Cryptzone Group AB (publ)
The Simple Encryption Platform An Overview
Created 2011 For technical questions email support@cryptzone.com
Agenda
......................................... • Simple Encryption Platform (SEP) – An introduction • Product presentation • Technical Presentation of Secured eMail, Secured eUSB, Secured eFile, and Secured eCollaboration • Use cases for the Simple Encryption Platform
More resources …………………………………….. Direct access to Crytpzone Group resource center •
Webinars – http://www.cryptzone.com/resourcecenter/recorded_webinars.aspx
•
Demos / Workshops - http://www.cryptzone.com/resourcecenter/demos.aspx
•
Whitepapers – http://www.cryptzone.com/resourcecenter/whitepapers.aspx
•
Case Studies - http://www.cryptzone.com/resourcecenter/casestudies.aspx
•
Solution Guides - http://www.cryptzone.com/resourcecenter/solutionguides.aspx
•
Product Sheets - http://www.cryptzone.com/resourcecenter/product_sheets.aspx
•
Security as a Service - http://www.cryptzone.com/resourcecenter/saas.aspx
•
Software Manuals - http://www.cryptzone.com/library/#3
In short...
…………………………………….. Secured eMail
Secured eUSB
Policy-controlled email encryption
Centrally managed USB encryption tool
Secured eMail makes it possible for the end user to send secured emails and attachment to anyone directly from Outlook and Lotus Notes. The receiver can open the secured email on any platform as Mac, PC, iPhone, iPad, Blackberry, Symbian and Android and reply back encrypted and secured.
Secured eUSB makes it possible to convert a regular USB flash drive into a secured USB flash drive with strong security that users can safely travel with. The central management console offers detailed content reporting about every flash drive and the ability to lock down or wipe the flash drive.
Secured eFile
Secured eCollaboration
Centrally controlled file/folder security and encryption
Microsoft SharePoint File security & encryption
Secured eFile enables collaborative access to an individual user, work groups or Active Directory OU groups. The end user to secure any file or folder and assign individual or group access rights to it. The SEP manager will control authentication and key management. The secured data can be stored anyplace within the network, including networked share drives, desktops, laptops, USB flash drives and portable media.
Secured eCollaboration is a file encryption & security add-on to your existing Microsoft SharePoint® deployment. It adds functionality which allows users to encrypt documents and files right from within SharePoint but also on the users desktop, USB flash drives, portable hard drives , network drives, etc.
SEP – Simple Encryption Platform
......................................... See a video at http://www.cryptzone.com/demos/Simple_Encryption_Platform_Presentation/ Client Applications
Server
Management Console
Document Security
Global Object Synchronization:
Basic Management:
Policies
Role based administration
Licenses
User rights management
Shared Secrets Secured eFile
Secured eCollaboration
……..……………………...…. Outbound Compliance
Encryption Keys EPM Stealth Keys
Policy design and administration Auditing and incident reporting
Passwords
Education management
Templates
Help Desk / Lost password Recovery
……..……………………...…. Standard SQL database platform
……..……………………...….
Secured eMail
……..……………………...….
Endpoint Security
One way synchronization with directories:
Intellectual Property:
Active Directory
EPM - Enterprise Protection Method
Lotus Domino
Resource/ License Management
LDAP
DCR - Data Content Reporting
……..……………………...….
Secured eUSB
.
Microsoft SharePoint
Existing infrastructure integration such as Microsoft RMS and content management solutions
See Video
Secured eMail Send a secured email to any recipient – that can then reply back secured ......................................... Send a secured email from Outlook or Lotus Notes – Email including attachments will be encrypted. Options to save the email secured in Outlook and Exchange. http://www.youtube.com/watch?v=_WT3hl-QHWs
Recipient signs up - The recipient sign up for the service and can then view the secured email. Recipients can view the secured email on Mac, PC, iPhone, iPad, Symbian, Blackberry, Android devices, etc. http://www.youtube.com/watch?v=D4fnNDEHWyA&feature=related
Reply securely – The recipient can reply securely using any application or on device such as a Mac, PC, iPhone, iPad, Symbian, Blackberry, Android device.
The free reader – It is possible for the recipient to download a free Reader
that integrates into Outlook and Lotus Notes http://www.youtube.com/watch?v=ax6lUjZx4Lo
See Video
Secured eUSB Lifecycle management for encrypted USB flash drives ......................................... Secure any standard flash drive - End user can secure and encrypt any standard flash
drive. Zero footprint, which allows IT to secure flash drives and hand them out to end users without running an application on the endpoint. http://www.youtube.com/watch?v=Dzd5hRgg7k&feature=related
Enforce USB encryption - Users will be enforced to encrypt flash drives to be able to store information on them. http://www.youtube.com/watch?v=e8qpD3DWnRg
Data Content Reporting (DCR) - Generate intelligent reports that shows all content movements on the flash drive. http://www.youtube.com/watch?v=Ms_YNvF9mE0
Kill Pill – Close down access rights or wipe the secured flash drive remotely. http://www.youtube.com/watch?v=oQaKEA9D-9Y&feature=related
See Video
Secured eFile File encryption solution for Data Protection and Compliance ......................................... Secure any document – Empower end users to secure any document on desktops, network drives and portable media. http://www.youtube.com/watch?v=4OZlxbB-u-4 and http://www.youtube.com/watch?v=iBrbLQ2SDHU
Enterprise Protection Method (EPM) – End users can change access rights
to documents at any time. Access rights will be reflected to all versions of the document. http://www.youtube.com/watch?v=0QkZ0hKbOjo
Create portable packages – End users can collaborate secured with external recipients by creating portable secure packages. http://www.youtube.com/watch?v=xQkysiEMFR4
Collaborate securely with customers and partners – Partners and customers can download and install software that will enable them to create and open secured documents.
See Video
Secured eCollaboration Document encryption for SharePoint and the desktop ......................................... Secure any document – Empower end users to secure any document on
SharePoint and the desktop. http://www.youtube.com/watch?v=2HkuDcdQRHU
Enterprise Protection Method (EPM) – End users can change access rights to documents at any time. Access rights will be reflected to all versions of the document. http://www.youtube.com/watch?v=L1BqfE9jE0w
Create portable packages – End users can collaborate secured with external recipients by creating portable secure packages. http://www.youtube.com/watch?v=DbAoxyqeTJ0
Collaborate securely with customers and partners – Partners and customers can
download and install software that will enable them to create and open secured documents.
Secured eCollaboration Document encryption for SharePoint and the desktop ......................................... SharePoint Encryption Deployment Manager – Automatically encrypt
thousands of documents based on document name, document list, document metadata tags, document creator, document classification, document type etc. http://www.youtube.com/watch?v=3X1XJsIKwjg
SharePoint Encryption Rules Manager – Documents that are uploaded to SharePoint will be automatically encrypted based on rules. http://www.youtube.com/watch?v=3X1XJsIKwjg
Product SDK – The SDK makes it possible to build automated workflows
in SharePoint where documents automatically get encrypted. It is also possible to use the SDK to automatically encrypt files and folders located on other locations.
The Simple Encryption Platform - SEP Secured eFile, Secured eCollaboration, Secured eMail, and Secured eUSB
Components
From Small Businesses to Large Enterprises
......................................... Standard components •
SEP Server – Run as a service on the main server.
•
SEP Management Console - .NET based management application that can run on the server or at any desktop. You can deploy multiple instances of the SEP console which allows management from any location of choice.
•
Client Distribution package – Contains the MSI generator that will create the MSI package for 32bit and 64bit machines.
•
SEP Client installation package – generated inside the SEP Management Console.
Additional components •
Secured eCollaboration solution - A WSP add in that integrates into SharePoint.
•
Secured eMail – For Lotus Notes there is a Lotus Notes Deployment tool and template editor.
•
Secured eUSB – All encrypted USB flash drives have a Secured eUSB client that operates the end user interface and the connection to the SEP server.
Enterprise
Deployment Architecture Diagram
......................................... Cryptzone deployment architecture diagram
•
•
•
•
Storage – All data is stored in a SQL database. The SEP server can connect to any standard Microsoft SQL database. Directories - The SEP main server can connect to Active Directory and SharePoint for user and group management. The SEP client can connect to the central server using SSL or HTTPS. Deployment and scaling instructions can be found at http://www.cryptzone.com/download center/enterprise/
Directory Services
Microsoft SQL Server
Main company server SEP Server, SEP MC
Organization Network
Synchronized SEP Client
Clients using SEP
Backup server SEP Server, SEP MC
Installation and set up From Small Businesses to Large Enterprises
......................................... •
A standard installation takes 1-4 hours depending on the environment.
•
There is a Best Practice Set up Wizard to simplify the deployment process. Also included is a default Best Practice security policy that is most commonly used among Cryptzone customers.
•
The configuration manual help organizations to configure the pre designed Best Practices policy to fit the organizations requirements. The configuration manual are available at http://www.cryptzone.com/download center/enterprise/
•
A special manual how to set up the solution for external access using a web service is available at http://www.cryptzone.com/download center/enterprise/
•
A special manual for Lotus Notes users are available at http://www.cryptzone.com/download center/enterprise/
The wizard will assist with set up of: – – – – – – –
•
•
AD connection and sync Define Master Password Define Admin Password Select the main administrator License management policy Assign default policy to all users Generate custom templates
Cryptzone Professional Service team can assist organizations in the set up process of the solution.
Redundancy and backup No worries
......................................... SQL Database •
The core component of Simple Encryption Platform is the database in SQL. This means it is very important to back up the database daily.
•
The database can easily be moved to any location without any problems.
•
SEP Clients will not be affected if the server where the SEP server components is installed will go down or fail. The SEP server and SEP Management console can easily be reinstalled and reconnected to the SQL Database in less than 10 minutes.
Clients •
If the SEP server goes down the SEP clients will continue to function without any issues. Lost functionality will be; • Policies can not be updated centrally • NEW encryption keys cannot be synchronized. • Users cannot change access rights to secured files/folders. • If a user secures a file/folder the user cannot add access right to other users. • USB memory sticks that has been encrypted with Secured eUSB will capture logs file locally until the SEP server is up and running and will then deliver the updated information. • Licenses cannot be moved or changed.
Considerations Storage and network utilization
......................................... Enterprise Server •
1 user profile will on average store up to 100 k per user profile.
•
The network handshake between the Management Server and the SEP Client or agent, takes 8KB.
•
•
Desktop Client •
SEP Client dynamically load and release resources as needed, system resources used will vary depending on tasks and licenses. In passive mode the SEP monitor will use ~2700K of memory and USB monitor around 980K. CPU usage is negligible.
SEP Client and user agent have separate polices updates, but will average on 0.4Kb – 1KB per policy depending on the information it includes. Event takes approximately 0.4KB. Sending an event to the Management Server takes 1KB, not including the event file itself (the log file).
•
In active mode during a user session the task of securing a file will average around 8 MB for SEP monitor and 4-10 MB SEMX Explorer. SEMX can have a peak memory usage of 27 MB for an operation and on a 2.4 Ghz system CPU usage averages on 50% during intense encryption operations.
SEP Client, Secured eUSB will store logs locally until synchronized with the server. Size of logs will vary depending on the number of changes performed per action. Logs are filtered and compressed before transferring to SEP to minimize traffic and storage. A log file for normal file usage will estimated on average take 0.6 KB per completed action.
•
Opening additional secured folders will use 410 MB for each folder, so should a user choose to have 10 active secured folders the combined memory usage would be 40+ MB. As folders are closed and the SEP Client is logged out, memory usage will return to passive mode. During a normal install disk space usage is below 15MB for the SEP Client and log file can be size restricted or disabled depending on configuration.
Uninstallation What to think about
......................................... Encrypted data •
•
•
Files and folders - All encrypted files and folders needs to be unencrypted before uninstalling the software. USB Memory sticks - Encrypted USB memory stick will continue to function without the SEP Server. To uninstall the solution from the USB memory stick, unencrypt all data and then format the stick. Emails – If the organization needs easy access to encrypted emails then the archive function should be activated when the software is installed. Then the organization will have a centralized storage of all sensitive data. The data can be stored secured or unsecured.
SEP Server •
Store and document Master password and all Group passwords.
•
Backup and store the database for future reference.
•
Store a set of the installation files and manuals.
Support and documentation With focus on professional support
......................................... Support •
Support calls available - 24/7/365. Cryptzone support is performed by highly skilled Solution Engineers that will contact customer within 24 hours for personal support. – – –
Phone UK: +44 800 680 0657 Phone USA/Canada: +1.888.533.6365 Phone Sweden: +46 (0)31 773 86 93
•
Customers can email support questions to support@cryptzone.com or go to www.cryptzone.com/support for more help.
•
The Solution Engineers have access to professional tools making it possible for them to see customers screen and give better support. Cryptzone Professional Services team offers special support, deployment, educations etc. at a fee.
•
Documentation •
Manuals and instructions can be downloaded at www.cryptzone.com/downloadcenter/enter prise
•
For Whitepapers and more technical papers go to www.cryptzone.com/downloadcenter/enter prise
Additional details of the Simple Encryption Platform
Password Recovery For Secured eMail
......................................... No helpdesk necessary •
Shared secret recovery – If the user would need to remember a shared secret created for a specific secured contact the user can find this information in their own client. The user simply goes to settings and the secured contact list. There they can display all shared secrets ever created to a secured contact.
•
Central Policy - If this is possible or not can be defined by policy.
Password Recovery For Secured eFile and Secured eUSB
......................................... Password Recovery Wizard • Helpdesk user - The system comes with a ready to go Helpdesk user that can perform the Password Recovery task. • User message – Everywhere where an end user needs to enter a password there is a message informing about password recovery. It is possible to centrally define the information. • Recovery ticket – For every Secured file, folder or USB there is a unique recovery ticket. • Recover wizard - The system offers a Recovery Wizard for helpdesk. The wizard will tell the helpdesk personnel what user that created the secured file, folder or USB. This is to assist helpdesk to do a security check of the person calling.
Restore of user profile Nothing to worry about it is all automatic
......................................... Issues •
• • • •
User profile in Citrix / Terminal server gets damaged and needs to be recreated User machine crashes and the data cannot be restored User have several machines Windows crashes Etc…
Solution •
•
Global Object Synchronization – Cryptzone has built a synchronization concept where information like policies, licenses, encryption keys, logs, templates etc. are automatically synchronized between Cryptzone server and one or several clients. For the IT department this means that a recovery is fully automatic in case of the issues to the right happens. All that needs to be done is to reinstall the client. Encrypted emails, files and folders can and will be backuped in the same procedure as any other email, file or folder.
Give licenses to end users License management
......................................... How to give license •
Licensing for SEP is managed per user. Each user is allowed to have the software installed on several machines and only 1 license will be used.
•
The SEP Management Console is used to manage licenses. A license can be added or removed from a user on the fly.
•
The system comes with the ability to manage licenses by policies. Example: • •
•
If user belongs to certain group the user will receive a license automatically. If user is removed from group the license will be removed. A group can be a AD group, SharePoint group or custom created group in the system. System manager can give licenses to end users manually.
An employee leaves How to recover all information
......................................... Data recovery •
Encrypted USB sticks – All USB sticks can be opened with the master password.
•
Secured files and folders – All secured files and folders can be opened and unencrypted with the master password.
•
Secured eMail – Simply log in as the user to a profile and all secured emails can be accessed. Another possibility is also to use the archiving function where all secured emails can be stored at central location.
Lock down •
Encrypted USB sticks – Can be lock down using the Kill Pill Command in the SEP Management Console
•
Secured files and folders – Will be locked down automatically using AD Disable or Delete command for an AD account. It is also possible to remove access by removing the user license.
•
Secured eMail – Will be locked down automatically using AD Disable or Delete command for an AD account. It is also possible to remove access by removing the user license
Cryptzone Group (publ) AB Global Headquarters:
Drakegatan 7, SE-412 50 Goteborg, Sweden +46 31 776 86 00 www.cryptzone.com support@cryptzone.com
Appendix Product Information
SEP Client Overview SEP Client – SEP Server – SEP Management Console ...................................... Best Practice •
Proactive management platform and intelligent client synchronizes:
eMail Security • Secured eMail – email communications • Secured eControl – Content Filtering for email communications
Intuitive interface and workflows Intelligent Client Global Object Synchronization Active Directory
Data at Rest Storage • Secured eFile – file and folder encryption • Secured eCollaboration – Document encryption for Microsoft SharePoint
• • • •
• • • •
Security policies Stealth encryption keys User and system access rights Password & helpdesk recovery passwords
Security Methodology • •
client Applications
Enterprise Protection Method Strongest methodology available
•Automatic authentication – key management
•System generates dynamic one-time keys for each content element
•
System access protection – one password
•
FIPS certified AES256 encryption algorithm
•
Help Desk – Lost Password Access
End Point Security • Secured eUSB – portable device storage • Secured eDisk - laptop/desktop encryption • Secured eDevice – portable device, portable media and port control w/DLP
Additional details of Secured eMail
Why is email encryption so complex? The problem for IT is: “My users struggle with computers . . . My users struggles with any new procedures . . . My users . . .”
“How to deliver the email with strong encryption, but make it easy so that anybody can read/reply?”
“My users and recipients use all types of mobility devices; iPhones, Blackberry Phones, Android devices, PDA’s – how do you support them?”
Questions that you have to ask? ...................................... •
How does the sender – send the encrypted email? New procedures?
•
Is there a way to automate the decision to encrypt or not?
•
Does this encryption method ensure regulatory compliance?
•
What happens if I need to archive my email?
•
Is the local copy encrypted? & Can I still use Windows Desktop Search?
•
Do I need to download a client to view an encrypted email? What if I want to?
•
Is the web delivery a third party service or can I manage the service?
•
Can recipients view and reply with a portable device – ie., phones, etc?
Cliff Notes on Secured eMail Proven market leader! ...................................... Simply press “send secured” button. Send to anybody in the world regardless Recipient can view emails with client
application, browser or portable device
Centrally managed by SEP, integrated with Microsoft Active Directory
Enterprise Protection Method - Automatic authentication & key management
Global Objects Synchronization - Proactive server and client synchronization
Global Communications - Web service allow users to read/reply to encrypted emails
Strong Encryption - AES 256 bit – FIPS 140-2 Certified Methodology
What is Global Communications? What does it do for my organization?
It’s a in-house service that you can customize to look exactly how you want the service to look like!
It’s is a fool-proof method of delivering encrypted emails for any type of user, any client, any device!
It can control how long you want to offer the delivery of the encrypted email!
Secured eMail and our Global Communications functionality doesn’t impact your Microsoft Exchange Server nor require additional network infrastructure to support the web service!
And it’s available at a quarter of the cost of traditional appliance solutions.
Secured eMail Secured eMail – End Point Security for eMail Encryption ......................................... Best Practice •
Proactive management platform and intelligent client synchronizes: • • • •
• • • •
Security policies Stealth encryption keys User and system access rights Password & helpdesk recovery passwords
Intuitive interface and workflows Empowerment for internal/external users Audit trail of all end user actions Integration with Active Directory
Security Methodology • •
System SKG Patented encryption technology Strongest methodology available
• •
System access protection – one password FIPS certified AES256 encryption algorithm
• •
Automatic authentication – key management System generates dynamic one-time keys for each content element
Features • • • •
• • •
Regulatory Compliance – Sarbanes Oxley, GLB Act, HIPAA HITECH, FTC Red Flag Rules Fully integrated into Microsoft Outlook and Lotus Notes End to End messaging – virtual channel Send to anyone capability – any client app or web based email •
Receivers can download a full Reader and reply back secured for free
•
Receivers can activate a Reader Lite with zero footprint
Ease of use – Press “Send secured” or Send with Secured eControl policy Centralized policy based email encryption Archive encrypted and compressed
Additional details of Secured eUSB
Secured eUSB Encrypts Any USB flash drive in the market today!
…………………………….…. Encrypt any brand, any model, any size . . . Simple to use – optional automatic encryption
Use on any computer in the world! Client application or zero footprint deployment
Strong Encryption – AES 256 bit FIPS Certified
SEP Manager - Data Content Reporting • • • • • •
Complete inventory of USB flash drives by user Risk Intrusion Report DLP Content Search Origin of all of the data on the drive What was done with the data What data is currently on the drive – real time!
Centralized Control - Life Cycle Management • “Lock-out” command to block access • “Kill Pill” command to wipe data on drive
What is Life Cycle Management? What does it do for my organization?
Controls the “birth, use and death” of encrypted USB flash drives. It’s a fool-proof method of managing the encryption process - auto encryption or chose the work flow with a custom process!
LCM can be managed centrally to have standard security policies to protect the data and guarantee that the device will be disabled based those policies!
Control user access of a trusted employee who is now an ex-employee. He has your
data & won’t return the drive. You can wipe the data and kill the device - no matter where the drive is - even off net!
Secured eUSB eUSB – Encrypts ANY USB flash drive in the market today! ........................................ Best Practice
Features
• Proactive management platform and intelligent client synchronizes:
• • • • • •
•Security policies •Stealth encryption keys •User and system access rights •Password & helpdesk recovery passwords
• Intuitive interface and workflows – no training • Audit trail of all end user actions • Lost flash drive – Kill Pill support
•
• Integration with Active Directory • Web based connection to SEP Console
Security Methodology • EPM (Enterprise Protection Method) • FIPS certified AES256 encryption algorithm • Brute force protection and Automatic Data Compression up to 5:1 • Enforced synchronization of portable device • Regulatory Compliance – Sarbanes Oxley, GLB Act, HIPAA HITECH, FTC Red Flag Rules
• • •
Encrypt any brand, any model, any size Distributed or Zero Footprint Deployment Security Policy – whole drive or partial encryption Security Policy based enforced encryption Fastest encryption – 16 GB in one minute Encryption .exe is portable, use on any computer in the world – no license required! Secured workflow - work in a “secured vault” – create, edit, delete Unlimited Passwords Help Desk Lost Password Recovery Support DCR – Data Content Reporting • • • •
Inventory list of all secured USB flash drives & what user that owns it Monitor all content on every secured USB flash drive in the organization by manufacturer Automatic data audit reporting – by user, access, actions and files Help Desk – Audit Trail reporting
Additional details of Secured eCollaboration
Do I really need secure documents? Questions that need to be asked ........................................
I know that encryption can be complex, but isn’t there a easier way?
How do you provide collaborative access to documents and manage user rights?
Do I have to manually encrypt the data?
How do you manage encryption on documents on the desktop and SharePoint?
How do you manage the encryption keys for documents on network drives, those locally stored, or emailed?
What is EPM? What does it do for my organization? ........................................ EPM (Enterprise Protection Method) automates the way a user deals with authentication and key management – basically – one or two clicks.
It’s is a fool-proof method of providing access rights & the associated encryption key to documents for individuals, work groups, AD or SharePoint Groups!
EPM is managed centrally so IT can have standard security policies
and access rights for documents or empower the end users to make access decisions.
Enterprise Protection Method can be configured to allow automatic encryption of uploaded documents to specific libraries. Also EPM can allow automatic encryption of previously stored documents!
Secured eCollaboration
Document encryption for SharePoint ........................................
Secure Documents with automatic authentication
Centrally managed by SEP, integrated with Active Directory & SharePoint
EPM
- Auto authentication & key management
Automatic upload of encrypted files
Regulatory Compliance – HIPAA HiTECH, SOX, GLB Act, FTC’s Red Flag Rules
Simple to use – one click encryption Added icon shows it’s encrypted
Sharing Access – double click to open
Supports full “versioning” & in/check-out”
“check-
Secured eCollaboration - EPM Secure Microsoft Documents with automatic authentication …...................................................... Best Practice
Features
•
•
Proactive management platform and intelligent client synchronizes: • • • •
Security policies Stealth encryption keys User and system access rights Password & helpdesk recovery passwords
•
Intuitive interface and workflows
•
Empowerment for internal/external users
•
Audit trail of all end user actions
•
Integration with Active Directory
Security Methodology
• • • • •
•
•
EPM (Enterprise Protection Method)
•
•
Document creator can add/remove access rights
•
•
Manage access to documents – Manager, Contributor and Reader levels
•
System access protection – one password
•
FIPS certified AES256 encryption algorithm
Regulatory Compliance – Sarbanes Oxley, GLB Act, HIPAA HITECH, FTC Red Flag Rules User work flow doesn’t change Simple to use – one click encryption Supports full “versioning”, “checkin”, & “checkout” Document icon shown visually as encrypted Secure documents can travel and rest secured on any media or device including network shared drives, FTP servers, DVDs, etc. EPM Stealth Key Technology and Automatic authentication/Key management End users can secure data and add access rights to AD users and groups Share data with customers and partners • •
Free Reader Self-Extracting option
Additional details of Secured eFile
Why protect files & folders? It’s “data at rest”, but usually “in use” and stored everywhere!
Regulatory Compliance regarding “data at rest”! Providing collaboration access of files/folders is the most effective way to organize and maximize your employees intellectual talent, but what about protecting the data? Giving access could be a big mistake!
..
HIPAA HITECH Act ..
Gramm-Leach-Bliley Act ..
FTC’s Red Flag Rules State Laws; Massachusetts, Nevada, California, New York. 38 other states.
Companies that don’t meet regulatory compliance rules and laws will receive punitive penalties and fines, and it’s more than fines; non-compliance correlates to the company’s monetary value!
Why is certificate based file encryption so complex? The problem for IT is: “My users struggle with computers . . . My users struggles with any new procedures . . . My users . . .”
“How to deliver access to secured files & folders with strong encryption, but make it easy for the right people to read?
“I would like to set up centralized rules so that when a member of a work group or AD groups encrypts a file - everybody that should have rights – have rights, and others don’t. I need to dumb this process down!”
This is what I want to learn about? •
How do you provide collaborative access to files and folders, and manage user rights – while maintaining high security?
•
I assume I can create AD OU secured groups, but can I create work groups? Can my users add access rights individuals or groups to share secured data?
•
Most users create files on their desktop and move them to network shared drive – how do you manage encryption?
•
And when you access the files – do you have to use a certificate?
•
Files and Folders located on network share drives are usually stored locally, on USB’s, burnt on CD/DVD’s – are they controlled?
•
How do I share encrypted files/folders to people outside my network?
What is EPM?
What does it do for my organization?
EPM (Enterprise Protection Method) automates the way a user deals with authentication and key management – it’s either – one or two clicks.
It’s a fool-proof method of controlling access rights & encryption key management for individuals, work groups, AD or SharePoint Groups!
EPM is managed centrally to have standard security policies and
access rights for files and folders or empower the end users to make access decisions.
You can dumb it down so the user experience is controlled.
Secured eFile
File & folder encryption for the Enterprise
Secured eFile is a multi-function client – eMail, eCollaboration, eUSB, eDevice
Simple Encryption Platform
- SEP Manager and Console – manages the clients
SEP leverages – Active Directory and builds a structure of authentication based on AD credentials and key management
EPM – Enterprise Protection Method.
Simple to use – one click encryption Empowered users can give collaborative access to individuals, AD groups+
Auto authentication & key management Deliver secured “executable” files/folders to external parties – quick & easy!
Secured eFile – EPM Encrypt Network Files/Folders for automatic authentication .......................................... Best Practice
Features
•
•
Proactive management platform and intelligent client synchronizes: • • • •
Security policies Stealth encryption keys User and system access rights Password & helpdesk recovery passwords
•
Intuitive interface and workflows
•
Empowerment for internal/external users
•
Audit trail of all end user actions
•
Integration with Active Directory
Security Methodology •
EPM (Enterprise Protection Method)
•
Document creator can add/remove access rights
•
Manage access to documents – Manager, Contributor and Reader levels
•
System access protection – one password
•
FIPS certified AES256 encryption algorithm
• • • •
•
Regulatory Compliance – Sarbanes Oxley, GLB Act, HIPAA HITECH, FTC Red Flag Rules EPM Stealth Key Technology which allows Automatic authentication & Key Management End users can secure data and add access rights to AD users and groups Create Secured Groups that can collaborate and share secured content without passwords Secured file(s)/folder(s) can be placed on any media or device including network shared drives, FTP servers, DVDs, etc. Share data with customers and partners • •
• •
Free Reader Self-Extracting option
Recovery password and Help Desk tools All secured data is automatically compressed