Industry: IT Industry.
Companies: Systems integrators, software and hardware vendors, resellers and distributors.
The origin of Cryptshare as a product was from due to the problems experienced by a technology customer dealing with key customers. Befine Solutions AG are a Systems Integrator with a very successful track record in completing large scale systems integration tasks for a wide range of customers. In the course of the projects a familiar problem was emerging: how could large files be exchanged between the project team and the customer and remain secure?
Information technology companies are often those with the most strict security policies, however they also have staff who know better than anybody else how to break those policies. To limit the size of data held in e-mail servers a normal policy would be to restrict the size of a combined e-mail and any attachments to it, perhaps to 10Mb or less. This would allow small attachments but not larger files. The small attachments may still be confidential.
Cryptshare compliments the existing encryption and security policy framework of the bank or Insurance company. Instead it provides an extra and complimentary way of dealing with the frequent ad hoc transactions between staff, partners and customers one or other of whom may be working outside this secure perimeter of the company.
Uses: exchange of support data (log files, database dumps), software updates
These types of exchanges have a number of common features.
- The files are quite large and written in a format that is outside the e-mail system (which is why they need to be moved in another way).
- The contents are confidential, often top secret, and so encryption is required and the addition of a further separated password channel is desirable.
- The company has an obligation to meet industry regulations on security and confidentiality.
- Either the recipient or the sender can be outside the normal internal framework of the company for the encryption and transmission of e-mail and data or both could be inside.
- The company needs to keep an audit trail of what was sent and a record of its receipt.
- The company wants to demonstrate that it is taking extra care to secure confidential information especially to customers, and so own branding is desirable.
- Some kinds of information are confidential but need to be sent in a secure way to multiple recipients, so mass distribution is commonly needed.
When interviewed to discuss the issues created by implementing solutions to solve these problems in financial sector companies a number of common requirements were identified; in ranked order of importance based on number of customers raising the issues:
- Usability: Any solution should be simple to use and easily available.
- Auditability: The solution must allow a record of transactions to be maintained.
- Policy management: The solution should allow policy rules to be met, and allow an interface to solutions such as anti-virus scanners.
- Large files: The solution should deal with large files, certainly greater than 1GB.
- Flexible deployment options: The solution should offer various deployment methods.
- Integration: The solution should be easy to integrate to other areas of security and policy.
- Customisation: The solution should have the facility to be customised.
Cryptshare meets all of these requirements in a cost effective and simple solution. Cryptshare is typically implemented in a customised form presenting the company's brand in a prominent manner; this is important as it demonstrates the company is taking extra care. The ability to encrypt the attachment and retain this inside a secure perimeter ensures that regulations are honoured and data cannot be stolen. A detailed audit trail is retained of who sent and received information and when this occurred.
The separation of password transmission from the notification e-mail provides an extra layer of security, especially if done by direct telephone contact where validation is very high and at no time has the bank had to provide an account, client software or access tokens to the recipient. Perhaps most important of all is that the entire solution is simple to use, easy to understand and is extremely cost effective. This is why Befine Solutions AG counts many banks, insurance companies and other financial services companies amongst its fast growing customer list all gaining significant value from using Cryptshare and its associated tools.
Â
