Encryption: The passive protection difference
Of all the tools in an organisation’s security arsenal, encryption technology may be the one that is a little overlooked.
Encryption was once reserved for functions and sectors that were very regulated and/or that deal with a lot of highly sensitive and highly confidential information like in defence departments and ministries, as well as finance institutions and very large corporations.
But encryption is slowly expanding its realm, and some vendors even want to position themselves everywhere encryption is possible – network-attached storage, storage area networks, servers, USB drives, and soon, cloud storage.
Prim’X Technologies, a French-based security provider, is a pure-play encryption technology player that targets medium to very large organisations.
Its founder and CEO Serge Binet pointed out, “Our solutions are software-based, not hardware-based. They are not made by geeks, but are intended to provide security and encryption at very high-level and to be deployed everywhere in the organisation.”
Sure enough, in its portfolio of customers are very large European companies like Safran Group, Renault, state agencies, big telcos, critical infrastructure owners and more.
Two customers which speak to the credibility of Prim’X’s solutions are ANSSI, the French National Security Agency and Thales, an armament system provider among other things, which itself is in the business of securing states, banking transactions and critical information systems.
Binet explained, “Thales is using us because we are transparent and seamless.”
Binet posed the question that may be lurking in every security chief’s mind: how do you rely on thousands if not hundreds of users to classify sensitive documents?
Ideally, a security chief would drive the security posture within the organisation with organisation-wide security policies, which in turn determines the classification of data, as well as who would have access to what.
“Our vision is to encrypt everything… we must be able to encrypt globally and not just the hard drive,” Binet said.
This is something that Prim’X calls the globally encrypted environment; users only need to provide their access key, to work in this environment without necessarily knowing that everything they do, is being encrypted because it is automated and running quietly in the background.
Binet described this as, “The best user experience which is, no user experience.”
It is also what Prim’X’s ZoneCentral solution proposes to do, as it encrypts user profiles and all their workspaces, on the internal network.
In close collaboration with ANSSI, the French Interior Ministry are deploying ZoneCentral and Prim’X’s Cryhod solution across the Ministry’s entire installed IT base.
These solutions are used in tandem with Ministry-issued agent cards, to enable data encryption against theft, espionage and restricted authorised user access.
But, a truly globally-encrypted environment has to take into account the work that mobile employees have to do beyond their company perimeter – external emails, cloud storage, removable storage media, and so on.
Addressing these scenarios, would be Cryhod, a solution that encrypts hard disks and removable media, while ZonePoint encrypts Microsoft SharePoint document libraries.
In October, Prim’X will launch Orizon, an encryption solution for cloud storage repositories and also project data rooms. It will be available for Windows, iOS and Android. Versions for Linux and Mac will arrive early next year.
Why encryption at all?
Prim’X views encryption as a means to manage the right to understand (data) within an organisation. It enables internal segregation, because not all data is meant for all eyes, a concept which is becoming very challenging given current environments which replicates files and encourages backups of data.
How does one manage the possible information leaks?
Binet opined, “Encryption is the passive difference. With active protection like firewalls, antivirus and intrusion prevention solutions, it is always a race between finding vulnerabilities and finding patches.
“With passive protection, there is nothing to ‘kill’ to remove it. Encryption is a cybsersecurity preventive measure.”
He also viewed that this is the reason why the French state decided on a global license for encryption, and not for antivirus or firewall solutions.
“Encryption is the last barrier,” he concluded.