FAQ – Frequently asked questions
Is it possible to use the online co-editing functions with R&S®Trusted Gate?
No, this is not possible. The reason for this is the following: To enable co-editing online the document has to be opened in the cloud. That means that the cloud service provider gets full access to the data content. R&S Trusted Gate mission is to prevent access to data by any un-authorized 3rd party. In real life confidential data needs to be rarely edited by more than one person at a time. With versioning & checkin/checkout R&S Trusted Gate supports the major functions for professional collaboration when it gets to confidential and regulated data.
Will we have online previews of our documents protected by R&S®Trusted Gate in SharePoints & Teams?
No, this is not possible. The reason for this is the following: To enable previews online the document has to be opened in the cloud. That means that the cloud service provider gets full access to the data content, index all the data & distribute the index data to all his its services. R&S Trusted Gate mission is to prevent access to data by any un-authorized 3rd party. Because there are only empty placeholders in the cloud insted the real data, the cloud service provider has no chance to index any real data. For convenient handling of data the users can use a secure fulltext, filename and tag search. The search index for this data is stored encrypted within R&S Trusted Gate.
We want to collaborate with external users on Teams. They are not able to use VPN or private DNS. Is that possible?
With R&S®Trusted Gate you can still invite external users to your Teams. They can participate in chats and online meetings. When external users upload files and documents, you will be able to open them and work with them. If you upload files and documents in Teams, they will be automatically protected by R&S Trusted Gate. While internal users can proceed with them as before, the files are not accessible by external users. To share files with them we suggest to use Project Rooms by R&S®Trusted Gate. They are directly integrated into Teams and SharePoint.
Do you support locking a document when another user is working on it?
Yes, we support the check-In/check-Out of documents within SharePoint and Teams. The term check-in describes the process of adding a new or modified item or file to a document library or a list to replace the previous version. The term check-out describes the process of getting a version of a document or list item in a list or library. By checking out a document, a user can prevent others from editing that content. By checking in the item, the user can allow others to edit the content, without needing to worry about overriding changes that others have made.
We want to use SharePointOnline, Teams & OneDrive for Business. How well will the user interface of R&S®Trusted Gate integrate in these applications?
For all three applications R&S Trusted Gate uses a reverse proxy approach. There are no additional worksteps necessary for the users. Their files will automatically protected by R&S Trusted Gate in the background. There are no changes for the user interface. For doing full text research in SharePoint users can use the Enterprise Search function. For searching in Teams there will be a special search tab to conduct full text search.
For SharePoint we have the option for an addin mode without reverse proxy. In the addin mode there are special buttons for all file operations that are protected by R&S Trusted Gate.
Do you offer a direct integration of R&S Trusted Gate Mobile Access in OneDrive for Business?
OneDrive for Business does not support Addins, so we can’t provide a Mobile Access button in the user interface. However, you can use the R&S Trusted Gate Data Exchange user interface, select the OneDrive target and select Mobile Access there.
What is the benefit of fragmentation of the encrypted files?
Fragmentation has two main advantages:
1) Fragmentation in combination with the R&S Trusted Gate integrated RAID modules allows our clients to store the different pieces distributed across different file targets including on premise, different cloud providers or any software defined storage. If one of the data targets is failing because of a security breach, going offline or other reasons, R&S Trusted Gate can get the pieces automatically from other targets. This feature reduces the dependence on one storage provider.
2) Quantum computing is a threat to current encryption methods. With fragmentation you have a way to be more resilent against quantum computing. You can distribute your enxrypted file fragments in a way that there is no data target with a full set of of a complete encrypted file. If there is a security breach in one of your data targets, the attackers have no access to a complete set of pieces. If there is one part missing for an encrypted file it’s mathematically impossible to decrypt it – even with quantum computing.
We use Microsoft Azure Information Protection (AIP). The remaining risk from a secure Office 365 will be adressed through Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions.
With AIP Microsoft bundles a combination of different security solutions for their users. R&S®Trusted Gate supports and integrates with AIP functionalities. R&S®Trusted Gate adds an additional security layer to AIP that is completely independent from Microsoft. Only with R&S®Trusted Gate our clients own the keys for encryption and can decide for themself where to store their data. We can completely prevent any access to the cont of the data for unauthorized 3rd parties including any cloud service provider like Microsoft.
This functionality of complete data sovereignty & full data controll is not covered by DLP and CASB solutions.
All documents that must be encrypted or decrypted must go through the R&S®Trusted Gate server located in one place; which means there is a single point of failure.
R&S®Trusted Gate is implemented as microservices and therefore fallbacks can be easily implemented to offer high availability. Hot or cold standbys can be set up easily to ensure that there is no single point of failure. Fallback scenarios can include on-premise, hybrid or cloud instances of R&S®Trusted Gate.
What about the granularity of the key management?
Encryption can be done for one user or entire groups with their own keys.
Can we integrate our HSM to work with R&S®Trusted Gate?
Yes, R&S Trusted Gate has an HSM module that works with major HSM suppliers like Ultimaco und Gemalto. We are confident to support your HSM from a different vendor for projects, too.
Can we use our Microsoft keys?
No, R&S®Trusted Gate keys are strictly separated from Microsoft. We want to make sure that nobody except our customer and their authorized users can get access to the content of their data.
In reverse proxy mode, we need to manage locally the DNS entries with microsoft certificates in addition to handling the traffic through a VPN. Microsoft do not encourage such setup.
They is a certain amount of effort necessary to deploy R&S®Trusted Gate. It ensures that your data is protected from any unauthorized access by 3rd parties. Microsoft is a co-selling partner of R&S®Trusted Gate and values the solution for customers with regulated and highly confidential data.
Do you support hybrid scenarios?
There is great flexibility of deployment. R&S®Trusted Gate can run its services in containers with an orchestration system like Kubernetes or can bedeployed as a single server app.
The microservice based software architecture provides a higher grade of control, scalability and elasticity. In hybrid environments, critical core services related to administration and key management can be deployed on-premises while CPU intensive operations like encryption service can be deployed in the cloud.
How can we handle the provisioning of users?
External User Mappings can be imported via CSV file. This would most likely be used for the initial setup.
After that, the import of new users can be automated using the “External IAM” extension’s user auto-import feature. It regularly checks an encrypted CSV file that needs to be maintained by the customer. The customer can also set up automated updates of said file.
What is the impact of R&S®Trusted Gate on performance? Will users have a much higher response time when working with documents?
R&S®Trusted Gate uses a modern software architecture based on microservices. That leads to a very high scalability & flexibility. In performance measures R&S®Trusted Gate has shown a nearly linear scale regarding performance & dedicated CPU power. The more CPU power the customer grants to R&S®Trusted Gate the higher will be performance and the lower will be response times for the user.
Licensing & Legal
What is the license model?
R&S®Trusted Gate is licenced by the number of users & number of cores. This is a good way to balance different customer needs. There are customers with a high number of users but only a small number of documents they handle. And there are customers with only a few selected users, but they need to handle a huge amount of data.
How can we estimate the number of cores we need?
It always depend on the amount of data they have to handle at the same time. For average data usage with basic performance we calculate with 500 users per core. For more performance we recommend to license more cores. Our sales have access on a convenient calculator for an estimation.
We have a no cloud strategy because of data protection concerns. We can't risk to have our data in the cloud.
With R&S®Trusted Gate your data isn’t in the cloud. Your real data can be all stored on premise in encrypted form. You can use all the advantages of cloud based collaboration, because online you are only working with placeholders without real content. Only authorized users will have access to the real data when searching or downloading the files to their safe client. Using the cloud with R&S®Trusted Gate keeps our customer as safe as with a no cloud strategy, but it enables them to use modern cloud applications with their benefits.