Keep data safe from unauthorized use, even in the cloud
Every year, organizations shift more of their IT workload to the cloud, taking advantage of the flexibility and cost-effectiveness it provides. However, along with its many benefits, cloud computing introduces a variety of new threats to sensitive data.
Cloud locations—unprotected by firewalls or other network safeguards—are easy targets for hackers who have stolen employee credentials. Files in the cloud are also vulnerable to unauthorized use by insiders with access to the cloud location, as well as attacks against the cloud provider itself.
Personal cloud accounts represent an even greater risk. Many employees sync their work computers to their personal storage accounts, copying hundreds or thousands of files to locations that their employers cannot see or control.
While many cloud services now offer encryption capabilities, they often leave the encryption keys (and as a result, control over the data) in the hands of the cloud provider, an unacceptable compromise for organizations who need assurance that only authorized parties can ever access their data.
Meaningful security in the cloud
PKWARE’s Smartcrypt enables policy-based data protection in the cloud, allowing organizations to maintain control over sensitive data, no matter where it travels. Smartcrypt’s integrated discovery, classification, and data protection capabilities give administrators the visibility and flexibility they need to keep data safe from unauthorized use, even outside the company network.
Smartcrypt agents can be installed on file servers, desktops, laptops, and mobile devices that are used to access cloud locations. Based on the organization’s security strategy and business needs, the agents can protect data in a variety of ways:
- Encryption before syncing: Unlike other products that only protect data in certain locations, Smartcrypt applies persistent encryption that remains with data no matter how many times a file is copied or moved. Smartcrypt’s data discovery feature can be configured to monitor servers, laptops, and desktops for the presence of sensitive data, and to initiate encryption as soon as a file containing sensitive data appears. Files copied to the cloud (and any copies made from them) remain encrypted, preventing access by unauthorized users.
- Quarantine: When files containing sensitive information are saved in inappropriate locations (such as folders synced with unsecured cloud accounts), Smartcrypt can move the files to a predefined location in accordance with the organization’s security policies.
- Automated deletion: Certain information may be considered too sensitive to be stored outside the company network. Administrators can create detailed discovery policies to detect specific types of data or text strings, and to delete files containing the information when they are moved to locations that are synced with the cloud.
- Data masking:In addition to encrypting, moving, or deleting files, administrators can create scripts to mask certain data within files before the files are moved to the cloud.
Secure cloud-based data exchange
Many organizations use cloud-based storage services as a mechanism for sharing data with partners, vendors, and customers. With Smartcrypt, companies can encrypt files before they are saved to a shared location, and use PKWARE’s cloud-based key management capabilities to grant access to the files without the need for complicated key exchange processes.
PKWARE’s Smartkey technology lets organizations grant and revoke access to encrypted data quickly and easily at any time, simply by adding or removing users from a Smartkey’s access control list. Recipients can use the free Smartcrypt Reader to access files that have been encrypted using Smartkeys, even if their own organization does not use Smartcrypt.