Policy-Driven File Encryption Explorer is a technology that addresses security needs in file-based storage solutions and secure desktop needs. It enables protection of data-at-rest as well as data-in-flight, by providing policy-governed granular file based encryption.
Since the technology is file-based, it suits file-based storage solutions like Network Attached Storage (NAS) where the storage is accessed by the end client nodes using distributed filesystem or remote data access tools and where securing data at the client node by the owner of the data is a preferred approach.
The utility is policy-based which helps meet the security needs in Information Lifecycle Management (ILM) by facilitating granular management of data security. It allows end users and administrators to define policies over type, age, size, access and related attributes associated with the data and security requirement that needs to surround it.
Policy-Driven File Encryption Explorer allows you to identify files with specific content and secure them using different encryption algorithms. It supports user interactive mode as well as batch processing mode, which is vital for storage administrators securing large sets of files. The technology also features with report generation which can be used for security audits and compliance.
Policy-Driven File Encryption Explorer empowers the data owner to play a more active role in implementing the organizations security policies. Administrator/owner can generate policy based reports periodically or at will to check whether the data present is compliant to organization’s data security policies.
Highlights
- Ensures securing of data-at-rest as well as data-in-flight by leveraging OpenPGP for file protection, including file encryption, decryption, signing , verifying and optional file compression.
- Policy based. Allows administrators and owner of files to classify data and likewise enable data encryption polices. Provisions with interfaces to set generic polices which define which kind of file needs to be protected by which level of encryption, which kind of file needs to be signed, which kind of file needs to be compressed, and more.
- Enables user-defined constraints in each policy such as location, extension, hidden, read-only, size, age for the files and respective algorithms to be used for the encryption and digest -- thus meeting some of the ILM requirements. Allows various files attributes to be used for defining policies.
- Remote-location-aware. The tool indicates to the user to choose tighter security algorithm in such cases. The tool identifies files residing on mapped remote drives (generally exported by Network Attached Storage appliances) to facilitate higher level of encryption over remotely residing files, thus protecting data over insecure network.
- Provides facilitates to secure documents and files based on its actual content.
- Supports batch processing suitable for mass execution.
- Offers a reporting facility which can be used for security audits and compliance. Supports importing reports to Microsoft Excel.
- Integrated with auditing and logging facility to record all relevant file operation executed using the utility.
- User-friendly user interface. The user interface of the utility is explicitly designed as an explorer GUI which makes it consumable and highly user friendly. The UI has been designed with novice end users as well as storage administrators in mind. Securing files can be as easy as dragging and dropping them in the explorer.
- Based on open standards: Plugs-in open source OpenPGP library from Bouncy Castle Crypto APIs for exercising OpenPGP functionality. OpenPGP compliance ensures interoperability and facilitates securely sharing of data with trusted partners.
- Built on the Eclipse Rich Client Platform.
How does it work?
The technology is designed to work over OpenPGP standards. This helps interoperability across platforms and facilitates secure sharing of data with trusted partners -- which is a pragmatic requirement in the industry.
The current version of the technology plugs-in an opensource OpenPGP library from Bouncy Castle Crypto APIs to exercise the OpenPGP related modules.
OpenPGP is a widely used standard in the industry to meet privacy, integrity, and non-reputation goals. It supports digital signatures to ensure the ownership of the data as well as to help validate tamper attempts over the data. It further helps ensure that only owner controlled users can have access to the encrypted data making it independent of device level encryption facility. The utility derives all these OpenPGP benefits as it is built over it.
1 comment:
It felt good to see that people are still interested in this tool especially since its been long since released. Btw, I am the developer of this tool and do let me know how did you like this tool. Was just searching the places the tool has visited and reached this blog!!!
Thanks for recognizing this tool and spreading the word.
Post a Comment