Encryption Technology Comparison

Vaultive’s encryption technology is new and unique, and it is sometimes confused with other solutions.

Just like matter, data exists in three states: in motion, at rest and in use. In order for enterprise data to be secure, it has to be protected in all three states. If the data is not encrypted in use (i.e., while being processed), it is exposed and therefore, vulnerable.

While legacy best practices called for encryption of data in transit and at rest, current guidance from the Cloud Security Alliance (CSA) calls for implementation of encryption in use when data is hosted and processed in cloud computing environments. The guidance further notes that the customer, not the cloud service provider, is responsible for protecting its data.

Retain control of your data through pre-cloud encryption and key ownership

It is a simple fact that the person or entity that controls and manages the encryption keys has effective control over the data. Therefore, a critical consideration when implementing encryption technology is who controls and manages the encryption keys. If a cloud service provider, such as Microsoft, holds the encryption keys, the customer by definition is no longer in control of their data. This is why separation of controls for key management is a critical element of virtually all regulatory guidance for cloud data governance, as well as cloud security best practices.

Enterprises must retain direct control of their encryption keys in order to:

  • Maintain their responsibility for compliance requirements for adequate data protection safeguards
  • Meet data residency and privacy regulations for data in the cloud
  • Respond directly to government and law enforcement subpoenas for cloud data
  • Implement best practices for securing and governing cloud data

The following table compares Vaultive’s encryption technology with other common solutions.

Vaultive Persistent Encryption
Traditional Encryption
Enables data to remain in encrypted form throughout its lifecycle, whether in-transit, at-rest or in-use, but still allows for comprehensive application functionality and support for dynamic operations. Data encrypted using legacy encryption must first be decrypted before operations can be run on that data. The act of decryption leaves the data exposed and vulnerable.
Vaultive Persistent Encryption
Point-to-Point Encryption
Persistent encryption is applied to 100% of all the emails in a particular mailbox without any user decision making or action required. Vaultive encryption is applied seamlessly in the background as data passes through a network-level proxy. Neither senders nor recipients are aware that the data has been encrypted and the user experience is unaltered. Requires users to determine which emails should be encrypted and then take specific actions to encrypt the data. Similarly, recipients have to take a series of steps to decrypt the data for it to be readable. Vaultive can complement policy-based encryption for in-bound and outbound message transmission, delivering an end-to-end implementation for email security and governance.
Vaultive Persistent Encryption
Tokenization
In order to enable dynamic operations on cipher text, Vaultive’s intelligent encryption makes use of logic developed to manage data for specific services and applications. To do so seamlessly, Vaultive parses and proxies all applicable protocols for the application in question in conjunction with a deep understanding of the service design and functionality. Tokenization involves replacing a value that is not required for an operation with an arbitrary value, typically in order to reduce the scope of compliance mandates related to data such as Social Security numbers, credit card details or patient records.