Freedom from external control of data is guaranteed only if individuals, companies and authorities are in full control of their own data at all times. Full user control of data demands two prerequisites: Firstly, users who can access your data must be under your exclusive control. On the other hand, they must be able to easily move their data to another system at any time if desired or necessary.

Protect trade secrets and intellectual property

Protection of intellectual property, sensitive data and trade secrets is vital for any organization. Failure to comply with data protection regulations such as GDPR might lead to the abuse of personal data belonging to employees, customers and citizens, and consequently result in disastrous losses in terms of finances and goodwill. In extreme cases, data breach might even endanger the very existence of organizations. In case of loss of state secrets, a full-blown public crisis is not at all impossible.

If it is difficult to take data out of one system and transfer it to another, companies and authorities often shy away from a system change, even when it is actually urgently needed. As a result, they become more and more dependent on the system provider, which sooner or later results in increased costs. This is clearly exhibited by the federal expenditure trend on Microsoft products. As an enquiry to the federal government revealed, this expenditure has almost quadrupled since 2015 and amounted to a whopping 179 million euros in 2020.

The right technology approaches

With the right technologies, companies and authorities can achieve unlimited data sovereignty. Your software systems should fulfil three central characteristics:

Software systems shouldn’t be running on public clouds:

Public cloud services usually represent a black box in which it is not possible to trace who is accessing the data. IT security often plays only a subordinate role for the large cloud players, as proven by the numerous data scandals that have occurred around large cloud platforms in the recent past. Moreover, the US Cloud Act poses further problems.

This law enables US authorities to access data stored by the providers of the American cloud platforms relatively easily. As a result, organizations cannot completely control access to their data. Therefore, most organizations prefer software systems that they can operate in a private cloud – either in their own data center or with a trusted IT service provider of their choice to enjoy full control over data access.

Software systems should support open standards:

If a software system is easily accessible to all market participants and allows all types of data to be freely shared with others without modification, it is interoperable and can easily work with systems from other manufacturers that follow the same approach. This gives companies and authorities the freedom to exchange software for an alternative solution at any time, because they can transfer their data without any obstacles.

Software systems should be based on open source: 

Open source software is a guarantee for data sovereignty and thus for digital sovereignty. It offers maximum transparency, control and openness, enabling organizations to handle their data in a self-determined manner. You can see for yourself in the code that the software does not contain any backdoors through which data can be passed unnoticed to third parties.

In contrast to closed-source solutions, the auditability of the source text means that companies and authorities can also find and fix vulnerabilities themselves before they are exploited by malicious players. In contrast to proprietary software, open software is also mostly platform-independent. The freedom of choice for hardware and service providers is therefore significantly greater.

Tobias Gerlinger, CEO, ownCloud

Build data sovereign workspaces

Private cloud, open standards, open source: This triad, among other factors, enables organizations to design a digital workplace for their employees to carry out regular operations with data sovereignty.

There have long been open-source alternatives for every conceivable application, be it OpenXChange and Kopano as groupware, Rocket Chat and Matrix as chat systems, Big Blue Button and Jitsi for video chats, Only Office and Collabora for office applications, Kanboard for project management or OwnCloud for file management.

Organizations can implement all of these solutions as a private cloud. They also offer modern, open interfaces, enable any integration and allow individual applications to be used at any time if necessary.

In this way, companies and authorities can create a digitally sovereign workplace without compromising on performance or functionality. Contrary to popular belief, an open-source ecosystem can match or even surpass proprietary platforms on these counts.

For self-hosted solutions that are integrated with each other, organizations understandably need a competent IT team, either in-house or with a service provider. If a dedicated IT team is beyond the scope of an organization, the SaaS solutions from trusted European hosts come to the fore.

In summary, it is perfectly feasible for organizations to set up a simple, efficient and at the same time data-sovereign work environment without their own data center.

Beacon of hope for the European economy

Companies and authorities not only benefit from the use of open-source software, but also support the independence efforts of the pan-European economic area. In terms of digital economy, Germany and Europe are currently far behind the USA and China. The strengthening of open-source ecosystems offers the European economy a great opportunity to create real alternatives to the US and Chinese hyperscalers, to break free from their dependence and to benefit from digital value creation.

Open-source software is also the beacon of hope at the economic level. The new German government sees it the same way and therefore expressly relies on open source in the coalition agreement for digital sovereignty.

Based on this article by Tobias Gerlinger, CEO, ownCloud published in Funkschau.

ownCloud Infinite Scale allows infinite scalability, bringing flexibility in classical or federated network setups to new levels. Spaces introduces this flexibility to users, teams and organizations by shifting permissions from users and groups to the context of your teams’ work.

In Spaces, your files are not tied to single user or group accounts anymore. This fundamental shift of paradigm will significantly reduce the workload of your administrators, increase the performance of your teams and speed up the onboarding of new employees or partners, both internal and external. At the same time Spaces can simplify your data store, help protect your company, organization or institution from data loss.

Unlimited flexibility, modern Spaces, agile or classical teams, accessible data

For example, in a school a class could have its own so Space, so would the teachers and the lead teacher who’s in charge. Over the years both pupils and teachers and responsibilities change, the class won’t be the same when kids leave school nor will be the teachers in charge, but the files remain accessible. In the same way a design lead would just hand over a Space to Marketing’s project owner once all contributors (internal or external, contractors or employees) are done and the new corporate design is finished. Once finished, the Marketing PO can remove (or later add again) the “design people” from (to) the Space and invite new contributors, e.g. from Sales or management, or just provide Spaces as read-only for all colleagues or external users that might need access to the corporate CI, for example logos or photos. 

Infinite Scale spaces

“No matter if your teams are working together in agile or classical workflows, Spaces can represent a better view of your data, a view that almost always will be closer to your reality at work, in local or distributed teams. Data usually does not belong to single users or groups anymore: Very often everybody involved needs access at the same time and with equal rights.”, explains Patrick Maier, Senior Product Manager, ownCloud

Traditional file handling has become an obstacle

Traditionally, collaboration tools tie data ownership to a specific user or group, creating a lot of organizational overhead when employees or partners join, leave, or swap projects, groups or tasks. 

Today, however, modern companies experience this “traditional” approach as a growing obstacle: Modern teams work together remotely, contributors change, responsibilities are shifted, a file is not necessarily permanently connected to one user or group account, for example after reaching a milestone the data has to be transferred to a completely different team. And – especially in remotely distributed teams – dynamically on-boarding and off-boarding colleagues or partners to a team has become a regular task.

With Spaces, the design team may hand over a Space to Marketing, which makes a space publicly available for the whole company after their work is done. Needless to say, both Design and Marketing team may be different employees over the years. 

Removing huge administrative overhead

But Spaces is not just a new way to accomplish Groups, Shared or public Folders like Microsoft Exchange or modern IMAP Servers have to offer. Companies who are using the “old” approach to achieve similar outputs like those mentioned creates a lot of administrative tasks, tickets and trouble. Setting up, correcting and maintaining file and user permissions for teams and projects has become a time-consuming, regular task for administrators. In most companies they spend way too much time in managing rights, permissions, groups or access to files, while at the same time making sure there’s no data loss or vitally necessary Zombie account hanging in the system after the former employee and owner of the files has left or retired. Spaces was designed to get rid of these problems.

Spaces at work

In Spaces, Data is assigned to a Space, not to a person or a group. A Space has a manager with administrative permissions, they can invite, add, remove people to the space and hand over manager responsibility. The Space manager can even leave the Space, after a handover to a successor. The Space itself is persistent, membership and access rights change with the Space managers’ settings. Sharing can also be denied or limited by the Spaces’ manager. Defining replacements for vacation, sickness or maternal leaves becomes much simpler, faster and easier for whoever is involved.

Every user, any group, every (distributed) team can create an unlimited amount of Spaces for their collaboration. Nevertheless, creation of Spaces can be permitted or denied via global user roles, policies and permissions. Whoever creates a new Space will be the Space’s first manager and can start inviting peers. No support ticket is necessary, no administrators involved, no Zombie accounts will remain, no data will vanish in faintly known user or group directories. 

More compliance, less work, more collaboration, more security

The clear separation of files and Spaces from personal files also reduces the risk of users accidentally sharing files with unauthorized recipients. Compliance rules like GDPR or internal policies at team and project level are easily implemented – just a few examples:

• Automated deletion of files after a certain amount of time,
• Prohibit upload/integration of dangerous files (e.g. .exe–programms),
• Limitation (or complete denial) of external (or internal) sharing
• Mandatory encryption: Admins can define that all files in a Space must be encrypted
• Workflows: Spaces can implement a mandatory workflow for files, e.g. “Approval by Admin is mandatory for sharing/editing of this file!” or similar.

But Spaces also provide an ideal, flexible and secure basis for third-party solutions integrating e.g. digital workspaces or chat, enabling efficient cross-application collaboration.

Marketing Space has been created

A “Marketing” Space has been created. This user may now upload files and folders. All users also own a private recycle bin, where they can restore deleted files for 30 days without a support/admin ticket.

A quantum leap for modern collaboration

Why Spaces are a quantum leap for enterprise collaboration: 

“By giving the Space itself full data ownership, files of any kind are no longer tied to individual user accounts and are thus per se always and continuously available to all members of a project space. Based on a completely new architecture for the Infinite Scale Platform, cloud-native and based on micro services, we can offer our users a real quantum leap in digital collaboration in teams with the Spaces feature, while at the same time drastically reducing ticket volumes for IT support.

The Spaces feature of our Infinite Scale platform follows a new paradigm that finally focuses on the real needs of collaboration in the digital age – leaving old technical hurdles behind. Combine that with powerful workflows and policies, configurable individually per Space – and you get efficient, compliant and secure work areas for the future digital workplace. On top of all of that, their easiness and flexibility makes them fun to use, so the acceptance by users usually is very high, from the start.”

If you would like to try out Spaces and the new features for yourself, you can already participate in our Infinite Scale Beta Program, or even, for the technically inclined, request a free Infinite Scale trial instance. We look forward to hearing from you and your feedback!

Though Infinite Scale was originally conceptualized as a successor of ownCloud 10, it has developed into a brand new, standalone, customizable product that boasts new features and is the foundation for many solutions in which data access with compliance, sovereignty and security requirements play a key role.

Decomposed FS functionality for unlimited scaling

So far, ownCloud users have has two choices: simple local file storage based on a POSIX-compatible file system or EOS Open Storage (EOS), both of which come with their fair share of complexities and shortcomings. More recent versions of ownCloud make use of a functionality called Decomposed FS. This file system is designed to bring Infinite Scale to arbitrary storage backends, and also scalable ones.

Infinite Scale involves a complete rewrite of ownCloud from PHP to Go and massive changes in the backend of the software.

What exactly is Decomposed FS

Decomposed FS is an attempt by ownCloud to disengage ownCloud’s own file handling from the handling of files on the underlying storage device. Decomposed FS is called so because it partially implements certain aspects of a POSIX file system on top of arbitrary storage facilities. Contrary to existing solutions, the core concept of Decomposed FS is centered around the idea of file access based on unique IDs, and specifically, Universally Unique Identifiers (UUIDs).

How does Decomposed FS work in practice

Decomposed FS is based on a hierarchy model of file-handling, not much different from the POSIX file handling system. A root directory serves as an entry point to the full range of files stored in ownCloud. Infinite Scale will create individual files with unique IDs as names on the file system layer below that root directory. Within those files, the actual payload (blob) of the files will be placed.

From a user’s point of view, it’s still possible to implement a hierarchical structure independent of how they are arranged in ownCloud internally, for example, Pictures / Summer 2022 / Holiday in Greece.

To make such a structure possible, ownCloud developers use symbolic links. They create a separate tree with the “nodes” that represent the files and folders of the user-facing tree. The file metadata is stored in the extended attributes of that node. This ensures that accessing files by simply traversing over them (more precisely, the tree of symbolic links) remains possible, along with the ability to access individual files based on their unique ID directly.

Another advantage is that iterating over the tree just needs to load the nodes which contain no file contents. The file contents are loaded only when the user downloads the file. Moving files within the tree doesn’t affect the file contents but only changes the nodes tree.

The first incarnation of Decomposed FS uses unique IDs (UUIDs) to name files. A structure of symbolical links is additionally established to allow access by traversing a tree of files.

The future of Decomposed FS

The concept of Decomposed FS and disengaging the actual file storage from the file system metadata are revolutionary concepts in making Infinite Scale available to a much bigger audience.

Individual or home users using a single disk as a local Infinite Scale storage backend would benefit from the superior performance of Decomposed FS. On the other hand, organizations of any size is sure to appreciate the ease of running Infinite Scale in scalable storage solutions.

Decomposed FS is very much considered by ownCloud as the testbed for future development. The Infinite Scale file system driver implements most components of the Decomposed FS design. ownCloud developers are working on exciting ideas to further experiment and improve the feature and extend the Decomposed FS feature sheet.

To understand how Decomposed FS eliminated the shortcomings of previously-used file systems and for detailed technical insights into the concept, read this press release.

Sign up for a 14-day free trial of Infinite Scale Beta and be among the first to take Infinite Scale for a spin.

Of course, we’re getting a lot of questions on when we will finally release a so called “General-Availability Release”, which can be considered the first “finished” release, be ready for production use and be supported by the ownCloud company.

Well, how can we tell a defined date for that? That is hard, because we are convinced that the most important criteria for releasing the GA is the quality of the new system for the features that were defined to be included in the first GA release. That means nothing different than the amount of bugs that are known, the stability, the performance and the deployment methods.

Not all aspects have the same weight obviously, but the general direction is important. The first version of Infinite Scale might not yet be running at the optimal performance maybe, but with stability for example, we will be strict.

Ok, but how do we measure the quality? For that, we use Githubs issue trackers as usual. Not all issues reported there are considered a release stopper. We have set up a team of people from different departments of ownCloud who decide together on the severity of the bugs, and if these issues are blocking the release or not.

The release blocking issues are tracked in public, using the Github milestones. To list the current known issues in the Infinite Scale backend, use this link:
https://github.com/owncloud/ocis/milestone/8
and, for example for the web client, this link can be used:
https://github.com/owncloud/web/milestone/13

Basically, this means, as soon as these lists are down to zero bugs, we are ready to release the GA. All ownClouders are working hard to make that happen as soon as possible.

Everybody is welcome to help that process by testing ownCloud Infinite Scale, reporting new bugs or verifying existing ones, or discussing solutions. This would be a great help on our countdown to this important release.

owncloud infinite scale

Infinite Scale was developed with a data platform approach in mind – which is the key difference between Infinite Scale and ownCloud 10, the latter being an end-user focused solution for secure content collaboration and file sharing.

– Holger Dyroff, COO and Managing Director, ownCloud 

The leap to a new architecture

“PHP has reached its performance limits,” explains Patrick Maier, Senior Product Manager at ownCloud, explaining the main reason for choosing Go as the new programming language for Infinite Scale.

Klaas Freitag, CTO, ownCloud

“We expect the finished version to have a massive improvement in performance. For our customers, this means significant increases in productivity combined with cost savings due to reduced hardware requirements.

In addition, the architecture freed from the database can be scaled more easily and better, including geographically.”

– Klaas Freitag, CTO, ownCloud

Infinite Scale: The Beta Program

The first beta version of Infinite Scale was released in May 2022 – indeed a proud moment for ownCloud! – after over two years of efforts geared at performance, stability and ease of use.

All features that are planned as a part of the general availability are available in the beta version. The beta version also guarantees that there will be no changes that require a complete re-setup or unguided manual interaction with data stored on the filesystem for the administrators of the system.

Getting started with Infinite Scale beta is pretty straightforward and takes only a few minutes to deploy. Sign up for the Infinite Scale beta now and be among the first to take ownCloud Infinite Scale for a spin!

The open platform for all your data

Infinite Scale is a multi-purpose data platform with a focus on performance, scalability, security and governance. It has been designed to provide a user-friendly, affordable roadmap for enterprises towards gaining full control over data. Infinite Scale aims to provide a foundational layer to work with data as well as to leverage its inherent value. Data access with compliance, sovereignty and security requirements play a key role in Infinite Scale.

Holger Dyroff, COO and Co-Founder, ownCloud

“Infinite Scale is a data platform that enables companies and organizations to build their own sovereign cloud data ecosystem that covers all data-related use cases. Infinite Scale brings together disparate, distributed, hybrid data sources and provides a unified, secure access layer for data governance.”

– Holger Dyroff, COO and Managing Director, ownCloud

Your very own data ecosystem

Infinite Scale is by design a data platform that empowers enterprises to build their own Sovereign Cloud Data Ecosystem addressing all data-related use cases. It promises efficient use of resources and funds, and flexibility as per changing circumstances, while setting the ground for strategic and sovereign data management.

Infinite Scale unites various distributed, hybrid data sources and offers a unified, secure access layer for data governance while simultaneously providing tools for end users like content collaboration across locations and devices. It boosts employee productivity, hands control back to the IT departments and empowers organizations to handle data efficiently.

“Economy, state, society and of course the company should be able to handle data completely independently. This requires open standards and open source code. All components must be transparent and grant full access. Operating within the EU ensures that no government agencies can access the data.” 

– Holger Dyroff, COO and Managing Director, ownCloud

At the heart of Infinite Scale is a data platform that integrates storage, identity and access management, and other infrastructure components, and provides file sharing capabilities. In this way, on-premises and cloud-based environments can be merged into a single user experience.

Cloud native and built on microservices

Infinite Scale is built on cloud-native principles and is based on gRPC-based microservices instead of the LAMP stack as used in ownCloud 10. This enables unparalleled speed and easy scaling from small home user installations to multinational corporate environments.

The platform requires no external dependencies, such as a database or a web server, and can be deployed almost immediately. It can be tailored to specific solution requirements through core platform features with applications for specific business units or end users.

Spaces: Boosting digital collaboration for remote teams

Spaces is a focal feature of ownCloud Infinite Scale, and represents a new paradigm in digital team collaboration. This feature enables each project team or even each project or sub-project to create its own “Space” to work remotely and synchronously on all documents.

Spaces takes up full data ownership, eliminating the need to limit files to individual user accounts available, thanks to which files are always available to all members of a project space. Spaces can be set up by self-service and provided with individual user roles. The Spaces feature translates to a quantum leap in digital collaboration in teams, while drastically reducing IT workload.

ownCloud Infinite Scale provides separate folders for various file types, making it easier for the users to view, access and share the right files.

Migrating from ownCloud 10 to Infinite Scale

Whether or not migrating to Infinite Scale makes sense depends on the particular use case of an organization. With general availability (official release) of ownCloud Infinite Scale, it might already make sense to consider to shift regular Enterprise File Synchronization and Sharing (EFSS) use cases and collaborative editing use cases to ownCloud Infinite Scale. From general availability onwards, missing features, frameworks and third-party integrations will be added with each upcoming release.

“ownCloud Web can be used as a supplement to the Classic UI or as a standalone web interface for ownCloud 10. Both products can be used side by side in one environment, but in principle migration steps from ownCloud 10 to Infinite Scale are also possible.”

– Klaas Freitag, CTO, ownCloud

For example, content collaboration requirements could be served with ownCloud 10, while data rooms or data vaults are provided in parallel via Spaces. Using ownCloud Web enables productive work in such a hybrid setup, so that the end user does not even notice whether ownCloud 10 or Infinite Scale is already running in the background.

“A completely new ownCloud architecture creates unlimited scalability for users, data, shares and metadata. We enable open source content collaboration for every user and every company, regardless of the installation size and individual requirements – and with a performance increase of 90 percent and more.”  

– Holger Dyroff, COO and Managing Director, ownCloud

Infinite Scale: Featured on Cloudcomputing Insider

Document classification is a process of labeling or tagging data into various categories or classes, based on their type and content. Documents, blueprints, reports, invoices, photos, emails, and various other kinds of data, can potentially be classified by this method.

Automatic document classification aims to simplify the management of a large volume of information or data and offer a high level of data security.

The ownCloud Document Classification Application

The ownCloud Document Classification application offers a feature that recognizes security levels in the metadata of documents and imposes sharing and access restrictions accordingly. This enables users to automatically classify documents in ownCloud and to easily define usage policies.

Data Classification at ownCloud works with the system of tagging.

Tagging of documents in ownCloud

Many organizations use software that regulates the confidentiality of certain files, but is only partially compatible with company-wide file sharing systems, for example, Microsoft Azure Information Protection and NovaPath allow files to be labeled with certain levels of confidentiality.

Document Classification in ownCloud is carried out through various kinds of tags:

• Manual tagging (performed by users), for example, invisible files (only by admins), filter files etc.
• Automated tagging based on user or file properties

– Users

– File type, size etc.

• Automated tagging based on document metadata

Document Classification protects data

Enterprises all over the world have been facing an increasing threat of data loss and data breach. Very often, human errors, lack of user awareness about data security, negligence and hacking attempts are the factors that expose organizations to cybercrimes, resulting in disastrous losses for the companies in terms of time, finances and goodwill.

However, in the modern workplace, it is also exceedingly important that remote teams are able to efficiently collaborate and exchange information with other users both inside and outside the organizational infrastructure, across all devices and regardless of geographical boundaries.

This is where document classification steps in. In conjunction with other established security features (for example, File Firewall), far-
reaching, automated measures can be taken to provide the most comprehensive protection for corporate data to date. With this method, it is easy for enterprises to develop policies and guidelines for each security level; for example, documents tagged as Confidential might not be shared externally, accessed by public links or uploaded to ownCloud at all.

File-access mechanisms can be specified that automatically apply when users attempt to perform restricted actions (for example, creating public links or access by unauthorized users). This ensures that users are able to collaborate on confidential documents in a highly secure way.

“By classifying confidential documents and processing them in accordance with the relevant guidelines, our customers can significantly minimize the risk of data privacy violations and guarantee security and control at all times – not only within companies but also in cooperation with customers and partners”, emphasizes Holger Dyroff, COO at ownCloud.

ownCloud Document Classification is particularly recommended if your enterprise works with valuable and/or sensitive data, for example, financial data, contracts, blueprints, and so on.

ownCloud Document Classification is GDPR-compliant

The feature was developed in cooperation with a major German automotive supplier and represents an essential component for complying with the European General Data Protection Regulation (GDPR) and standards such as ISO 27001/2, which is recommended by the German Association of the Automotive Industry.

In combination with the proven File Firewall and Workflow extensions, ownCloud offers a highly comprehensive protection for company data and enables enterprise file sharing even in industries that have strict regulations in place.

Use Case from the automotive industry

Automotive suppliers must ensure compliance with standards such as ISO 27001/2, as the handling of data in accordance with this standard is an industry-wide compliance requirement for cooperation with automobile manufacturers, as recommended by the German Association
of the Automotive Industry (VDA). The classification of confidential documents and their processing in accordance with the guidelines is a central component for obtaining the corresponding certification.With the Document Classification extension in ownCloud, automotive suppliers can effectively minimize the risk of data privacy violations.

Security and control are guaranteed at all times – both within their own value chain and in cooperation with customers and partners. This means that the requirements for digital collaboration can be fulfilled across company boundaries. In conjunction with other established security features (e.g. File Firewall), far-reaching, automated measures can also be taken to provide the most comprehensive protection for corporate data to date. Thus, even organizations in which the use of the technology was previously not possible due to the high security requirements benefit from the productivity increase of the collaboration platform.

At a glance: Advantages of ownCloud Document Classification Application

• Comply with information security standards like ISO 27001/2
• Handle data in compliance with GDPR
• Manage and categorize large amounts of data easily
• Manage risks effectively and cover potential data breaches
• Display the data classification levels to raise user awareness
• Prevent human mistakes when dealing with sensitive information
• Fulfil corporate data protection requirements

• Traceability of the life cycle (storage and use) of sensitive information through central logging

  If you are interested in learning in detail how ownCloud protects your data or wish to step up data security measures for your enterprise, do get in touch. Together, we will come up with the perfect combination of applications and add-ins to suit the unique needs of your business.

Two aspects are particularly important: Users can create Spaces themselves without having to open a support ticket. This not only reduces the administrative effort, but also ensures better acceptance of digital collaboration among employees. Second, the Space itself obtains data ownership of all documents made available there. In concrete terms, this means that if an employee leaves the team or even the organization and their account is deleted, all documents in the Space remain unchanged and can continue to be used by the other members of the Space.

But that’s not all: each user has his or her own “recycle bin” into which files that are no longer needed can be moved. There they remain retrievable for 30 days (without a backup ticket with the admins) and do not “clog up” the digital workflows on the files that are actually needed on a daily basis.   

When technology can’t keep up, collaboration becomes inefficient

With traditional digital collaboration tools, such as Microsoft Teams, data ownership is always tied to a specific user. Experience shows that this is a big problem, especially in digital collaboration in distributed teams. In the course of a project, the composition of the project team almost always changes – which, based on the “old” technology, almost inevitably leads to either data loss or a great deal of work for the admins, who then have to make certain files accessible to the team again from the backup of a deleted user account – if the organization even has a backup for Microsoft 365, for example.

Infinite Scale’s revolutionary approach with the new Spaces feature addresses the core of the problem.

Spaces boosts seamless digital collaboration 

By giving the Space itself full data ownership, files of any kind are no longer tied to individual user accounts and are thus per se always and continuously available to all members of a project space. Based on a completely new architecture for the Infinite Scale Platform, cloud-native and based on micro services, we can offer our users a real quantum leap in digital collaboration in teams with the Spaces feature, while at the same time drastically reducing ticket volumes for IT support!

“The Spaces feature of our Infinite Scale platform follows a new paradigm that finally focuses on the real needs of collaboration in the digital age – leaving old technical hurdles behind.” Patrick Maier, Senior Product Manager, ownCloud GmbH

If you would like to try out Spaces and the new features for yourself, you can already participate in our Infinite Scale Beta Program, request a demo with an ownCloud expert, or even, for the technically inclined, request a free Infinite Scale trial instance. We look forward to hearing from you and your feedback!

The interface for Spaces. Users can easily create folders and upload files for smooth collaboration.

The process to securely share files, important data and documents is still a complex and time-consuming process for many companies. Access to the internal network drive from the outside only works via VPN connections with low transmission speed, while access
from smartphones or tablets is often impossible and the classic exchanging files by email is not a viable solution due to various inconveniences and risks, including version conflicts, limitations on file sizes and lack of security.

A centralized platform for data storage and sharing with enterprise file sharing solutions is becoming more and more common, and not just to securely share files. The modern workplace, with its high demand for digitalization and mobility, requires companies to step up efforts in bringing about this change.

In order for enterprises to be able to work productively with increasing amounts of data, data exchange must be fast, simple, independent of devices and controllable.

EFSS solutions offer the following distinct advantages:

• Universal access to all files is enabled through a central file access layer, regardless of whether they are on premises, in the cloud or distributed within the existing architecture.
• Files can remain in their original location while the IT department gains authority of all data, including control of the entire lifecycle of a file.
• The location of a file is always known, as well as who has access to it, who has accessed it in the past and who has shared it with whom and when.
• Users can access, synchronize and share all files via a central interface from their workstation or mobile – whether the files are located in SharePoint, on a Windows network drive or in the cloud.

ownCloud provides your staff with easy and secure digital collaboration through a wide range of tools and integrations.

The benefits of a centralized filesharing solution can be enjoyed after the software is integrated into company-wide internal processes and security and compliance policies are fully met. In order to achieve the benefits, a number of important points should be observed:

Management involvement to securely share files

It is a very common practice for enterprises to consider file sharing to be a purely technical process and, consequently, delegate the entire process of file sharing exclusively to the IT department of the company.

This approach does serve the technical aspects of Enterprise File Sync and Sharing Solutions (EFSS), but poses the drawback of entrusting the IT department with sole control over file sharing. As a result, even while the company theoretically practices a sustainable solution to securely share files, many employees continue using emails, USB sticks or even printed sheets to share sensitive information, opening up the enterprise to a high risk of data breach and data abuse.

To ensure that enterprises are able to securely share files and carry out internal collaboration efficiently in the long run, the management and/or the supervisory board must step in and define their own specific security criteria and enforce data protection solutions throughout the entire company instead of concentrating them only in the IT department.

Hybrid cloud for full user control

Storing data on public servers is considered to be a flexible, scalable and affordable solution, especially when dealing with particularly large amounts of data. However, public clouds are not without their share of disadvantages. Using a public cloud takes data control out of the hands of the user, and in some cases, poses data security threats.

This is the reason sensitive data, and/or data particularly critical to your enterprise, should remain exclusively in your own server, either on-premises or in private data centers.

A hybrid cloud infrastructure is an ideal solution for enterprises to securely share files. Connecting public servers with private elements ensures flexibility, scalability and elasticity, while critical and sensitive applications and data remain under user control at all times.

Version control for seamless collaboration

When several employees are collaborating on a project, it is vital that everyone involved is on the same page about the status of the project at all times, can access and trace all changes previously made and can securely share files among themselves.

Unfortunately, many enterprises till today rely on email communication to jointly process files. This results in a cumbersome and error-prone process, in the course of which multiple copies of files are created and employees often lose track of the latest versions.

EFSS systems were designed with the aim of enabling seamless collaboration among workers, easy syncing of work progress and a user-friendly way to securely share files. With EFSS, every employee with current access rights to the file will always view the latest version, be able to edit or add new content and share their work with others. Editing tools also allow multiple users to edit a file simultaneously and track changes in real time.

ownCloud, for example, offers a simple yer highly-efficient system for controlling the versioning of files. It creates backups of files and displays their history. Each file can then be immediately reset to an earlier version if needed and changes made at intervals of more than two minutes are saved in data/[user]/versions.

End-to-End Encryption for ultimate data security

End-to-end encryption (E2EE) is your best bet when your enterprise works with highly-sensitive and valuable data and communications. It is undoubtedly the easiest way to securely share files between two or more users irrespective of the existing internal security infrastructure of your company.

End-to-end encryption closes all possible gaps in data secrecy and data protection, and sets the groundwork for a zero-trust environment in your organization. In simplest terms, it ensures that only the sender and the intended, authorized recipient(s) are able to access the data – no one else, thus ensuring that your data and communications are safe from hackers and even in the event of unauthorized intrusions into the server by third parties. Access can also be controlled centrally and transparently – only those employees who have the corresponding ‘keys’ have access authorization.

ownCloud offers ‘key pairs’, which can even be set to a predefined number of employees. This gives the administrator an overview of employees who have access to certain files.

ownCloud end-to-end encryption to securely share files

Automation through classification

The classification of company data enables automated data protection. Enterprise filesharing systems, such as ownCloud, allow you to create specific rules or policies for certain files or folders.

The ownCloud Document Classification feature was designed to empower organizations to restrict access to files based on their content and/or meta-data, to securely share files and prevent unauthorized access to documents and consequent data breach.

This system allows administrators and users the ability to decide for themselves which file can be accessed, for how long, which user groups have access, or when a file should be deleted.

Best of two worlds: Securely share files and boost productivity

Enterprise filesharing is a modern way to manage unstructured company data in a more controlled, central and flexible way, while also meeting the growing need for the utilization of all available data. However, data privacy and protection is always a priority.

To protect large amounts of data effectively and securely share files, you must first have a transparent overview and then exercise control over it. This is only possible with an on-premises EFSS solution, like ownCloud, which provides easy central access to all popular data storage locations, while also implementing data security at file level.

Data breach or abuse can take a huge toll on enterprises in terms of finance and goodwill, and takes a vast amount of resources and time to fix. In case of data loss, enterprises can stand to lose hours of production time in rework. So it is undeniable that a robust data security solution is closely linked to increased productivity. Due to this reason, data protection is our top priority at ownCloud and we are committed to providing a simple, user-friendly data security solution that boosts productivity and contributes towards meeting organizational goals.

Irrespective of your industry or the size of your enterprise, if you are interested in learning more about how to step up data protection for your enterprise with ownCloud and securely share files within and outside of your organization, do get in touch, and together we can definitely find the right combination of data security solutions and add-ins to meet the unique needs of your company.

Thomas Haak, CEO, Lywand Software

Thomas Haak has more than 34 years of professional experience in the areas of technology, sales, management and as an investor in companies and startups such as 3Com, Cisco, Compaq, Inktomi, Fortinet, Aruba Networks, Tibco, F5 Networks, Xirrus, Balabit and Cybertrap, specializing in network infrastructure, security and the successful development of sales in EMEA. Together with Bernhard Schildendorfer, he founded the company Lywand Software GmbH in St.Pölten in 2020 and leads the company as CEO.

Hi Tom, we are happy to talk to you about a topic that is as vital for Lywand as it is for ownCloud: Cybersecurity! You yourself have been closely involved with cybersecurity for a long time and founded Lywand almost 2 years ago. What is your mission?

Our slogan is “Security is not a privilege”. In short, our goal was to democratize security audits. For large companies, these have been the basis for developing appropriate security measures for years. We want to make this option affordable for small and medium-sized companies as well and ensure that their IT service providers can offer it as uncomplicatedly as possible.

Our Security Audit Platform makes it easier for IT service providers to measurably increase the security standard of small and medium-sized enterprises. We automate IT security checks, present challenges and recommendations in a comprehensible way, and support the implementation of measures and selection of suitable products.

What is the current cyberthreat situation, especially for small and medium-sized enterprises? Can you identify any recurring patterns in the threats?

In general, the trend over the last few years shows that many attackers and hackers are taking an automated approach and scanning the Internet very broadly for vulnerable systems and possible entry points. The threat situation is massively concentrated in the SME sector – a so-called “sweet spot” for cybercriminals. This is because large companies are now too well protected for such broad-based attack campaigns. While cybercriminals refine and expand their techniques on a daily basis, the security strategy often falls by the wayside for small and medium-sized companies due to a lack of time, and financial or human resources.

How exactly do you support SMEs and how can your software be used? What do you recommend to companies that do not have IT specialists to implement Lywand’s recommendations?

Lywand’s recommendations do not require any expert knowledge to understand them. As mentioned above, we have built a highly-scalable security audit platform and our target group – the IT service providers – can easily and very low-threshold integrate their customers into the multi-tenant interface and let us scan for vulnerabilities in a fully automated way. A big advantage is our subscription license for the service providers and their customers, because with this license the infrastructure of the customer is checked for vulnerabilities every week over a period of 12 or 36 months.

With conventional checks, which are often carried out at irregular, very long intervals, you only ever get a snapshot of the current security situation. The problem, however, is that the security situation can change from week to week, whether due to new vulnerabilities emerging every day or changes in the infrastructure.

After the scan, we harmonize, prioritize and categorize the vulnerabilities found and automatically suggest measures for improvement – divided into technical, organizational and product recommendations. Our partners have the option to click on the recommendations on several levels to view the explanations from non-technical to technical and then implement them. The implementation can be easily done via a renovation plan including a task list. During the next scan, we check whether the measures have taken effect and the security situation has been improved.

In general, we recommend that SMEs conclude a service contract with a service provider, or as in your case, also with the manufacturer – who then helps with the clean implementation.

Obviously many of the companies you analyzed use ownCloud. Be honest: Have you also discovered security vulnerabilities in ownCloud software?

We have been on the market for a year and have already scanned a not inconsiderable number of SMEs that also use ownCloud. To date, we have not found a security vulnerability in the ownCloud software. However, in many cases, we have found that the ownCloud software has not been configured properly and is therefore a potential target for many attackers.

Here, the responsibility lies with the user of the software to position the ownCloud correctly in terms of network technology and to set the security settings correctly according to the requirements and recommendations. We pointed this out in our 2021 Annual Report published a month ago, as this issue of “incorrect configuration of ownCloud” was among our top 5 vulnerabilities found. 

Additional Information
If you are using the ownCloud Community version without support from ownCloud and would like to perform a check for security-related configurations and possible errors, you can contact us at any time at community@owncloud.com.

ownCloud combines the best of both worlds!

In addition to simplified management for administrators, the new Microsoft 365 integration also allows for the working comfort of employees by keeping the Microsoft Office tools they are used to, which in turn leads to less need for support.

Microsoft 365: Easy to use but inadequate in security & GDPR-compliance

Here’s the challenge: If you store office documents on a server of a US registered enterprise like Microsoft via Sharepoint or oneDrive, the Cloud Act enforces that all those data can be transferred to US government agencies. Therefore US law (Cloud Act) and European law (GDPR) are not compatible in operational practice, causing serious headache for sysadmins and compliance officers.

We have your back!   

Microsoft 365 can finally be operated with GDPR-compliance. Here is the trick: Store the files on ownCloud and only transfer them to a Microsoft Office 365 online app if needed (if you want to view or edit them). When you are done with editing in Word, Excel or Powerpoint, your documents go home to your ownCloud storage. This principle finally solves the Gordian knot of data security and usability, as it only exchanges data on demand with MS Servers. You are free to configure which data is allowed to be edited with Microsoft 365 tools and which files you may prohibit from being transferred to Microsoft at any time.

Edit documents with Microsoft Office Tools straight from your ownCloud

What you need and how to get started

• The Microsoft 365 integration is included in the ownCloud Enterprise subscription. Do make sure that your subscription is up to date.
• Prerequisite: An active Microsoft 365 subscription and the ownCloud WOPI App.  (https://doc.owncloud.com/server/next/admin_manual/enterprise/collaboration/msoffice-wopi-integration.html)
• Please reach out to us so that we can enable Microsoft Office integration for you. Please remember to include the URL of your instance. 

Start a 30 Day free trial: https://marketplace.owncloud.com/demo-key or schedule a demo: https://owncloud.com/schedule-demo/

Additional Information
We recently had a very interesting Tech Talk online about the Integration of Microsoft Teams with ownCloud. Recording is available here and you may want to check our future Tech Talks and other events here: https://owncloud.com/events/