InfoWatch CryptoStorage Enterprise

InfoWatch CryptoStorage - is a centralized protection of confidential information using cryptographic techniques in the process of storing and processing data within a unified corporate information system. This solution prevents unauthorized access to data directly inside the network, prevents loss of confidential data when transferring over the network, as well as protects data if the drive or laptop in which it is stored becomes lost.

Centralized security and management

Centralized server policy manager - InfoWatch CryptoStorage, allows you to define, configure and maintain policies for each user. Among the main functions of the Server policy manager are:

• storage of the information needed for the operation of InfoWatch CryptoStorage (lists of users and computers, policies, users designations, etc.);
• granting users certain rights to work with protected objects as you would in a network, both within and outside its borders;
• Collecting and storing information about user activities on client computers;
• collection and storage of information on secure objects;
• ensuring the rights of commission recovery.

Protected objects

InfoWatch CryptoStorage provides ample opportunities for information security. Cryptographic protection may be installed on any files and folders, as well as logical drives, including system and boot areas, and removable media (USB-drives, Flash-drives, memory cards for mobile devices, etc.). The solution also enables you to create a secure data repository - a specialized container file, which is limited only by the peculiarities of the OS or the size of the disk.

Online collaboration

In InfoWatch CryptoStorage you can protect not only the local computers, but also remote files and folders. Using the remote control console on the remote computer you can create a container file as well as protect the logical drives (including the - system and boot). The solution is compatible with DFS (Microsoft Distributed File System).

Differentiation of access rights

Definition of access to secure objects is possible in one of three ways: with a password, a private key or a public key certificate. At the same time access by multiple users is also possible. There are various ways to store private keys – in a file on any media, electronic switches and eToken or ruToken. Certificate management is carried out by the Certification Authority. The commonly used standards are supported - X.509 and PKCS.

Protection can also be installed on the folders and files located inside protected discs, including inside the container files, file containers, and can be located inside the protected folder. The depth of nesting is unlimited. Access to each object in such cases may also be delineated in a hierarchical manner.

User authentication

This is mandatory before starting work with any protected data. In the event that a boot or system partition on the hard disk is protected, then the user authentication is carried out before the operating system loads.

Reliable protection beyond the network

If it is necessary to work with secure objects outside of the company setting, then user is given a time-limited certificate, determining what already created objects can be worked on, and what objects can be created.

Restoring access to sensitive information

To improve the reliability of the protection each user of the solutions is given a unique private key. In the event of loss or unavailability of access, the encrypted data can be restored through the restoration committee, which consists of authorized users.

The functional role of the users of the system

InfoWatch CryptoStorage has defined several user roles with different rights for working with the system:

User - an employee who works with secure objects in accordance with specified security policies. A user's rights include the following:

• Protecting and creating container file on a local computer with a choice of encryption algorithms supported by the system, the owner of the object, and the authorized method of the owner of the object.
• Creation of secure objects on remote computers.
• Install / reinstall / unprotect background disks
• Identify methods of access for the owner of a protected object
• Access to secure facilities of any type

The owner of the object - the user that grants additional rights to determine who among the other users can work with the protected object. In addition to the rights of a normal user, the owner of the object has the following permissions:

• Organization of multi-user access to protected objects.
• Organization of a hierarchical system of data access
• Change the protection of the object (the encryption algorithm and/or key) and removal of protection from the object
• Secure remote administration of objects

Administrator - a person who creates the access policies to secure facilities for all users and exercises control over their actions. The administrator has no direct access to secure information. An administrator's rights include the following:

• Connection/deletion of users from the system
• Withdrawal of the public key certificate from users
• Analysis of user's work with confidential information
• Setting the user's rights for work with confidential information, to determine the location for each user's protected objects with which the user is allowed to work, as well as working times, specify the types of protected objects allowed to be worked on by the user, enable/disable the creation of new protected objects, removal of protection from an object; determining the persons having access to an object, use the remote console management; work with secure facilities outside the corporate network, etc.

Benefits

• Works in the offline mode
• Reliable protection in emergency situations - InfoWatch CryptoStorage will protect data even if the encryption process fails, including those caused by power failures
• Choice of encryption algorithms - InfoWatch CryptoStorage allows you to use the common encryption libraries (AES/128/256, etc.), and certified encryption providers like Agava using GOST 28147-89.
• Use of a personal unique secret key by each user of the system.