KEEP YOUR
INFORMATION YOURS

1. User Experience

2. Data Leakage

3. Data Encryption

4. Device Access and Control

5. Policy Configuration, Deployment & Enforcement

6. Integration and Interoperability

7. Device Constraints & Performance

8. Device Loss or Theft

ISSUE: Data Encryption

DESCRIPTION

Encryption involves the scrambling of information in such a way that it cannot be read by anyone without a key but can easily be read by those with the key. Unfortunately, encryption takes time.  What is encrypted, and how the encryption is managed can have a significant impact on device performance. Encryption approaches that are accepted by users will be undertaken in a non-intrusive manner - minimizing any negative impact on the user experience. 

Today, most implementations of encryption perform full disk or user dependent folder based encryption.  Full disk encryption (FDE) unnecessarily encrypts files that are publicly available (OS, applications, etc.) - FDE is inefficient.  Busy mobile users will not appreciate unnecessary time delays.

Maintenance or recovery activities on a FDE device will expose the full contents of sensitive information to entry-level maintenance staff that can increase potential breach conditions.

Folder based solutions leave users deciding what or when to encrypt, thus raising the probability that information might be left unencrypted due to expediency. 

 

PacketDNA Solution

The philosophy behind PacketDNA’s approach to encryption is: only encrypt what needs to be encrypted, when it needs to be encrypted - with no effort by the user.

Our Context Smart Encryption Management provides a granular control of encryption.  Based upon security policy, our system determines whether a file is encrypted or not depending on file type, storage destination, and connection medium.  For example, security policy may specify that only MSWord files saved to a removable storage device are encrypted; but not when the same files are saved to an internal drive.  

In one operation, Secure Receptor™ not only gives control of what and when encryption is to be applied on the fly; it compresses the encrypted file as well. Compression results in smaller files for archiving and transmitting – this is particularly important over limited bandwidth networks, such as wireless links.

Secure Receptor implements AES 128 bit encryption as the default that can be easily modified to longer key length AES (192 or 256) or an alternative encryption module.

Secure Receptor™ delivers the ability to dynamically apply alternative policy based upon the connection medium status (standalone, wireless or wired).  For example, a different encryption policy can automatically be applied in a public hotspot versus a corporate network.

Our approach to encryption means that selected data is always automatically protected:

• Unlike folder-based encryption, we remove user decisions regarding what and when to encrypt
• Unlike FDE systems, maintenance related security issues are resolved; reactivation of a locked device does not require technicians gaining access to all device files

 

COMMENTS / BENEFITS

Secure Receptor™’s encryption implementation delivers improved security effectiveness due to:

• Encrypted files are always protected on the device, over-the-air, and back on the server
• All encryption is driven by a security policy – users have no ability to circumvent the policy
• Policy is easily and consistently configured and deployed for multiple device platforms
• All device encryption operations are logged and reported for compliance purposes