What is Fileflex?
Fileflex is the world’s first Zero Trust Remote Data Access, Security, and Governance Platform that unifies and protects all enterprise data with mathematically unbreachable security – thereby subverting the threat of data theft and Ransomware.
Most data breaches involve employees, corporate spies, and hackers. Most companies lose their proprietary data to theft. Recently publicized breaches at key players like Microsoft, Okta, Tesla, and Pfizer are the norm, as is paying off (not preventing) ransomware extortion.
Many solutions have been attempted but never accomplished. Beyond network and application-level protection, Fileflex is the most important piece of the security puzzle – solving data protection at the file level.
Fileflex is uniquely innovative.
General Capabilities
- Ransomware protection with the further ability to recover files from infected networks
- Fileflex provides complete protection for all enterprise structured and unstructured data, regardless of location and size.
- Fileflex protects every data file type across entire Hybrid-IT Infrastructures down to the most discrete file level.
- Fileflex is a perfect tool to bring Governance over PII and PHI information and DGPR and HIPAA compliance.
- Fast and easy remote data access and file sharing without uploading or duplicating data, including DB apps like SAP, Oracle, and other ERP systems.
- Fast file viewing, collaboration, and streaming of large engineering files (e.g AutoCAD), video, audio, and text.
- Access to all data from any connected device anywhere.
- External File Sharing of SharePoint content from on-prem or Cloud-hosted installations.
- Folder and file sharing with all partners in your supply chain including your clients/customers. Sharing and access of confidential files can be restricted to “access only” (no sharing) and “view only” (no downloading).
- Enables ability to reduce data storage requirements.
Features
- Data stays at rest, wherever it resides within the network – without ever needing to be uploaded or copied — leaving data at rest in its protected location.
- No duplication of data enabling version control and a “Single Source of Truth”. Addresses inefficiencies and security issues of file duplication.
- Dashboard Management Panel gives IT full control.
- Log file with complete audit trail for all accessed data with file and folder level micro-segmented access.
- Intel® SGX breed of server processor integration providing 2 TB of data storage
inside the silicon layer of each processor. Data at rest is encrypted and keys are stored in “enclaves” within the silicon. Unbreachable data storage and data access through Fileflex and SGX processors (Intel®). - Plug and Play: Fast and easy deployment (scale to thousands of users overnight).
- Always-on ZTDA
- Minimal maintenance with seamless version upgrades.
Functionality
- Runs on mobile, tablet, laptop, or desktop.
- Data stays at rest, wherever it resides within the network.
- All data access is logged in real time, giving IT unlimited potential to identify suspicious activity and block file access for outlying behaviour.
- Fast and easy access to all authorized data found under one drive letter in Windows 11 File Explorer. Windows native integration providing user access to all authorized data within folders (whose server location cannot be determined
by the user). (Sept 2022 release).
Business Benefits
1. Single Source of Truth with no conflicting (duplicate) file versions.
2. Enterprise Knowledge Management and Analytics gained from the
comprehensive audit file that collects all data access events including:
- File open
- File share
- File upload or download
- File name change or file edit.
3. Cost Saving
- The cost savings and disruption avoidance through the prevention of Ransomware attacks and recovery (and insurance) cannot be understated.
- VPNs are no longer needed to access data, eliminating a major weakness in data security while reducing or eliminating VPN licensing cost.
- Leverages your existing storage investments, infrastructure, and IT resources without additional spend.
- Increases remote worker productivity.
- De-duplication of data, reducing cost of data management and storage.
- Low fixed monthly per-user licenses.
- No workflow changes or interruptions (time savings).
User Benefits
- No app to learn.
- No adoption issues.
- No chance of user error (work as usual).
- No search confusion over file location, version, or duplication.
Technical Overview
1. Fileflex is a software-only platform that runs on a VM.
2. Remote Access and Share Across Any Multi-Domain Hybrid-IT Infrastructure.
3. Active Directory and LDAP Integration:
- Supports integration with Lightweight Directory Access Protocol (LDAP)and Active Directory (AD) and Azure AD.
- When a new user is added, they can automatically only access storage as allowed by Active Directory and device permissions.
- When a user is deleted from AD, they instantly lose access to any storage through FileFlex, and all their file sharing is turned off reducing risks associated with timing delays or human error caused by having to manage the deletion as two separate actions in two separate systems.
4. Support for Single Sign-On (SSO) (SAML):
- Supports SSO and SAML (Security Assertion Markup Language) open standard as well as the following custom versions from the following providers: OneLogin; Google; Microsoft Azure; Hel-loID; MiniOrange; Okta, TraitWare, Ping Federate and ForgeRock.
5. User Authentication of Shared Files:
- Sharing to unauthenticated users is prohibited. Sharing is done and consumed in the app using patented technology to authenticate users and does not permit open links that can be forwarded or shared on social media providing organizations control over shared files.
6. Device Authentication:
- Device authentication ensures that only authorized devices can use FileFlex
7. Login credentials can be used as an unobtrusive type of two-factor
authentication:
- Helps protect against phishing as credentials are only accepted when sent in conjunction with the device fingerprint.
8. Support for Multi-Factor Authentication and U2F Devices:
- Strong two-factor authentication and easy-to-use U2F device support using public key crypto that protects against phishing, session hijacking,man-in-the-middle, and malware attacks.
9. Credential Protection:
- To protect user and device credentials, FileFlex uses an exchange of anonymous secure tokens for every request.
- FileFlex generates new encryption keys every session and tokens are available only per session. The use of tokens protects user and device credentials since they are not stored on the FileFlex server, the service provider, or with Qnext.
10. Restricted Administrator Access:
- Administrators cannot use File-Flex to access any restricted information beyond what their own permission levels permit. Administrator activities are logged.
11. Optional Intel® SGX
- The option of using Intel® SGX platform hardened secure enclaves for encryption key generation to provide added protection at the deepest level – within the silicon itself – and ensure that shared data is not snooped or tampered with at any stage of access or transmission – even if the system is compromised.
12. Secure, View-Only Option – Downloading Prohibited:
- Administrators can make selected files, folders, or devices ‘view-only’ with downloading of shared content prohibited or they can allow access only and prohibit sharing altogether.
- Users can also set their sharing options so that downloading of shared content is not permitted.
- Unauthorized copying of shared files can be prohibited to maintain control over the privacy of files shared.
13. FileFlex brings Plug and Play Zero Trust Data Access to Enterprise Data on a Per Transaction Basis:
- Using our data access policy server, File-Flex continually authenticates, verifies, and grants or denies access to information on a per transaction basis via an exchange of anonymous secure tokens.
- New encryption keys are generated for every session and tokens area available only per session. The use of tokens protects user and device credentials since they are not stored on the FileFlex server or with the service provider (MSP).
- Direct access to resources is not permitted. All access is via the connector agent which acts as a proxy for the user.
14. Remote Access and Sharing of Files and Folders According to Dynamic, Granular Policy:
- IT admins use the FileFlex Management Console to set access and sharing policies that are determined on a user-by-user or group-by-group basis with storage location, folder, or even granular, file-level access.
- Administrators can make selected devices, folders, or files ‘view-only’ meaning downloading shared content is prohibited, or they can allow access only and prohibit sharing altogether. Users can also set their
sharing options so that downloading of shared content is not permitted. - Unauthorized copying of shared files can be prohibited by both users and administrators to maintain control over the privacy of files shared.
15. Granular File and Folder Level Micro-segmentation:
- FileFlex provides micro-segmented file and folder level access to prevent
lateral movement
16. No Access to the Infrastructure:
- Neither the share recipient nor the FileFlex server can access the storage infrastructure. The connector agent fulfills the request, encrypts it, and sends it back to the user thereby abstracting the user from the infrastructure.
- Access to resources is granted only with the least privileges needed to complete the task.
17. All Resource Authentication and Authorization is Dynamic and Strictly Enforced Before Access is Allowed:
- FileFlex authenticates and verifies all users for all sessions and transactions.
- Prohibits sharing to unauthenticated users. Sharing is done and consumed in the app using patented technology to authenticate users and does not permit open links that can be forwarded or shared on social media providing organizations control over shared files.
- Restricts administrator access where even administrators cannot use FileFlex to access any restricted information beyond what their permission levels permit. Also, all administrator activities are logged.
18. FileFlex Considers All Data Sources and Computing Devices as Resources:
- For organizations pursuing a Zero Trust infrastructure deployment, FileFlex isolates and protects remote access to the crown jewel of any organization– its data. Remote data access is the missing piece of zero trust solutions today.
- Protects company information when accessed both from company-owned devices and even when accessed via today’s bring your own device (BYOD)use of smartphones, tablets, and computers privately owned by users.
About Qnext Inc.
The Fileflex platform is owned, developed, and operated by Qnext Inc., and was in development for the past 8 years, resulting in over 500,000 lines of code and __ patent applications with __ currently approved and __ awaiting approval.
In addition to Qnext’s founder and CEO – Anthony DeCristofara (lifelong technology executive), Qnext is managed by a world class group of Board Members and Advisors including, Will Stewart, Mike Brown, Ed Dubrovsky, Larry Hurtado, and Vyomesh Joshi.
Strategic Partnerships include Intel® (code sharing integration with their new breed of SGX server processors and listed as one of 13 solutions partners on www.Intel.com/products), HP Enterprise, and NEC, plus current negotiations with
Mimecast, Illumio, NTT, ForgeRock, Accenture, and N-Able.
Current Customers include US Airforce, US Army Corps of Engineers, US Department of Defence, Baycrest Health Sciences, and Subaru.
Channel Partners include Insight, Softchoice, TD Synnex, Bytes IT, Bludis, and NXSiemens Global.
Regular website visitors include Amazon, Microsoft, Facebook, Disney, Boeing, BP,FedEx, 3M, EY, Lenovo, GSK, Nestle, McDonald’s and Target.
Investment Opportunity
Qnext is opening a late Seed funding round. If interested, please contact
[email protected].