What has been missing until now is the ability to keep electronic data absolutely protected from the time it is created through its usage by all intended recipients and continuous throughout its entire lifecycle.
By Elliot Lewis, Encryptics CEO & Cybersecurity Authority
The one common denominator across all technologies — from data centers and file storage systems to self-driving cars and smart appliances — is data.
Data creation and exchange has profoundly changed the landscape of how each of us live, work and play. Data exchanges happen every picosecond of every day throughout the globe. Whether that data is being created by its owner or being shared and accessed by others, we have reached a critical juncture in the need to secure that data and protect the rights and privacy of its owners.
To that end, we have developed and deployed technology that makes data self-protecting, intelligent and self-aware.
No matter where it goes.
No matter how long it is out there.
These are bold statements that may make many people raise their eyebrows and ask, “Really? — of course data should just stop allowing itself to be stolen, should just become sentient and protect itself, and then of course we can all stop worrying about data breaches.”
In case it sounds too futuristic to be true, allow us to explain our technology, how we designed it and how it works.
THE DIRTY LITTLE SECRET IN CYBERSECURITY
Until now, cybersecurity technologies have been limited by their technology capabilities and overly focused on data breach prevention, protection and detection to contain data. But that is not realistic given how data operates in the real world as people and organizations share data to complete necessary business and personal transactions. What has been missing until now is the ability to keep electronic data absolutely protected from the time it is created through its usage by all intended recipients and continuous throughout its entire lifecycle.
PARAMETERS FOR MAKING DATA INTELLIGENT
Simply treating the symptoms of data loss is a losing battle. The protection for data must be infused into the data itself. To make it work in the real world, we had to deliver these key features:
• Embed the protection into the data itself – fully contained with no external dependencies. This is our key differentiator that changes everything. When we make the data intelligent, it does not need to rely on external protections. Data can go where it’s needed by the owner and remains within its owner’s control.
• Install true intelligence and interactive decision making into data itself. Static controls and rigid containment solutions have not worked because data, systems, devices, Cloud, the internet are all too dynamic to be completely predictable. Data needs the ability to assess its security on the fly, at all times, under any conditions, on demand.
• Remain agnostic to all layers and systems so that data will not need to rely on any given platform, device, application or operating system. It needs to work across all environments and operating models.
• Work everywhere, every time. While not dependent on any particular platform, application or hardware, self-protecting data needs to work anywhere it goes, no matter the destination, application, operating system, Cloud or data center. It has to be universally deployable and interoperable in any environment or application.
• Enable the data at its owner’s command to remove itself from a given situation. The owner needs the ability to retrieve it or revoke access wherever it resides. If the owner no longer wants the data accessible, the data must have the ability to revoke or remove itself from access – long after it leaves its owner’s possession.
• Allows the data’s owner to maintain control forever – no matter where the data goes. Data follows its owner’s commands, policies, and operational rules so it will remain safe even when the owner later changes permissions.
• Provide forensic capabilities in its logging and control, recording the complete lifecycle of its experience, from creation to usage to storage to destruction. Data needs to be able to provide its own proof of possession, custody and control. It needs to provide this information back to its owner for every copy or instance from anywhere.
.SAFE TECHNOLOGY: MAKING THE IMPOSSIBLE POSSIBLE
In simplistic terms, we developed a proprietary “wrapper” system using patented multi-key encryption technology. Our .SAFE (“dot-safe”) technology uses multiple encryption tiers:
1. Protects and encrypts data content, either individual files or groups of files.
2. Creates and applies policy and rulesets embedded into the “wrapper” of the data with more encryption – encompassing both the data and its encryption keys.
3. Encrypts the policy sets, making the data accessible only under the right conditions of geo-location, identity of recipients, specified devices or services or platforms, time/day access embargos, digital rights management….and any additional policies the owner applies.
We embed and wrap the data in multiple independent encryption layers and maintain the security and access modeling on multiple layers. No single layer can be compromised without triggering protection mechanisms in the surrounding layers. No single key can access the data unless all parameters are satisfied. If the owner chooses to change access permissions or revoke access completely from the recipient(s) at any time or wherever the data is stored, the owner simply revokes access using their originator key, making the wrapper inaccessible and locked, or even instructing a self-delete if desired.
Our architecture is designed around an API-powered solution for working with intelligent data. The APIs are designed to be easily incorporated into any software, firmware or platform, so any system can create and interoperate with intelligent data.
.SAFE PLATFORM: HOW WE MADE IT SECURE
Our wrapper technology is based on our patented multi-key system which is designed so that no single key can allow access to the data. The layered key access model provides a systematic approach for data to evaluate its safety and situation:
1. The data is now capable of geo-sensing and geo-fencing. This means that if the data is outside its approved location policies it will not allow any further interaction and delete itself. If effect, this makes data exfiltration practically and functionally obsolete.
2. Using industry-standard encryption controls, if the data assesses and approves its location granted by its owner, it will then proceed to confirm whether or not the recipient’s rights have been revoked or changed.
3. Using these same encryption controls, if the recipient is still allowed access, the data will unlock its policy models, and systematically process all of its rulesets to determine what it should do given its current situational status.
4. Finally, only when all other checkpoints are passed, will it then use another content key to allow access to the data.
Our service allows for policy checking, logging and event forensics, and data revocation controls. This service is designed and implemented in AWS Lambda API and other constructs which allow .SAFE-enabled data to check its controls and permissions from anywhere. Also, by using this model, the service is “serverless” and provides no opportunity for the service to be attacked by an external party.
If the data happens to be without connectivity, the default policy setting for the data is to “default safe and closed.” That policy can be modified by its owner to allow for “allowance time windows” or “conditional allowance.” For example, the owner can state “if the data checked itself in the last three hours, open,” or “if the data has no Internet connectivity, allow it to open on my own laptop, but not on my phone, and only at my home or office locations.”
FUTUREPROOFED AND BUILT ON COMMON STANDARDS
Our architecture is specifically designed to be futureproof in operations. It is inevitable that encryption controls and methods will be upgraded, and new methods like blockchain and quantum encryption will take hold.
Our technology is designed to use whatever CryptoAPI and controls that are on the device, platform, or OS that the data arrives on. It is also designed to have a “dual-stack” encryption model where the data can interchangeably use PKI and/or blockchain to encrypt, decrypt, and operate on all layers.
We do not modify the type or features of the original content. For example, if the owner has a Microsoft Word file, when everything is done, it remains a Microsoft Word file upon access. The technology is completely transparent and seamless to the data and application operations.
ECOSYSTEM ENABLING: ENHANCING OTHER CYBERSECURITY SOLUTIONS
Now that data is self-protecting, intelligent and self-aware, the next obvious question is, what does that mean to other cybersecurity technologies in place today?
Our solution is truly agnostic in that it can enhance or complement other software or platforms. We provide a whole new facet to the cybersecurity world, and the best security is always a defense-in-depth model.
Does .SAFE make other solutions obsolete?
As with all evolutionary technology, this is a game-changer in the world of technology in general and cybersecurity in particular. Evolution inevitably makes older technologies obsolete. However, Encryptics does work seamlessly to complement all other cybersecurity solutions and dramatically enhance their capabilities with all new data protection controls. We believe this new paradigm shift to be the foundation of a wholly new ecosystem of technology.
Obviously, security breaches will continue as long as they are successful in accessing valuable data. Implementing .SAFE technology protects that data if it is stolen or compromised.
Now you can share data without ever losing control of it.
We don’t stop security breaches – we just make data loss obsolete.