such as Outlook and Teams.

DRACOON uses data rooms to assign permissions (e.g., read, edit, delete) to the files they contain, as well as to other data rooms. You can create any number of top-level data rooms as well as lower-level data rooms, allowing you to replicate any corporate organizational structure. Additionally, data rooms can also be encrypted for extra security.

DRACOON provides end-to-end data encryption, which includes client-side encryption, providing maximum data protection both in transit and at rest. Also, encryption passwords, cryptographic keys, and plaintext files never leave your endpoints, and are never outside of your control.

All cryptographic keys are generated only on the endpoint, same as all encryption and decryption processes, providing true end-to-end encryption. Since keys are only with the key owner, even an admin or DRACOON operator would not be able to decrypt the data, so there is no possibility of server-side decryption, which is not the case with all EFSS providers. Also, unless other vendors, no “black box” cryptography here, as the encryption method used by any solution should be discovered and made available in the source code to customers, so they know how their data is protected by any solution they use.

DRACOON integrates with both on-premises and/or cloud-based enterprise directories, so employees can use their everyday account and credentials to seamlessly authenticate the solution.

DRACOON also natively provides Two-Step Authentication (2SA), which requires users to enter a 6-digit confirmation code generated on their associated mobile device, in addition to their username and password credentials, in a second step, each time they log in. On top of that, DRACOON can also be integrated with third-party Identity and Access Management (IAM) providers (e.g., Bare.ID) to strengthen the authentication process even more and provide a higher level of security to protect DRACOON accounts from unauthorized access, using the Multi-Factor Authentication (MFA) authentication method.

DRACOON has built-in Role-Based Administration (RBA) that allows users to ensure that only the right people have management rights, depending on their role, department, or even region. This allows users to delegate access management to other departments directly, so they can manage access to their own files.

DRACOON also offers unlimited storage space, so your employees can securely save and share all of the company’s data, both internally and externally. Customer data and documents are stored on Amazon S3 in datacenters located in Germany (Europe) and managed by DRACOON.

If customers are willing to use their own AWS S3 storage instead, they can get even more control over who can access their data, and/or host it in a different region.

DRACOON is mainly available as a cloud-based solution, although there is also an on-premises version available, for customers willing to host the solution internally within their network instead. Plus, DRACOON allows customers to use their own URL and custom branding, so it integrates seamlessly with the existing corporate look and feel.

DRACOON natively integrates with several enterprise solutions to boost secure collaboration between employees, partners, and customers.

DRACOON integrates with Microsoft Teams, the business communication platform from Microsoft, to make entire data rooms, folders, and files from DRACOON available to other people directly in Microsoft Teams, without requiring them to have an account on DRACOON, thus greatly simplifying…

DRACOON provides an add-in for Microsoft Outlook (for Windows OS) that allows to send emails attachments, or even entire email (including body) fully encrypted and so GDPR-complaint. Integrating seamlessly into daily workflow, it not only helps employees saving time but also mail server resources, and guarantee email are sent in a GDPR-compliant manner.

• File attachments are saved in the DRACOON platform and sent to the recipients are secure, encrypted download links.
• It is also possible to encrypt an entire email, so the email content, together with any attachments are uploaded into an encrypted data room in DRACOON.

As usual, adding yet another solution into your organization, although providing new services to your employees, and eventually partners and customers, requires your IT personnel not only to be upskilled on another new product, but also must use yet another management console to perform administrative tasks like user creation.

Hopefully, for customers to automatize some administrative tasks – for example user enrollment, which requires manually creating user accounts and assigning them to specific data rooms, eventually adjust permissions on said rooms – DRACOON provides a useful REST API that allows customers and partners to develop their own scripts or applications to perform these tasks automatically. An Application Programmable Interface (API) is a set of rules that developers provide to enable programs to communicate with each other.

For example, IT personnel would only need to upload a (Excel) file with a list of people and have them automatically provisioned on DRACOON, instead of having to provision them manually, one by one, from the console, which is time consuming and prone to human error. It also allows software partners to integrate DRACOON into their own management and supervision solution, so IT personal like Service Desk could perform these administrative tasks and others from the unique management console they are used too, without having to learn about to how another console or even need to access it.

Also, all accesses are logged to be later auditable, although this is not an absolute security as malicious administrators could always circumvent logging. A specific “Auditor” administration role allows to view the audit log and run reports using the reporting tool. The audit log records all user activities on DRACOON.

File versioning for all files ensures that you do not lose a single file in a ransomware attack.

Compliance requirements can be easily enforced through rule-based data policies.

Developed by a German company, DRACOON is compliant with European Union (EU) General Data Protection Regulation (GDPR) is a regulation data protection law, checking off all legal specifications:

• Confidentiality: client-side encryption, granular permissions
• Integrity: activity log, file versioning
• Availability: data can be accessed from anywhere, anytime
• Authenticity: recycle function, allowing to recover accidentally or intentionally deleted files

Transparency: auditing, permissions transparency

A federal agency needed to be able to securely share documents with an independent, external company auditing its finance, with the minimum footprint and administration burden.

Using DRACOON solution, hosted in the cloud, they were able to easily and securely share (send and receive) documents with that external party via password protected links, without having to provision any account in their system for these external contacts.

Sharing sensitive corporate documents can prove to be a daunting task with today’s ever-increasing security threats, and ensuring your infrastructure and devices are protected is paramount. While you cannot eliminate these risks altogether, you can help prevent data leaks and cyberattacks by deploying the right solutions and leveraging them to their fullest capability. The team at ISEC7 has been at the mobility security forefront, working with companies in the private and public sectors to ensure their ecosystems are protected and their security posture endures through training and best practices. If there are any questions about DRACOON and/or how your current solution can be leveraged better, please reach out to the team at ISEC7, and we can complete a security assessment and help you navigate the options available to you to help strengthen and protect your infrastructure.

(C) Rémi Frédéric Keusseyan, Global Head of Training, ISEC7 Group