Data security and privacy are critical for businesses, especially when handling sensitive or regulated information. Encryption is a core requirement for compliance with standards like GDPR, HIPAA, and PCI-DSS. There are three main types of encryption businesses must consider:
1. Encrypted at Rest
Encryption at rest protects data stored on disks, servers, or cloud storage. It ensures that if unauthorized parties gain access to storage, the data cannot be read without the encryption key.
How we implement it:
- Files saved to Google Drive or OneDrive via Rclone Crypto remote are encrypted locally before leaving the server.
- This ensures that the cloud storage contains only encrypted files. Even employees or administrators accessing the storage directly will see unreadable, encrypted data.
- When mapped to the server, any file saved to the cloud drive is automatically encrypted, maintaining end-to-end security.
2. Encrypted in Transit
Encryption in transit protects data while it travels across networks. It prevents interception or tampering during upload, download, or syncing operations.
How we implement it:
- All data transfers use secure protocols like HTTPS or TLS.
- Rclone encrypts the data during transfer when communicating with Google Drive or OneDrive, ensuring that files are secure on the wire as well as at rest.
3. End-to-End Encryption (E2EE)
End-to-end encryption ensures that only authorized systems or users can decrypt and access the data. Even the cloud provider cannot read the files.
How we implement it:
- Files are encrypted locally on the server using Rclone Crypto remote before upload.
- Encryption keys are managed internally; the cloud provider cannot access them.
- When authorized employees access the mapped drive on the server, files are decrypted transparently, allowing normal use without exposing unencrypted data in the cloud.
Employee Access Behavior
- Employees accessing Google Drive or OneDrive directly through the web interface will see only encrypted files.
- Decryption happens only on authorized servers with the correct keys, ensuring sensitive business data is never exposed in cloud storage.
Summary of Our Encryption Model
| Layer | Description | Implementation |
|---|---|---|
| Encrypted at Rest | Data is protected in storage | Rclone Crypto encrypts files before upload; cloud stores encrypted blobs |
| Encrypted in Transit | Data is secure while transferring | HTTPS/TLS via Rclone during uploads/downloads |
| End-to-End Encryption | Only authorized systems can decrypt | Local server encryption with managed keys; decrypted on access only |
This setup ensures that business data remains secure, compliant, and accessible only to authorized personnel, minimizing risks from breaches or unauthorized access, and minimizes risks associated with data breaches or unauthorized access.