Every file, every place, every time
There are endless file and folder encryption products on the market however, not all are created equal. Many encryption solutions are flawed because they operate in "security silos” only protecting the Data that is deemed the most important. The problem is, in today’s highly connected and regulated world, isn’t all Data important?
With our unique approach to Data encryption, you no longer have to decide what Data to protect. Our SecureData technology protects everything, in every place, all the time. It does this by making encryption an inherent property of your Data, as opposed to a collection of reactive systems, restrictive tools that impact usability, and incomplete policies that can never keep up.
How to choose the best encryption software
When comparing encryption solutions we recommend asking these three questions before making a decision:
Does the encryption software offer proactive protection?
If there’s anything that 2020 has taught it’s that all the bells, whistles, and consulting in the world can’t predict the future. To stay ahead of every threat, every time, proactiveness is key. The problem is, many encryption solutions require active user involvement; if the approach isn’t completely proactive and it places a burden on the user, it’s only natural that these users will find their own (unsecure) methods to get on with their day-to-day work.
Our technology removes the human element, making encryption an inherent part of the Data, and uses a block-first approach to malware making proactive security easy.
Can the encryption software provide 100% protection?
Full disk encryption (or volume encryption) that protects your “mission-critical” files sounds powerful but the reality is, it usually only protects Data on a dormant system – great if you leave your laptop somewhere, but not so great for Data in-transit or in-use. To us, security is either 100% or 0%, there’s nothing in between. Make sure you check if file-level really means, every file, every place, and every time.
Our encryption software can be configured to provide truly 100% protection. It protects every file (including files on legacy and custom applications), every place (from endpoints to the cloud and back again), and every time (in-transit, in-use, and at-rest).
Is the encryption software authenticating the user and securing Data at the endpoints?
It’s important to ensure that the Data protection is provided at the point where it’s being processed so that there are no security gaps, and that no Data in any state is left vulnerable. When encryption is processed at a server instead of at the endpoint it leaves gaps where users may be unable to access keys. This can result in Data being unavailable for legitimate users, Data being made available to unauthorised users, or Data being sent across networks unencrypted.
Our endpoint protection software both authenticates each user and encrypts Data at the file level at the endpoint.
Other frequently asked questions about Data encryption
Our PKI-based encryption is faster than the graphical user interface which makes it so fast that your employees will never notice. We "stream" Data from the disk, through our encryption engine and into memory so the application does not need to wait for the whole file to be decrypted before use. In fact, the file remains encrypted on disk all of the time.
Modern processors will provide an instruction set specifically for encryption so these security activities do not rob any time from your normal processing cycles. Our government clients who run large databases and typically experience performance hits (due to the combination of CPU, RAM, hard drive performance, and network connection), have been able to minimise performance impact with our solutions.
Symmetric algorithms include the popular AES (Advanced Encryption Standard) known for its speed and flexibility; everyday Wi-Fi, VPNs, and SSL for example rely on AES. The SecureAge PKI-based approach is different in that it relies on asymmetric algorithms such as RSA without a detectable impact on performance. In addition to RSA, our technology also includes the latest advancements in asymmetric ECC (Elliptic Curve Cryptography).
Our unique approach also allows us to plug in any encryption algorithm that our customers prefer. Many of our government and research clients prefer their own bespoke algorithms and we’re able to extend that level of comfort and compliance to everyone, everywhere.
Today, most applications make use of unstructured Data but TDE does not encrypt such data, leaving it vulnerable to mis-use and theft.
TDE does not protect the vendor’s temporary and log files
TDE considers temporary, log and report files unimportant and as a result, they are unsecured. These files can, however, can contain sensitive or proprietary information.
TDE is database-specific
You'll need separate TDE licences for each database software, and each license will need to be managed separately - costly and time consuming.
The performance hit is around 50,000 times that of working with plain Data. This is compared to the tried and true invisible impact of PKI-based encryption.
Homomorphic encryption requires application modifications
Businesses will need to rewrite or modify their original or more free-form applications whereas our PKI-based encryption does not interfere with other applications and works alongside them.
Format preserving encryption sounds cool but FPE techniques generally only work on structured and well-defined Data sets where users know what they have: e.g. credit card numbers.
FPE is linked to one algorithm: the Advanced Encryption Standard (AES)
In 2017, the National Institute of Standards and Technology (NIST) identified AES as “no longer suitable as a general purpose FPE method.” While it can be part of your solution, it can’t be your entire solution.
Even with Hyper FPE trade offs are required
Hyper FPE claims to optimise the balance between Data security and usability however trade-offs are required as only 90% of analytics can run without decryption.
Unfortunately you can’t use tokenized Data (e.g. analytics) and it does not remove the human element (users are aware of the security and will find ways to work around it).
The non-tokenized Data set is still plain
Partial Data loss can still lead to identity theft, or non-compliance. GDPR considers tokenized Data loss a reportable breach (unlike encrypted Data loss).
Tokenization negatively impacts performance
Unlike encryption, tokenization cannot take advantage of the AES-NI subset of Intel processors and this directly impacts the CPU.
May the SecureData force be with you
Our founder, Dr Ngair Teow Hin combined more than a decade’s worth of research with his no-nonsense mindset to create SecureData. Ignoring outdated tribal knowledge, SecureData’s innovative PKI-based technology protects every file, every place, and every time.
This proactive and pervasive style of Data protection quickly attracted governments who were trying to overcome the problems caused by reactive systems, restrictive tools, and constantly changing cybersecurity policies. SecureData has been the encryption solution of choice for public entities in Singapore, Tokyo and Hong Kong since 2003.
Our internal Data security and information management systems received ISO 27001 certification from SOCOTEC Certification International in 2013.
This ongoing certification ensures that our headquarters remains compliant with ISO 27001 information security management standards for all on-premise Data held.
Our unique encryption technology, SecureData is undergoing Common Criteria Certification. to certify the reliability, quality and trustworthiness of this solution.
Common Criteria (CC) Certification provides an independent and objective validation and can be relied upon to help make informed IT purchasing decisions. It is recognised across 31 countries, and a requirement of hardware and software devices used for national security by the U.S Federal Government, among others, as well as some highly regulated industries globally.