Smarter, more manageable encryption
While PKWARE solutions can be used to manage a variety of widely-used encryption key formats, including passphrases, X.509 certificates and OpenPGP keys, organizations can take full advantage of Smartcrypt's capabilities by adopting PKWARE's proprietary Smartkey technology.
Smartkeys take the place of passphrases and public-key infrastructure, allowing organizations to implement a secure, manageable solution for data protection across the enterprise. With Smartkeys, an organization can ensure that its sensitive data is protected against theft or misuse, while eliminating the risk that the company will ever lose access to its own data.
Strong encryption, simple workflows
Smartkeys use the strongest, most widely-accepted encryption algorithms available to encrypt sensitive data. They can be used to encrypt and decrypt data on user devices, file servers, and other locations, including cloud storage services.
Access to Smartkeys is determined by the organization’s encryption policies and the user’s role within the organization. Users may have access to several Smartkeys, and (depending on the organization’s policies) may also have the ability to create and share new Smartkeys.
How it works
Each Smartkey has three components: the session key, the asset key, and the access control list.
- The session key is a symmetric key generated by the Smartcrypt agent and used to encrypt the data. The session key is an AES256 key, providing strong protection for the underlying data.
- The asset key is a second AES256 key generated by the Smartcrypt agent. The asset key is used to encrypt all session keys associated with files controlled by the Smartkey.
- The access control list is a list of one or more users (designated by email addresses) that are allowed to use the Smartkey. User accounts can be integrated with Active Directory, and individual user devices can be managed via the PKWARE Enterprise Manager.
When encrypting a file, a user is prompted to select the Smartkey that will be used in the encryption process. The choice of Smartkeys determines which other users will be able to decrypt and read the file. A Smartkey can be configured for use by default in all of a user’s encryption activities.
Smartkeys are synchronized through the PKWARE Enterprise Manager to all user devices defined by the access control list. When the access control list changes (for example, when an authorized user is removed from the list), the asset key is reencrypted and redistributed to the remaining users on the list.
Types of Smartkeys
Smartkeys can be organized into four general categories. While every organization’s implementation will be tailored to meet its specific security needs and user profiles, most companies will use a combination of Smartkey types to obtain the right combination of data security and user access.
Community Smartkeys: Community keys are created using the PKWARE Enterprise Manager console and are owned by the company’s PKWARE security administrators. These keys are associated with security groups or individuals defined in the organization’s Active Directory and cannot be shared with users outside the company.
User-created Smartkeys: User-created keys are generated using the PKWARE endpoint agent on a user device or other IT asset. They can be created either by end users or security administrators and are owned by the users who create them. These keys can be shared with users outside the company.
Policy Smartkeys: Policy keys facilitate access to encrypted information by administrators, auditors, and automated processes such as data loss prevention scanning. PKWARE can be configured so that every encryption operation includes one or more policy keys in addition to the Smartkey selected by the encrypting user.
Private Smartkeys: Each PKWARE user has a private key in addition to any community keys or individual keys they can access. A private key can only be used to encrypt and decrypt data for the user who owns it and cannot be shared. Administrators have the option to configure PKWARE so that users are not able to see or use their own private keys.
No matter which type of Smartkey is used in an encryption operation, administrators can include policy keys to ensure that the organization will always be able to access an encrypted file, even if the user who encrypted it has left the organization.