Zero knowledge – total
accounts and access
encryption of documents
transfer of documents
Stringent policy for account
C-Suite Execs & Board Members
IT, Security & Risk Professionals
Benefits of Cryptoloc Technology Enterprise Solutions
Corporate decision making is improved through the high visibility of risk exposure, both for individual activities and major projects, across the whole of the organisation.
Providing financial benefit to the organisation through the reduction of losses and improved “value for money” potential.
Organisations are prepared for most eventualities, being assured of adequate contingency plans.
Benefits of Cryptoloc® Enterprise Solutions
Files are encrypted on your PC, Mac or smartphone before they are uploaded to the cloud. Access to your encrypted files depends on a private key (that only your organisation possess). Your cloud provider has no access to your encrypted files, they have zero knowledge of your company stored files.
Cryptoloc® puts you in control of the files you upload to the cloud. Only you can authorise who can view, modify and download them.
You can share access to different versions of a file with different users, and you can revoke access to various recipients if desired.
Your cloud provider has no administrative control of your files. As an additional feature, Cryptoloc® allows a full audit and log of all users, changes, uploads and downloads to assist with version control, audit of processes and access.
The encryption key generated for each file stored via Cryptoloc® is split into three parts. Each part is encrypted and stored separately in the cloud. One part is stored in your cloud access account, the second part is stored by your cloud provider, and the third is stored in the Escrow’s account.
Normally, you need only your part of a file encryption key and the part provided by your cloud provider to access a file stored in the cloud. If you lose your access for some reason, you can recover access to your files on the cloud by requesting an “escrow recovery”.
Your cloud provider cannot re-create access to your files without intervention from the “Escrow”. The Escrow is a trusted third party who can assist you if you lose your private key or if you wish to pass ownership of your files to someone else. Note that the Escrow does not know your private key, they only know how to start a one-way process to “re-key” access to your files for you.
This means you can always recover access to your files on the cloud even if you lose your private key or forget your account password.
Compartmentalized Storage & Sharing
Cryptoloc® File Storage
Each file stored using Cryptoloc® is locked with a different random cryptographic access key so that even if one file’s key is discovered, the same key cannot be used to unlock any other file.
Using the Cryptoloc® system, only the owner of the file can unlock that file; unless they specifically grant access to another person via Cryptoloc’s file-sharing feature.
Each time a file is updated using Cryptoloc®, a new version of the file is locked and stored. This allows file owners to share different versions of the same file with various people if desired.
To share access to a stored file with another person, Cryptoloc® creates an access record for that person for that file only.
Each time a file is shared with a new person, a new access key specific to that person is created. This means that one stored file could have many different access keys.
If a file is shared with an external party using Cryptoloc’s SecureShare feature, then the recipient only has access to the version of the file at the time it was shared to them. Subsequent updates to the file cannot be accessed by external parties unless the owner uses Cryptoloc® to create a new access key for each new version.
The Cryptographic Forest
File sharing via Cryptoloc® looks a bit like a forest of trees:
- each tree represents a file uploaded by the owner;
- every share of a file adds a branch to the tree;
- old branches can be removed (i.e. revoking access);
- removing a tree cancels all shares (i.e. the branches fall off the tree).
Data in Use
Data in Use is more vulnerable than data at rest because, by definition, it must be accessible to those who need it. Of course, the more people and devices that have access to the data, the greater the risk that it will end up in the wrong hands at some point.
Data at Rest
Data is at Rest when it is stored on any device or network. In this relatively secure state, information is primarily protected by conventional perimeter-based defences such as firewalls and anti-virus programs. However, these barriers are not impenetrable.
Data in Motion
The term Data in Motion quite literally refers to data when it is moving from one place to another. For transportation of data in this manner, many different types of networks can be used. This includes the internet or email. Data is at its most vulnerable when it is in motion, and protecting information in this state requires specialized capabilities from providers such as Cryptoloc Technology.