Limitations of Current Data Security Softwares
To transmit sensitive data in a secure manner, encryption is the most reliable solution in current scenario. It protects the data to some level, however it can’t prevent:
- Unauthorized sharing of encryption keys
Data once decrypted is converted to Readable form & this data can be copied, shared, printed or distributed on any other system over unauthorized network or by unauthorized user. Encryption alone doesn’t enforce “Security policies” for how the data is to be used. Therefore, a need for advanced data security technology was felt.
Introduction to Vcrypt: Next generation data security software
Vcrypt offers inhouse encryption mechanism with security features that can be defined by the owner of application. Many levels of authentication or security layers can be added with customization from user’s end to ensure that data isn’t shared over unauthorized network or by unauthorized user. Also, data is available in readable form only during runtime. Otherwise, it’s always in encrypted form.
Case Study: Challenges faced by IT industry & need for Vcrypt software
Case 1: Most of security solution provided by application vendors to stop external attacks only but not internal attacks (example - MDB database provide password mechanism, but internal person knows about it, so it is not a secure way).Company’s Internal person can leak the data (data files as well as passwords). When an employee leaves a company, he can steal the data by storing it on any of the mediums available like copied to USB storage/email/instant message, take a printout, stored locally on CD or laptop etc. Eg: Bollywood/Hollywood movies leak before their releases.
Solution: In order to control enterprise data leakage(from within the company), eDRM (Enterprise Digital Rights Management) is the perfect solution. Vcrypt software makes use of eDRM features.
Access to Data is controlled by tracking:
Who copied the data & where(device, Network address) :
Vcrypt user can choose the recipients of data & network in which the data will be accessible.
How data was taken( Edit, Save, Print, Copy) :
Vcrypt user can define/set the behaviour of target application in case the recipient selects an action like : edit/save/print/copy. User can restrict the recipient to perform those actions on the decrypted file.
When data was transferred (Period) & to how many people :
Vcrypt user can keep track of date/time of sending data & to number of people.
Protecting all documents by defining file types :
Vcrypt user can select the file types for docs that are to be shared. Recipients will be able to access docs of defined file types only. Also, Vcrypt user can define his own file extensions to protect docs from hacking.
Rights are with the Seller & can be revoked once contract period is over :
Vcrypt user can share the data with the recipient for a predefined period & once this period is over, all rights to access the data can be taken back by the Seller.
Eg: Vcrypt user has shared a source code with the recipient for a predefined period. At any point of time, the recipient is working on the snapshot of source code with permissions as assigned by the owner of source code. Once that period is over, the rights to work on the source code can be taken back by the owner/seller of cipient will no longer be able to access the source code.