Tresorit adds file restore to its e2e encrypted cloud storage service

Europe-based cloud storage startup Tresorit, which mainly focuses on selling to small to medium size businesses, has added a file restore feature to its e2e encrypted cloud storage platform. It’s touting this as a helpful feature if you’re trying to recover from a ransomware attack.

Or, more prosaically, if you’ve accidentally deleted something.

Here’s a GIF showing the file recovery feature in action:

The file restore feature covers files stored in Tresorit’s cloud and files synced locally to a user’s devices.

Obviously, if files are only stored locally and not backed up or synced to Tresorit’s cloud there’s no fallback restoration in the event of a ransomware infection. (While files stored in Tresorit’s cloud that not synced locally would not be affected by any local ransomware infection.)

Tresorit already had a file versioning feature, which allows users to recover any previously saved versions of their files. But it says the addition of file restore helps mitigate the types of ransomware attacks that encrypt files without deleting them first.

There’s no time limitation on the file restore option. Files can always be recovered so long as
the user hasn’t confirmed permanent deletion.

Which does mean, over time, the feature may end up eating into your storage limit — at least if you don’t tidy up and fully delete files you no longer need.

“Non-permanently deleted items count towards the storage space of a user. So, it requires some ‘housekeeping’ from the user,” confirms a Tresorit spokeswoman. “But it is easy to get rid of all these deleted items that a user doesn’t need by selecting ‘Remove deleted items’.”

Also helpful: Tresorit has announced it’s doubling the amount of storage space it offers for individual plans — with its premium (aimed at individuals) and solo (freelancers and professionals) plan users now getting 200GB and 2TB respectively.

Today it’s also introduced a new basic plan which it describes as a “more capable” free version —  intended to help external collaboration between its business users and their clients or partners (who may not be Tresorit users).

Last year it launched free subscriptions for NGOs and activists for whom strong privacy is not just a nice to have. And the spokeswoman tells us more than 100,000 people are now using its tools — which includes both consumer (so some non-paying) and business users.

“Almost two-thirds of our customers are European, led by the traditionally security and privacy conscious countries like Germany and Switzerland. The next biggest European markets are the UK and the Benelux-states. The second largest region is North-America (mostly the US),” she says, adding that Europe’s incoming update to its data protection framework is also driving local uptake.

“With only a few months to go until the GDPR, we are seeing an even higher demand for secure, end-to-end encrypted online services with European data centers. A lot of smaller companies are just starting the preparation for the GDPR, and looking for secure services they can easily switch to.”

Tresorit’s zero-knowledge e2e encryption architecture means that, unlike cloud storage giants like Dropbox, it cannot decrypt and access users’ files. So it cannot be subpoenaed to hand over content data itself.

Although it can provide some user and service activity data in exchange to lawful requests — such as names, email addresses, billing details and so on. The company recently started publishing a Transparency Report to list any government data requests it receives and provide details on how it handles such requests.

“During the period covered in this (from September 24, 2013, to November 30, 2017), we received one informal request from a Swiss police authority to retain certain user data, however, as there was no official decision by Swiss authorities on this case, in the end, we didn’t hand over any data,” the spokeswoman tells us.

“As a Swiss company, Tresorit is primarily subject to Swiss jurisdiction regarding data protection and criminal procedures. Without an official decision by a Swiss cantonal or federal authority, no information can be provided to foreign requests.”