Every file, Every place, Every time

There are endless file and folder encryption products on the market however, not all are created equal. Many encryption solutions are done in “security silos” only protecting Data that is deemed most important. 

The question is, in today’s highly connected and regulated world, isn’t all Data important? With our approach you no longer have to find and protect the “most important” Data all the time. SecureAge simply protects everything because there is no down-side.

SecureData

How to choose the best encryption software

When comparing encryption solutions we recommend asking these three questions before making a decision:

Does the encryption software offer proactive protection?

If there’s anything that 2020 has taught it’s that all the bells, whistles, and consulting in the world can’t predict the future. To stay ahead of every threat, every time, proactiveness is key. Many encryption solutions require heavy user involvement and allow access to anything that falls outside of the 99% detection rate of the best malware detectors which can have disastrous consequences. 

Our technology removes the human element, making encryption an inherent part of the Data, and uses a block-first approach to malware making proactive security easy.

Can the encryption software provide 100% protection?

Full disk encryption (or volume encryption) that protects your “mission-critical” files sounds powerful but the reality is that it only protects Data on a dormant system – great if you leave your laptop on the train. Our encryption software can be configured to provide truly 100% protection. It protects every file (including those using legacy and custom applications), every place (from endpoints to the cloud and back again), and every time (in-transit, in-use, and at-rest). 

To us, security is either 100% or 0%, there’s nothing in between. Make sure you check if file-level really means, every file, every place and every time.

Is the encryption software authenticating the user and securing Data at the endpoints?

Ensure that the Data protection is provided at the point where it’s being processed so that there are no security gaps, and no Data is left vulnerable. Our endpoint protection software both authenticates each user, and encrypts Data at the endpoint whereas some other solutions employ different approaches where authentication and/or encryption is processed at a server. 

We believe when encryption is processed at a server it leaves gaps where users may be unable to access keys or may have inappropriate access to keys.  This can result in Data being unavailable for legitimate users, being made available to unauthorised users, or being sent across networks unencrypted.

Why is PKI-based encryption important?

PKI-based encryption overcomes the limitations of the commonly used symmetric cryptography. With our approach, the challenge of securely sharing Data is solved because asymmetric cryptography enables two tightly connected keys for each person, and the public key infrastructure (PKI) provides the trusted certificate authority. This unique and proven approach allows three distinct advantages.

Protection for every file, every place, and every time

PKI-based Data encryption uses unique encryption keys for each file, while at the same time, building authentication into Data. This means that 100% protection of all Data is possible, essentially extending a zero-trust security model. With PKI-based encryption, every time that the Data is accessed the identity of the request is checked, and every file is always protected, in every location - no matter where it is copied.

This differs from other encryption solutions that rely only on symmetric encryption as they have no way of authenticating each user against each file. When giving access to this single symmetric encryption key, it allows any user or process to access the Data.

Natural and secure file sharing anywhere

PKI-based encryption supports many commonly used applications including file encryption, digital signatures, and email. It is designed in a way that the encryption is an inherent part of the Data and therefore invisible to the user, and the application. This enables natural Data sharing across user groups and networks, meaning there are NO additional steps that users need to take to ensure protection.

Other encryption solutions rely only on symmetric encryption which use proprietary mechanisms to store and share keys. By using one key it not only reduces security, but also adds an administrative burden to perform "key rotation".

Far-reaching implications

With PKI-based Data protection it is possible to deal with both external and insider cybersecurity threats and close the gaps. Application control minimises the likelihood of successful external attacks by blocking all unauthorised processes using a zero-trust approach, while file encryption blocks unauthorised Data access to ALL Data, no matter whether it’s in-use, in-storage, or in-transit. Win-win. 

The reality is, alternative encryption solutions tolerate the security gaps present which gives cybercriminals an opportunity to gain computer and network access. Without pervasive, inherent, and invisible Data security, Data is left vulnerable.

Other frequently asked questions about Data encryption

What is the performance impact from SecureAge PKI based encryption?

Our PKI-based encryption is faster than the graphical user interface which makes it so fast that your employees will never notice. We "stream" Data from the disk, through our encryption engine and into memory so the application does not need to wait for the whole file to be decrypted before use. In fact, the file remains encrypted on disk all of the time.

Modern processors will provide an instruction set specifically for encryption so these security activities do not rob any time from your normal processing cycles. Even for government clients who run large databases and typically experience performance sacrifices due to the combination of CPU, RAM, hard drive performance, and network connection, our PKI-based encryption has proven to minimise the impact.

What are the limitations with Transparent Data Encryption (TDE)?
  • TDE does not protect unstructured files outside the vendor’s database

Today, most applications make use of unstructured Data but TDE does not encrypt such data, leaving it vulnerable to mis-use and theft.

  • TDE does not protect the vendor’s temporary and log files 

TDE considers temporary, log and report files unimportant, and as a result they are unsecured. However, these files can contain sensitive or proprietary information.

  • TDE is database-specific

You'll need separate TDE licences for each database software, and each license will need to be managed separately - costly and time consuming.

What are the limitations with Homomorphic Encryption?
  • Homomorphic encryption is too slow to be practical

The performance hit is around 50,000 times that of working with plain Data. This is compared to the tried and true invisible impact of PKI-based encryption.

  • Homomorphic encryption requires application modifications

Businesses will need to rewrite or modify their original or more free-form applications whereas our PKI-based encryption does not interfere with other applications and works alongside them.

  • Homomorphic encryption adds complexity (and cost) to existing solutions

While often added to existing security solutions, with SecureData it’s not necessary. SecureData protects ALL Data including Data-in-transit, in-use, and at-rest.

What are the limitations with Format Preserving Encryption?
  • Format Preserving Encryption (FPE) is limited

Format preserving encryption sounds cool but FPE techniques generally only work on structured and well-defined Data sets where users know what they have: e.g. credit card numbers.

  • FPE is linked to one algorithm: the Advanced Encryption Standard (AES) 

In 2017, the National Institute of Standards and Technology (NIST) identified AES as “no longer suitable as a general purpose FPE method.” While it can be part of your solution, it can’t be your entire solution.

  • Even with Hyper FPE trade offs are required 

Hyper FPE claims to optimise the balance between Data security and usability however trade-offs are required as only 90% of analytics can run without decryption.

What are the limitations with tokenization?
  • Tokenized Data is a dead weight

Unfortunately you can’t use tokenized Data (e.g. analytics) and it does not remove the human element (users are aware of the security and will find ways to work around it).

  • The non-tokenized Data set is still plain

Partial Data loss can still lead to identity theft, or non-compliance. GDPR considers tokenized Data loss a reportable breach (unlike encrypted Data loss).

  • Tokenization negatively impacts performance

Unlike encryption, tokenization cannot take advantage of the AES-NI subset of Intel processors and this directly impacts the CPU.

May the SecureData force be with you

Our technology has a 17-year history of ZERO Data breaches

Our founder, Dr Ngair Teow Hin combined more than a decade’s worth of research with his no-nonsense mindset to create SecureData. He ignored outdated tribal knowledge and used innovative PKI-based encryption technology to protect all types of Data, in all types of use. 

This proactive and pervasive style of Data protection quickly attracted governments who were trying to overcome the problems caused by reactive systems, restrictive tools, and constantly changing cybersecurity policies. SecureData has been the encryption solution of choice for public entities in Singapore, Tokyo and Hong Kong since 2003.
Our-technology

Industry certified

Industry certified

Our internal Data security and information management systems received ISO 27001 certification from SOCOTEC Certification International in 2013.

This ongoing certification ensures that our headquarters remains compliant with ISO 27001 information security management standards for all on-premise Data held.

common criteria

Our unique encryption technology, SecureData is undergoing Common Criteria Certification. to certify the reliability, quality and trustworthiness of this solution.  

Common Criteria (CC) Certification provides an independent and objective validation and can be relied upon to help make informed IT purchasing decisions. It is recognised across 31 countries, and a requirement of hardware and software devices used for national security by the U.S Federal Government, among others, as well as some highly regulated industries globally.

wave wave wave wave wave

No more playing cat-and-mouse

Get truly proactive and pervasive encryption 

We use cookies to improve your experience, for analytics and marketing. By continuing to browse our website, we assume you’re ok with this. To find out more about our use of cookies, please see our Cookie Policy.