The Institute for the Analysis of IT Components (IAIT) has been producing high-quality, independent tests and video tutorials on new products and solutions in the field of information technology since 2007. In summer 2018, the team around Dr. Götz Güttich took a closer look at DRACOON in a product test.
DRACOON offers secure cloud storage for companies. With the solution of the German provider the data is encrypted on the client side, which means that all data is securely "stored" everywhere. Thus not even DRACOON as manufacturer can access stored customer data. In our test lab we have taken a close look at the functionality of the product.
DRACOON's cloud storage was specifically tailored to the requirements of companies. That is why there is not only the option to encrypt all data highly secure, but the system also offers a completely own branding with its own URL and design.
The scope of services also includes comprehensive administration functions that cover a multitude of application scenarios. For example, so-called data rooms can be set up to which only certain users have access. Within these rooms it is also possible to grant users only certain rights and to create data rooms within data rooms. In practice, for example, the user "Andreas", who works in the accounting department, could be given full write and read rights to all files (or subordinate data rooms) in the data room "Accounting", but at the same time only read rights to the sub-data room "Invoices" in the data room of the IT department.
The most interesting fact is that the DRACOON solution does not need a central administrator. The user who creates the account and creates the first data rooms has access to all data available in the cloud storage at the beginning, but he can appoint other users as administrators of the individual data rooms. As soon as these users have acquired administrator rights in their data rooms, it is possible to revoke the rights of the first administrator to access these data rooms, thus ensuring that only those employees who really need to see and modify the data to do their job can view and modify it. This functionality prevents the IT department from always having access to everything that is available in the company. This is particularly important when processing particularly sensitive data such as wages, salaries, personnel or even health data.
DRACOON distinguishes between five different management roles that can be assigned to users. For example, the "Configuration Manager" may change the system settings, while the "User Manager" has the possibility to create additional users.
Overall DRACOON distinguishes between encryption on the client, on the server and during transport. While the server and the transport are always encrypted, the client-side encryption must be activated manually. By the way, to act DSGVO compliant personal data should always be encrypted on the client side.
Access to the cloud storage is possible in a number of different ways. In addition to the web application, which is used for secure control of the solution via the Internet and which also allows files to be uploaded and downloaded, clients for the desktop operating systems MacOS (from version 10.8.3) and Windows (from Windows 7) as well as the mobile operating systems Android (since version 4.1) and iOS (from version 9.3) are available in the form of a separate app. Furthermore, IT managers can integrate DRACOON into their Active Directory environment and a JSON/REST API supports the connection of third party solutions such as SharePoint and similar.
In addition to the already mentioned features DRACOON also offers an Outlook Add-In to secure the delivery of mail attachments. Also of interest are the file versioning and the reporting tool, we will go into more detail later.
For our test we used the free version of DRACOON, which includes all functions (except the branding features), is not limited in time and the only limitation is the storage capacity of ten GByte - quite generous for a free offer - and the number of users. To take advantage of this offer, users simply need to create an account on the manufacturer's website at https://www.dracoon.com/free, and then they can get started right away.
In addition to the free offer DRACOON also offers various enterprise versions that are subject to a fee: With the "Cloud Enterprise Solution" the data is stored in certified DRACOON data centres with unlimited data volume. This variant is available for 50 users and more. With the "hybrid solution", which is also available from 50 users, DRACOON is operated from the cloud. In this case the system stores the files in the customer's own data centre. The "on-premises version", on the other hand, allows installation and operation of the DRACOON solution in the customer's own data centre for 100 users or more. After setting up our account, we first created various user accounts, created data rooms, assigned rights and checked whether the system behaved as expected during operation.
We then installed the Windows client on various computers running Windows 10 and used it to automatically synchronize the cloud storage between these clients. We then used smartphones running Android 7 and 8 to access our data on the move using the Android client. Under iOS we used various iPads for this purpose. We also took a closer look at the functionality of the Outlook add-in and the reporting tool.
In order to get a DRACOON account, users only have to provide their name and e-mail address on the above mentioned website. Afterwards they will receive an email containing the URL to the DRACOON server, the user name (this is the email address) and the initial password as well as a link to the documentation.
The next step was to set up various user accounts and data rooms and assign different rights to them. All this can be done relatively easily via the menu bar and the entries "Users & Groups" and "Manage Data Rooms". If client-side encryption is to be used for local encryption of data, it must first be activated under "Settings". To do this, the responsible employees must first define a system emergency password with which data can be decrypted if a user of a room has forgotten his personal decryption password. Once this has been done, the system generates the key pair and client-side encryption becomes active.