safedrop has been developed by Od Consultancy Ltd, and by the same team that have have provided ultra secure dataroom service PROJECTFUSION since 2001. As a result, safedrop security is based on proven systems and processes that have helped facilitate thousands of datarooms - for clients ranging from law firms like CMS Cameron McKenna, to KPMG, Rothschild and many other financial services firms. We are fanatical about security - from having to use a passphrase for password resets, to being unable to view data without 2 tier authentication, every facet of safedrop is designed from the ground up to look after your data. Only 3 named senior staff have the potential to see your data. Your files are encrypted in transit and at rest, and are never ever stored in the clear.
“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.” — Kahlil Gibran
2 tier accessA username and password or API key is required to send a safedrop. If users want to gain access to sent drops, or old data, they will have to provide a second tier of authentication, either an email or sms token. For a hacker to get to the users data, they have to get the password, and also compromise the users email or phone account.
Encryption in transit and at restEach safedrop is encrypted at rest with a different key. So even if a hacker managed to gain access to the repository and brute force attacked one file, they wouldn’t have access any of the other files. safedrops are encrypted from the server to the browser using industry standard SSL encryption.
Account & Password SecurityUser passwords are encrypted on the server. Password resets require a valid email address and a passphrase response. If a sender or recipients email address or passphrase is compromised, their data is still protected. A "three strikes and suspend" policy means that any user who logs in incorrectly 3 times in a row is temporarily locked out. This prevents brute force password attacks.
Audit trailAll transmissions are logged for security purposes. All file deliveries and recipients are stored in a database accessible by system administrators. Files are not stored after their validity has expired, however we store SHA-1 checksums for each file.
safedrop message security
“The user's going to pick dancing pigs over security every time.” — Bruce Schneier
Minimising the capture windowsafedrop introduces two concepts to maximise security. ‘Self Destruct’ means a document is deleted from our servers after it has been download by all recipients. With this setting a recipient only gets one chance to download the safedrop message and attachments. safedrop messages also have a validity time, after which they are deleted permanently from the server. A combination of delete on download and a short validity time ensures high security. A self destruct message URL is useless after download, and cannot be forwarded or used again.
Level 1 Security - Unguessable message ID'ssafedrops are given long identifying URLs that are sent in the email to the recipient. These are unguessable (well you have a 1 in 3x1038 chance, and even then, you’d still have to know which email address it was destined for).
Level 2 Security - Default - Unguessable message ID's & Email verificationAs well as receiving a long identifying URL by email, users accessing a safedrop with level 2 security must first validate their computer by receiving an email security token, which they enter to access the drop. They may choose to mark the computer as ‘private’, in which case they will not be asked for an email token again for 28 days on that computer. This use of tokens and URL’s prevents users from sharing the long URL with other people.
Level 3 - SMS for 2 tier recipient authenticationWith optional phone security when the recipient collects the message, recipients will have to collect an SMS and type in the one time pin code provided. This provides 2 tier authentication.
Strong default securityPeople don’t care about security, especially when they’re in a hurry. So our default sending mode is level 2 security. Extra security is easy to add.
Revoke messagesWe all make mistakes. With safedrop, if you send a message to the wrong people, you can revoke it.
Want more?!If you can describe it, we will try to implement it! Just get in touch and let us know what you would like.
people and process security
"You can't hold firewalls and intrusion detection systems accountable. You can only hold people accountable." — Daryl White, DOI CIO
All employees trained on information security and privacy proceduresFirst line support personnel have no access to confidential information, client data or backend systems. Our expert 3 man support team, under strict NDA, are the only people with access to your server. Written permission is required before our support team will view or examine any files in your safedrop instance. New starts are identity checked to BS7858 level, and employed for at least 4 months before being given access to servers. Systems access logged and tracked for auditing. Full documented change management procedures.
"The mantra of any good security engineer is: 'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together." — Bruce Schneier