These days, all roads lead to storing your files in the cloud. Your Mac eases the path to iCloud storage. Microsoft Office programs offer OneDrive as the default for storage. You can get at your cloud-stored files from wherever you may be, which is quite convenient. But if you don’t protect those files with powerful encryption, you could have big trouble. If those unprotected files are business-related, not personal, the consequences could be catastrophic. CertainSafe Digital Safety Deposit Box stores your data in the cloud, but it’s totally focused on securing that data, whether its your personal files, business records, or enterprise-level trade secrets. It’s a top pick for secure cloud storage and syncing, as well as for encryption apps.
You can take the service for a spin with a 30-day free trial that includes 5GB of storage with no credit card required. If you decide it’s worth it, you can continue for $12 per user per month. That gets you 100GB of shared encrypted online storage per user, and the ability to share data with as many as 100 guests. For a big, business-level installation, you’ll want to ask for a custom quote. On the business level, there’s even an API that lets in-house coders incorporate CertainSafe’s technology directly into their proprietary apps.
Fireproof Vault vs. Storage Shed
Other file sharing services offer way more storage per dollar spent. Dropbox gives you a terabyte of storage for $99 per year, for example. IDrive charges just $69.50 per year for twice that amount of storage. And if you spend $6.99 per month for a terabyte of storage with Microsoft OneDrive, you get Microsoft Office 365 Home as a bonus.
While these services do aim to protect your data, security isn’t their primary offering. Yes, it’s been a few years since the big Dropbox breach, but it did happen, and it was big. Celebrities who stored their nude photos on iCloud got a rude awakening when hackers stole those photos (and other data). With CertainSafe, security is priority number one.
The company’s literature explains the difference. It likens the typical online storage service to the self-storage businesses you find along the freeway. You can dump all your stuff in there, and it will probably be safe. CertainSafe, by contrast, is like a fireproof vault hidden behind a painting. When you put your most important data (or your company’s) in the vault, it’s safe, period. CertainSafe backs up that promise with a growing list of government and third-party certifications for secure data storage in the financial, healthcare, legal, and government arenas, among others.
Some competing services do have security strong enough to let them promise compliance with HIPAA (the Health Insurance Portability & Accountability Act) and other government standards. Dropbox’s business edition supports HIPAA, FERPA, and COPPA, though its standards page notes that it’s “not meant to process or store credit card transactions.” All editions of Box (Personal) are HIPAA / HITECH compliant. OneDrive for Business promises compliance with HIPAA, FERPA, and several other standards (though the consumer edition does not).
There’s always the option to encrypt your files without putting them in the cloud. Folder Lock, InterCrypto CryptoExpert 8, and Cypherix Cryptainer PE, among others, create virtual disk drives that look and act like any other drive when unlocked. Once you lock the drive, its contents become completely inaccessible. It’s not cloud storage, though—you can only access those files from the computer where the virtual disk resides.
How CertainSafe Works
The essential aim of CertainSafe is to make a generalized data breach impossible. Files are encrypted using a two-part key, one part that’s based on your password and one part held on the CertainSafe side, with a different key for every file. It’s what they call a zero-knowledge system, meaning that nobody at CertainSafe can decrypt your data without having your password. This also means that if you forget your password, they can’t help you recover the encrypted data, so don’t lose that password.
But that’s just the start. The eye-popping feature is what they call MicroEncryption. After encrypting your data with the US Government standard AES algorithm, CertainSafe splits the encrypted data into chunks that are stored on different servers. Even without MicroEncryption, a hacker who simply breaks into the encrypted data on a server has a tough time getting that data decoded. A hacker who weaseled into one of CertainSafe’s servers wouldn’t have a chance of decrypting data, since each server only contains bits and pieces, not whole encrypted files.
This emphasis on security shows up again in service’s login process. With most secure sites, you simply enter your username and password for full access. Of course, if the site you logged into was a phishing scam, you’ve just given away your credentials. CertainSafe’s login process authenticates you to the site, and authenticates the site to you.
To start the login process, you enter your email address. Once the service validates that address as an existing account, the site displays an image that you selected during registration, along with an identifying phrase that you supplied. A fraudulent site won’t know what image or phrase to display. Assuming the image and phrase are the ones you expected, you enter your password, which you must do within 60 seconds. On the next screen, you have 60 seconds to answer one of your three security questions. This multistep handshake is decidedly more secure than just relying on username and password.
After you sign up for an account, you log in to complete your registration. CertainSafe doesn’t install anything. There’s no app and no local agent, so you can use it on any platform that includes a full-scale browser.
Once the site has validated the email address you entered, you have some first-time chores to do. You pick an image from a predefined collection, and enter a recognition phrase to further foil fraudsters. This phrase can be anything at all; I used a Firesign Theater quote. As noted, CertainSafe displays the image and phrase you chose at login, to prove it’s not a fraud. Enter your password and click Continue to lock in those choices.
After that, you create three security questions and answers. I was pleased to see that CertainSafe doesn’t offer the absurd default choices that many sites do, like your mother’s maiden name, or the city where you were born. Any security question whose answer can be found online is a bad question. Take a moment to think up three questions that only you could answer, and make sure that there’s no doubt in your mind as to how you’d answer them. Remember, you’ll need to answer one of these at every login. With that, you’re ready to start using CertainSafe.
CertainSafe’s simple main page has a menu across the top with four items that select important program areas: File Manager, Contacts, Manage Users, and Account Settings. Icons show you how many notifications and chat messages you have pending. If you squeeze the browser window down small, the menu items and icons retreat into a popup menu, making room to display the selected program area.
The central function of CertainSafe is secure storage for your most important files, so naturally File Manager is the default menu choice. Initially, the left panel just shows All Files and Personal Files. To start using Personal Files, you must create at least one folder. You can go on to create a folder structure any way you like, with top-level folders and nested folders, if you find it useful for organization. It’s important to understand that if you choose to securely share any of your sensitive data, you do so at the folder level, not file-by-file.
Now select a cloud folder and click the Upload button to add files. CertainSafe displays a handy area for you to drag and drop your selections. When you’re ready, one click sends the files securely to CertainSafe.
You can now access your files securely from any browser and view most common file types in CertainSafe’s built-in viewer. You can move or rename files, add comments, or download a local copy. Selecting Audit shows you all activity for the file, from its initial upload to the very latest viewing. And if you have uploaded multiple versions of a file, choosing Version History from the menu lets you view or revert to an earlier version.
I did run into a strange bug with the versioning system. Right-clicking a file and choosing Version History lists versions of that file, but right-clicking one of the versions effectively wrecks your CertainSafe session. The browser window shows nothing, and recovery requires restarting the browser. I verified this in Chrome and Firefox, on Windows 8 and Windows 10. The correct way to view or download from the version list is to select a version and click one of the icons that appears above it.
I reported this problem to CertainSafe. They duplicated the problem and fixed it overnight. With no local agent to worry about, implementing that fix was a simple matter of tweaking the code at the site itself.
You can also move or rename any folder, or move it to the trash. More importantly, you can share the folder with any of your contacts or view and manage existing shares for that folder.
Shared With Me
Once another user has shared data with you, you’ll see a Shared With Me folder below Personal Files. You can also choose All Files to see everything at once. You don’t have as many options with shared files as you do with those you uploaded yourself; you can view the file, download a local copy, or add comments.
Depending on your permissions, you may also be able to upload files, including modified copies of files that you downloaded. If you do choose to download, modify, and re-upload a file, you should use a secure deletion utility to wipe out the unsecured local copy. Note that Folder Lock, AxCrypt, and several other standalone encryption products have secure deletion built right in.
The fact that previous versions remain available means that in theory you could use CertainSafe as a kind of slow-motion file collaboration tool, but it’s nothing like the real-time interaction offered by collaboration-specific services. Security is the emphasis here, not easy, breezy collaboration.
Sharing a Folder
Right click any folder to bring up a menu of folder actions, including sharing. These actions also appear as icons across the top of the display. You can either share a single folder, or click the New Share icon to select multiple folders. Note that subfolders aren’t included unless you actively add them.
Next, you choose the contacts with whom you want to share the folder. You can choose from existing contacts or invite new guest-access contacts. By default, your recipients can access that shared folder for just one day. That’s awfully short; in most cases you’ll want to offer a longer expiry time. You can choose from preset intervals up to a year or set the specific beginning and ending date/time for the share.
Finally, you define permissions for the share. By default, recipients can only view shared files using the built-in viewer, but you expand that by giving them permission to download or upload files. Once you click Share, the recipients get a notification, and the folder shows up in their Shared With Me folder.
Right-click a folder and choose Manage Shares to view all outstanding shares. The list shows share details like the start and end times, and contacts you’ve shared with. You can dig in to adjust each contact’s permissions or the share duration, or simply revoke the share. Simple!
Manage Users and Contacts
For an individual consumer, the Manage Users page isn’t very interesting. You have just one user account—your own. End of story. In a business setting, you can use this page to add users, starting with the full name, email address, time zone, and an initial password.
The final step is to determine the roles this user can take. If you enable the OrgOwner role, the user gets full control of the account, just as you have yourself. Those with just Admin access can manage other users, but not the account itself. The User role allows the individual to create and share files and folders, and to receive shares. If you turn all three roles off, the individual can only work with files shared by others. I’m not sure why you would do that, though.
After three failed attempts to log in, CertainSafe locks the account. In a multi-user setting, an administrator can unlock the account. If it’s just you, you have two choices: log in using your password and all three security answers, or work with customer service to verify your identity and get the account unlocked. An administrator can also reversibly disable access for any user.
If you just want to share files with someone, without adding them to your account, invite that person as a guest user. Click Contacts, click Invite New Contact, and enter the first name, last name, and email address of the person.
CertainSafe sends an email with a link for the recipient to create a free guest account. Your recipient goes through the same process of setting up an antiphishing image and phrase, entering the password, and creating three security questions. Now your guest can access any files you choose to share and can also engage in secure chat.
There’s one more possible relationship; you can invite a contact who already has a paid CertainSafe account. This lets the two of you share files with each other, have secure chats, comment on each other’s files, and so on.
Every time you comment on a file, the file’s owner gets a notification. You could almost carry on an online conversation using comments, but Secure Chat is easier. Just right-click a contact and choose Send Message. You can now start chatting, in posts up to 150 characters. Your chat history with each contact remains for reference, and you get a notification when there’s a new response.
What’s secure about Secure Chat? Steven Russo, Executive VP of CertainSafe, explained that secure chat messages are MicroEncrypted, just as your files are, and each post is secured independently. “This is absolutely fantastic for organizations that need to share [sensitive] information all day long while collaborating,” said Russo. “Our chat is hosted in a PCI DSS Level 1 Environment, and it’s HIPAA compliant and instant.”
Office Integration on Hiatus
When I last reviewed CertainSafe, I reported on its integration with Microsoft Outlook and Microsoft Word. The Outlook add-on allowed sharing of encrypted attachments with other CertainSafe users, and the Word add-on allowed opening encrypted documents directly from CertainSafe, and saving your changes back to the cloud.
CertainSafe has had a makeover since that last review, and the update hasn’t yet reached the Office add-ons. However, getting them back up and running is on the roadmap.
Local-only encryption packages InterCrypto Advanced Encryption Package and Ranquel Technologies CryptoForge offer a their own very different ways to communicate securely. The former encrypts and decrypts text from the clipboard, making it easy to secure all or part of an email message or IM chat. The latter can encrypt anything into a block of encrypted text, so you can securely send files even when attachments aren’t supported.
In a similar fashion, you could use AxCrypt Premium, Cypherix SecureIT, or another local-only encryption tool to manually encrypt files before storing them in the cloud. But none of these local or cloud-based solutions approach CertainSafe’s combination of extreme security and ease of use (though AxCrypt comes close, at least for local encryption).
A Powerful, Flexible Solution
Not every budget can cover $12 per month to store files securely in CertainSafe Digital Safety Deposit Box, for sure. However, for those who need to protect truly sensitive personal or business data, CertainSafe is an excellent choice. You can get at your files from any browser, on any platform. The multistep handshake ensures that only you can access them, unless you choose to share data securely. And MicroEncryption technology means that even if a gang of thieves liberated a whole a server, they’d only get bits and pieces, not whole files.
Other cloud storages services emphasize different needs. If collaborating on files is your main need, Microsoft OneDrive or Google Drive are good choices. Box shines at compatibility with other services, while IDrive focuses on the central task of backup. These apps remain our top picks for cloud storage and file syncing.
When your aim is just to protect your sensitive files by encrypting them locally, not in the cloud, AxCrypt Premium offers a modern, easy-to-use interface with some surprisingly advanced features. Folder Lock combines a wide range of encryption features with a bright, easy-to-use interface. In the encryption realm, these two share top honors with CertainSafe.