Every file, every place, every time
While there are endless File and Folder Encryption (FFE) products on the market, not all are created equal. Many File Level Encryption (FLE) solutions establish security silos for “sensitive” Data or Data users deem the most important, and even that not in all three states (in-transit, in-use, and at-rest). The problem is, in today’s highly connected and work everywhere world, isn’t all Data important?
With our unique approach to Data encryption, you no longer have to decide what Data to protect. Our SecureData technology protects everything, in every place, all the time. It does this by making encryption an inherent property of your Data, as opposed to a collection of reactive systems, restrictive tools that impact usability, and incomplete policies that can never keep up.
How to choose the best encryption software
Does the encryption software offer proactive protection?
If there’s anything that 2020 has taught it’s that all the bells, whistles, and consulting in the world can’t predict the future. To stay ahead of every threat, every time, proactiveness is key. The problem is, many encryption solutions require active user involvement. If the approach isn’t completely proactive and it places a burden on the user, it’s only natural that these users will find their own (unsecure) methods to get on with their day-to-day work.
Our encryption technology removes the human element, making protection an inherent and invisible part of the Data.
Is the encryption software really designed to provide 100% protection?
Full Disk Encryption (FDE or sometimes volume encryption) that protects “mission-critical” or “sensitive” files sounds powerful but the reality is, it only protects Data on a dormant system (please see the FAQs below on the distinction between FDE and File Level Encryption or FLE). To us, security is either 100% or 0% and our FLE is really 100% for every file, every place, and every time.
Our encryption software can be configured to provide this 100% protection. We protect every file (including those on legacy and in-house custom applications), every place (from endpoints to the cloud and back), and every time (in-transit, in-use, and at-rest).
Is the encryption software authenticating the user and securing Data at the endpoints?
It’s important to ensure that the Data protection is provided at the point where it’s being processed so that there are no security gaps, and that no Data in any state (in-transit, in-use, and at-rest) is left vulnerable. When encryption is processed at a server instead of at the endpoint, it leaves gaps that can result in Data being unavailable for legitimate users, available to unauthorized users, or even sent across networks unprotected. User and context based rules and boundaries are never perfect and endpoint authentication is the only way to protect every file, every place, and every time.
Our encryption software authenticates each file for each user and encrypts at the file level at the endpoint.
Other frequently asked questions about Data encryption
When the computer is turned on and the encryption key has been engaged, every file can be decrypted when accessed and potentially breached. Data in-use and in-transit are plain, whether intended by the user or stolen through some remote attack.
File Level Encryption (FLE) similarly encrypts every user file without any action or decision making. But that encryption remains, whether the computer is on or off, whether the file is open or closed, and whether those files are moving or are at-rest. Every benefit of FDE for Data files remains with the SecureAge approach to FLE, but the encryption persists and doesn’t work just some of the time.
The “full” in FDE does not mean comprehensive – it means at the highest level, some of the time. Data Security should be at the lowest level, all of the time.
Our PKI-based encryption is faster than the graphical user interface which makes it so fast that your employees will never notice. We "stream" Data from the disk, through our encryption engine and into memory so the application does not need to wait for the whole file to be decrypted before use. In fact, the file remains encrypted on disk all of the time.
Modern processors will provide an instruction set specifically for encryption so these security activities do not rob any time from your normal processing cycles. Our government clients who run large databases and typically experience performance hits (due to the combination of CPU, RAM, hard drive performance, and network connection), have been able to minimise performance impact with our solutions.
Our unique approach also allows us to plug in any encryption algorithm that our customers prefer. Many of our government and research clients prefer their own bespoke algorithms and we’re able to extend that level of comfort and compliance to everyone, everywhere.
But when that machine is turned on, the encryption key is entered, and the hard disk is spinning so that the Data on it can be used, FDE no longer protects any of it. All of the files can be removed as plain, unencrypted Data.
FDE is great if someone steals your laptop from your bag. But it's not so great for the way real people use and lose Data every day. We need to turn our machines on to access our Data, and that’s precisely when FDE can’t help.
TDE does not protect the vendor’s temporary and log files. TDE considers temporary, log and report files unimportant and as a result, they are unsecured. These files can, however, can contain sensitive or proprietary information.
TDE is database-specific, meaning you'll need separate TDE licences for each database software, and each license will need to be managed separately - costly and time consuming.
Homomorphic encryption requires application modifications. Businesses will need to rewrite or modify their original or more free-form applications whereas our PKI-based encryption does not interfere with other applications and works alongside them.
FPE is limited to one algorithm, the Advanced Encryption Standard (AES) which NIST identified as “no longer suitable as a general purpose FPE method. While AES can be part of your solution, it can’t be your entire solution.
Hyper FPE sounds even cooler but it requires significant trade-offs between Data protection and usability; our belief is that only inherent and invisible protection without user involvement is truly secure 100% of the time. Hyper FPE also requires that some Data be plain to run certain type of analytics and applications.
Tokenization negatively impacts performance because it can’t take advantage of the AES-NI subset of Intel processors like encryption can, directly hitting the CPU.
May the SecureData force be with you
Our founder, Dr Ngair Teow Hin combined more than a decade’s worth of research with his no-nonsense mindset to create SecureData. Ignoring outdated tribal knowledge, SecureData’s innovative PKI-based technology protects every file, every place, and every time.
This proactive and pervasive style of Data protection quickly attracted governments who were trying to overcome the problems caused by reactive systems, restrictive tools, and constantly changing cybersecurity policies. SecureData has been the encryption solution of choice for public entities in Singapore, Tokyo, and Hong Kong since 2003.
Our internal Data security and information management systems received ISO 27001 certification from SOCOTEC Certification International in 2013.
This ongoing certification ensures that our headquarters remains compliant with ISO 27001 information security management standards for all on-premise Data held.
Our unique encryption technology, SecureData is undergoing Common Criteria Certification. to certify the reliability, quality and trustworthiness of this solution.
Common Criteria (CC) Certification provides an independent and objective validation and can be relied upon to help make informed IT purchasing decisions. It is recognised across 31 countries, and a requirement of hardware and software devices used for national security by the U.S Federal Government, among others, as well as some highly regulated industries globally.