Product Brief Circles of Trust www.cryptomill.com
product overview Circles of Trust is an enterprise security software system that eliminates the risks associated with data breaches from a hacker attack on network, cloud (any cloud), or emails, as well data leaks through lost or stolen devices. Simple Workflow 1. Create a Circle 2. Add members and folders 3. Share files through any means Only members can access protected documents OVERVIEW Using CryptoMill Trust Boundaries technology, data is cryptographically bound to a select group of users and devices. Circles of Trust employs folder-centric file encryption to provide an intuitive trusted-circle document sharing capability. The application encrypts files in a user s specific folders, protecting each one within a Circle of Trust. Once protected, the files can be shared and used by only members of the Circle. If a protected file ends up in the wrong hands (a non-member), it is unreadable and unusable - it stays protected and cannot be decrypted. Circles of Trust supports all file formats - no plugins required. It offers central management, multiple device sync, mobile device readers and protection of cloud storage. Circles of Trust security capability is API-driven and can be integrated with existing business processes. Encryption can be automated so that any time sensitive data is exported, it is protected. You also have the ability to revoke access to any files anytime, anywhere. Key features Prevents accidental data breaches Protects data in the event of loss or theft Seamless and transparent protection Secure and easy group sharing Online administration for ease of management across company systems Security Highlights File-level security Stays secure even in cloud storage Strong encryption using government-standard AES cipher Benefits Secure group for sharing Set expiry for documents Track documents Revoke access to documents Seamless and transparent No interruption to workflow No additional passwords can have a Circle for each client. client A client B client C p1
technology Circles of Trust utilises CryptoMill s unique technologies to ensure the highest standard of data security. zero overhead key management benefits Our Key Management eliminates the need to store millions of keys. Keys are recomputed as needed based on environmental components. Mobility friendly - fully functional when disconnected from the office A built-in secure erase feature exists Scalable - secures any number of files, on multiple devices Reliable - always recover access to encrypted items trust boundaries Cryptographically-enforced organizational perimeters limiting which people, PCs, mobile devices and storage can share protected data. benefits Data Protection - Privacy is always preserved by encryption Prevents Internal Breaches - data can t be decrypted outside of a Circle Easy Group Sharing - automatic access to data within a Circle TECHNOLOGY absolute data protection benefits Circles of Trust files remain encrypted regardless of where they are stored. As a result, a user can safely store and view data at any time. File Level Security - Circles of Trust encrypts each individual file Security Everywhere - Remains encrypted on a computer, in the cloud or on mobile Seamless and Transparent - Allows user to access files with their default program p2
features central management protected cloud storage FEATURES Circles of Trust gives administrative powers to the company s core, allowing for easy management of employees access levels using the CoT Management Console. Furthermore, each user can be given the ability to efficiently carry out commands within their created Circles such as: Instant Invitations: New Circle members can be invited immediately Recovery: Circle data can be retrieved from any member Revocation: Excluding a member is easy Logging & Reporting: Audit trail for sensitive operations (Administration only) on premises key control Cryptographic keys are kept on the customer premises - not in the Circles of Trust Management Console. This ensures only the user s organization has access to the keys and data. revocation A user can be revoked from a Circle at any time by an administrator, or the owner of the Circle. Once revoked the user will no longer be able to access the protected data. A file protected by a Circle can be sent through cloud storage providers without losing its encryption, and it will still be accessible only to the designated members of the Circle. Circles of Trust supports the following cloud storage providers: DropBox Google Drive Apple icloud multiple device sync User devices will be synced to their account, allowing for access to all of their Circles on any device. Any Circle related changes made on a user s device, result in an instant update to all of their other devices. mobile device readers logging and reporting Circles of Trust collects detailed logs of events providing audit trails on user activities relating to Circles. Circles of Trust is supported on Apple products using ios, Android devices, and Windows phones. This allows the user to have on-the-go secure access to all their protected data along with management abilities. p3
recovery time expiry With the on-premise Key Management Server User, administrators or business processes (KMS)deployed in the enterprise, recovery of can specify the time duration for which Circle access to data is always available, and only in members have access to the data. Time expiry can the hands of the organization. Data is always be applied to individual files, or Circles. After the accessible by the organization from where the set time period, the member will no longer have Circle originated. access to the protected data. This applies even if they had previously downloaded a copy. accessing encrypted assets Trust Edit (Level 3) Trust View (Level 2) Web View (Level 1) Full Install No Install No Download Edit and Collaborate Sandbox Viewer Access through any browser No Export, No Screen Capture data-at-rest for servers - RAD@R DATA-AT-REST / ACCESSING / FEATURES RAD@R provides data-at-rest encryption to protect digital assets residing on servers. Uniquely, RAD@R also provides data-in-use protection: defending against attacks, remotely or locally, on back office servers & storage. RAD@R provides transparent decryption services for server applications, without impacting functionality such as indexing, preview generation, etc. RAD@R sits just underneath DMS middle tier, In between DM manager & document storage system. At-rest / in-use encryption for live data on application servers Only authorized server processes can access protected data Data loss prevention from any unwanted intruder or rogue administrator Existing server functionality preserved and unchanged (e.g. search & indexing) p4
on-premise key management server The On-premise KMS is an ideal way to boost productivity with Circles of Trust while still keeping a tab on security. All your secrets stay safely under your control, you are guaranteed that security will not be compromised through any cloud-targeted attacks. ARCHITECTURE / ON-PREMISE KMS The on-premise KMS (deployed in your organization) provides instant onboarding of new Circle members, and instant provisioning of new devices for existing members. It is your own private data security component, providing secure cryptographic key exchange to people that are granted membership into the Circles. It is designed with a fail-safe switch which automatically locks down all persisted data to secure format the moment it loses power. This enables system-wide backup capabilities to be safely applied and makes theft of data through physical attack virtually impossible. architecture Enterprise Network benefits Detailed logging and reporting for auditability and traceability Makes the key material available for synchronization between users devices Instant on boarding for invited users even when Circle owner devices are offline Enables enterprise-wide recovery Integrates with Microsoft Active Directory CoT Client AD Server KMS (CoT Key Mgmt Server) CoT WebView Server CoT Management Console secure communications facilitator CoT Client CoT Client Inside the Enterprise Firewall benefits No keys or documents stored in the CoT Management Console On-premise KMS provides instant onboarding and recovery Web based Managment Console supports multiple administrators within the organization Supports multiple user device platforms p5
additional value cryptographic access driven secure cross border sharing The components of a key are divided among three environmental contributors: Circle members Circles of Trust credentials The protected data If any of these components are missing, access to the file is prevented. With Circles of Trust, working as a team has never been easier. Ad hoc groups can be formed easily and files can be safely transferred through any means, whether it is by USB, email, or a cloud folder. seamless access to protected files folder-centric classification Circles of Trust works well with the user s existing folder structure making it simple and intuitive to understand. An end user can easily and naturally classify data based on the regular organization of files. cloud file protection Circles of Trust works with any file type and provides protection at the file system level. The seamless and transparent experience is based on virtualized access to encrypted files. ADDITIONAL VALUE Secure data sync to the cloud allows a user to easily share a protected file across all of their devices. Even if a user s cloud storage account is hacked or accessed by an outsider, the protected files that have been uploaded cannot be decrypted. supports consumerisation Circles of Trust is a light footprint, compact software solution that works well with federated ID, resulting in minimal IT management. Its compatibility with multiple devices per user as well as mobile platforms allows it to integrate efficiently into any work environment. p6
benefits time expiry & revocation secure group sharing BENEFITS data protection everywhere seamless & transparent no interruption to workflow no additional passwords p7
use cases control over shared assets Jennifer sends a project file for review to Ken, who is a partner at an external agency. Ken at the reviewing agency can only view the project file preventing unauthorized copying and sharing. View Only Copy Jennifer Ken Jennifer Ken WITHOUT CIRCLES OF TRUST WITH CIRCLES OF TRUST USE CASES secure data sharing in the cloud Gene shares her sensitive design data with Hank who works at a specialty manufacturer via the cloud. A network / cloud hacker gets unauthorized access to Gene s account but is unable to read her protected data. Hank Hank Gene Hacker?! Hacker Gene WITHOUT CIRCLES OF TRUST WITH CIRCLES OF TRUST p8
accidental data breaches via email emails a confidential project proposal to Bob Barker instead of her manager Bob Baker. Circles of Trust prevents Bob Barker from reading the Circles of Trust protected files attached to the email.?! Bob Barker Bob Barker USE CASES Bob Baker WITHOUT CIRCLES OF TRUST WITH CIRCLES OF TRUST Bob Baker lost usb drives misplaces a USB drive containing sensitive client data at work. Eve finds the USB. Eve cannot access any Circles of Trust protected files on s USB drive.?! Eve WITHOUT CIRCLES OF TRUST Eve WITH CIRCLES OF TRUST p9
about CryptoMill Cybersecurity Solutions is an innovative security software company, with disruptive technologies that address security and privacy related issues from the edge to the cloud. CryptoMill suite of security software products eliminate the risks associated with data breaches from a hacker attack on a network, cloud (any cloud), email, as well as data leaks through lost or stolen devices. contact CryptoMill Cybersecurity Solutions Suite 301, 100 Front Street East, Toronto, Ontario, Canada, M5A 1E1 Toll free: (855) 441 4333 T: (416) 241 4333 ext. 101 F: (416) 241 4333 E: info@cryptomill.com connect with us YouTube: http://www.youtube.com/user/cryptomilltech Facebook: https://www.facebook.com/cryptomill Twitter: https://twitter.com/cryptomill LinkedIn: http://www.linkedin.com/company/cryptomill-technologies ABOUT sales contact E: sales@cryptomill.com v 3.3 p10
Product Brief www.cryptomill.com