Active Cypher Versus Platform & Server-based File Encryption Products

IntroductionWith so many security products on the market offering encryption as either a product feature or an entirely separate product, it’s vital to understand how the many products differ to protect sensitive data. Through the course of Active Cypher’s product development, companies often ask how Active Cypher compares to specific products. We compared Active Cypher to others and eventually concluded that all other products are either – platform and/or server-based products. We have extracted several key features that set Active Cypher apart from all other file encryption products on the market today. Appendix A (attached) shows a comparison of Active Cypher encryption software with other platform & server-based file encryption products.

Active CypherActive Cypher is a 100% automated file encryption solution that protects every file on a company’s servers, at rest and in-transit. Using existing servers and software, Active Cypher requires no administrative overhead, no user involvement and is fully-integrated into the client’s existing Azure Tenant and Subscription. Due to its low overhead and automated installation process, Active Cypher can be installed in less than one hour.

How Does Active Cypher Work?

Active Cypher “piggybacks” on a company’s existing Active Directory file access permissions maintained by its information technology department. Because Active Cypher uses a company’s existing Active Directory, it allows the viewing of encrypted data by authorized users in the AD Security Groups to view and edit the data. Azure Active Directory, Multi-factor authentication, SSO, Device Management and Threat Analytics are fully supported by Active Cypher without the need for third party interface, proxy’s, servers or services, which eliminates the need for separate resource-intensive platforms.

Active Cypher is NOT a SaaS (Software as a Service) or PaaS (Platform as a Service). Rather, Active Cypher is a 100% client-deployed solution

with all database, security and key management functions deployed in the client’s Azure Cloud Subscription with client availability for oversight, auditing, scaling and continuity planning that is available to their own subscription. All identity, authentication and access control rights are handled by the Azure & Office 365 functions that a company already uses.

Active Cypher Deployment

Active Cypher is easy to install and is deeply-integrated within the Microsoft Server and Azure/Office 365 environment. Active Cypher easily integrates with cloud storage services like One Drive, Office 365, SharePoint, Drop Box, Box, Google Drive and others. Active Cypher is flexible and can be deployed on-premise, as a hybrid solution or as Cloud-only, within an hour. If a company is performing a “lift-and-shift” into Azure, Active Cypher is there protecting all company files. This means there is no need for implementation services, technical enablement programs or customer onboarding programs.

Platform-based file encryptionIt is understandable that on the surface, a person may believe that platform-based solutions and Active Cypher are similar. However, digging a bit deeper, the differences becomes clear. Let’s take a look at platform-based solutions.

What is a “Platform”?

A platform-based solution is oftentimes referred to as a “gateway”. Both platforms and gateways can be thought of as third-party cloud services (SaaS) where all of your company data that requires protection must first be sent to the platform to be protected and then sent back to the originating source. Most platform-based solutions require a separate database of users, groups, policies and permissions to be created, managed and synchronized. This system requires constant update and management time by a company’s information technology staff. Most platform-based solutions require expensive, multi-person consulting engagements to be performed before the installation and deployment

Phone: 866-606-9814 Go to: activecypher.com to learn more

Active Cypher Versus Platform & Server-based File Encryption Products

begins. This is necessary because a platform-based solution must operate between you and your data protection. This “man in the middle” technique creates network endpoints which must be identified, created and maintained. This enables the system to retrieve data from the servers and send it to their cloud platform to be protected and routed back to their servers before being sent to other users or shared remotely.

How Do Platform-based Solutions Work?

The platform is typically a centralized, vendor owned service provider that provides tracking, reporting, auditing, policy control and monitoring and originates from their own vendor cloud (platform). The platform requires administrative overhead to create and deploy policies, monitor and audit effective classification and the compliance of those policies with testing and the ongoing tuning and testing of the policies over time.

Platform-based Deployment

A platform-based solution is an external centralized platform with many connections, that need to be configured and maintained for both internal (to the client) and external endpoints (to cloud providers). As a result, tactical teams are required to architect, implement, deploy and support platform-based solutions. Some of the programs may include technical enablement programs, customer onboarding and adoption programs or have their own training programs. All these additional programs are presumably ongoing paid services as part of their onboarding and deployment programs – adding time and costs as well as leaving all files exposed to internal and external data breaches. Below we’ll take a look at how the two products differ.

Server-based File EncryptionServer based file encryption solutions are typically part of an overall suite of applications that are not built to be part of the existing network structure. Rather, server-based solutions must be “bolted onto” a company’s network with their own vendor specific, vendor created directories for user management, administrative consoles and utilities. This requires continued administrative and maintenance of systems, which are redundant for companies that currently run Active Directory on their network.

What is “Server-based”?

An easy way to identify server-based file encryption is to look at their installation. Server-based file encryption solutions require additional hardware including servers, appliances, applications, tools and consoles. A typical server-based solution is a “bolt on” to your current network rather than being deeply integrated within your existing network like Active Cypher.

How Do Server-based Solutions Work?

The server-based solution performs its file encryption and data protection running alongside your current network. This requires administrators to create a separate database of users, groups and policies in addition to the Active Directory Domain, which is the master source of users, groups

and policies on your network.From an administration point of view, server-based solutions are burdensome to both information technology managers and end-users. Server-based solutions require the distribution of applications, plug-ins and add-ons that must be distributed to end users and typically require installation into Office, Outlook and other applications along with the distribution of templates or policies. Even then there are no guarantees that users will adopt it into their workflow.

Server-based Deployment

Server-based solutions are the most expensive and complex to deploy; both as a capital expense and labor costs. A typical server-based deployment requires a lengthy pre-deployment engagement from the vendor. This pre-deployment engagement is so the vendor can decide how to integrate their solution into a company’s functioning network and identify “mounting points” for their servers, utilities, applications, tools and accessories.

The server-based deployment involves extensive information technology staff training to learn how to properly and efficiently manage another complex system in addition to the existing network infrastructure.A server-based deployment must also involve the end-users since most rely on participation from the end-users to understand how they must be protecting the company’s data. If left untrained or improperly motivated, the end-users can severely limit the effectiveness of the overall solution without 100% user adoption.

ConclusionActive Cypher, platform-based solutions and server-based solutions encrypt your data on premise and in the cloud helping companies with their compliance and security needs.

However, when you look closely at the three types of solutions, platforms are a centralized external solution, requiring a company to build around the platform’s needs. Server-based solutions require additional hardware, administration overhead, training, user adoption and monitoring. Active Cypher’s solution is deployed within a company’s existing Microsoft Server, Azure/Office 365 environment making it scalable enough to withstand the elasticity of company growth within enterprise environments.

When making these decisions, it’s important to ask... do you want to custom build a solution that may take weeks or months that may only keep your files marginally safe or a product that your company IT administrative staff can install in minutes, which is extremely secure and is deeply integrated to the largest software company in the world?

The choice is yours.

Phone: 866-606-9814 Go to: activecypher.com to learn more

Features Active Cypher

Platform Solutions

Server Solutions Impact

100% data at rest, data in transit encryption (end to end).

Files always protected

Integrated with existing Active Directory environment, with no third-party tools.

Leverages current infrastructure without need for additional hardware or software

Does not require platform based service with outside connections and integrations

Client’s data and keys are stored in Azure without need to connect to outside platforms or servers.

Strong multi-layered, multi-factor based, fully automated key management solution.

Removes the need for key management tasks.

Product Simplicity Active Cypher

Platform Solutions

Server Solutions Impact

100% deployed and running in under 60 minutes. Client is up and running the same afternoon. Platform and server deployments take weeks or months to complete.

Deployed to Client’s Azure/Office 365 Subscription. No gateway, platform or storage outside client’s own Cloud.

By deploying to a Client’s Azure Cloud directly, concerns of 3rd party eyes or mass exploits are avoided without need for building perimeter defenses around server based deployments either.

Use’s Azure Active Directory and Microsoft Compliance Manager for governance and reporting.

Leverages Client’s current investment in Microsoft network security products instead of brining in new platform or server technology.

No additional management for users and security. 100% based on Active Directory.

User management is an extension of Client’s exsisting infrastructure without maintaining additional users, groups, and security policies outside the existing infrastructure.

Product Complexity Active Cypher

Platform Solutions

Server Solutions Impact

No extra costs, manpower, training or time involved. Tactical team required to architect, implement and deploy adding weeks or months to deployment.

All encryption is performed on-premise. All Keys, data and traffic are contained within customer’s own network, Azure & Office 365 subscription.

Client data must flow from their servers and workstations up to the cloud platform to be encrypted and back down again. This creates an additional network on top of the Client’s exisiting one, making for a more complex solution often subject to slowdowns during peak periods of usage.

File access analytics, security policies and governance integrated with Active Directory.

Requires technical team, training and costs to ensure external policy and governance requirements are being met.

Administrators manage users, permissions, and policies in Active Directory.

User management is external and redundant to the Client’s existing infrastructure adding cost, complexity and possibilities for errors. Creates additional work for administrators and possibility for errors in security with multiple redundant systems.

Does NOT require additional servers, consoles, or applications.

Additional servers, consoles and applications add cost and burden to current staff to manage the added complexitity and admin duties.

Does NOT require additional staffing. No new overhead costs for ongoing operations of the servers.

Team required for ongoing operations of the servers in Client’s environment.

Key Management And Security Active Cypher

Platform Solutions

Server Solutions Impact

Keys Stored in Client’s Cloud Piece of mind knowing your keys are not stored/managed in someone else’s Cloud or server.

Hands-off Key Access All aspects of Key creation, access, rotation and revocation are handle automatically without any administrator or end user involvement or knowledge.

Automated Key Rotation Key rotation is built into the automated session key management. Rotation frequency can be adjusted by Admin.

Key Security - SAS, HMAC, x.509, with an outer tamper-proof wrapper of AES 256

Sleep well knowing advanced key protection, storage and transport techniques are being performed in the Client’s Azure Cloud, not in a 3rd party’s cloud.

Encryption technology that exceeds current standards with bit-shifting, streaming cipher protocol instead of AES.

AES (Rijndael) is slow and has difficulty with large files of all types. There has been a lot of skepticism regarding the longivity of AES (Rijndael) with the approaching Quantum Computer era.

Active Cypher vs. Platforms and Hardware Solutions

Phone: 866-606-9814 Go to: activecypher.com to learn more

The Server-based File Encryption Solution

Phone: 866-606-9814 Go to: activecypher.com to learn more

The Platform-based Solution

Phone: 866-606-9814 Go to: activecypher.com to learn more

System Requirements

Server• Windows Server 2008 R2 through Windows Server 2016

Operating System• Windows Vista through Windows 10 Professional

Subscription• Office 365 or Azure Tenant with Subscription for Domain synchronization

The Active Cypher Solution

Phone: 866-606-9814 Go to: activecypher.com to learn more