Insiders pose a substantial threat by virtue of their knowledge of, and access to, their employers’ systems and/or databases. Insiders can bypass existing physical and electronic security measures through legitimate measures. The use of security-gateway does not address insider threats, and in fact may increase its risk, since the gateway receives the user’s data in cleartext before applying its security algorithms.

CloudMask encrypts users data at the moment of its creation using their own certificates. The data is never in clear at any place except in the user access point – desktop, or mobile device. As a result, malicious insiders which may have network access, or even administrative privileges, do not have access to the cleartext data at any point in time.   Learn More

Organizations’ existing security frameworks do not easily extend into cloud applications. Inconsistencies in Authentication and Authorization across different processes introduce vulnerability that can be exploited by attackers.

CloudMask offers certificate-based single-sign-on and data protection across unlimited number of applications. In doing so, it adheres to the organization’s security policies and established framework, irrespective of the delivery mechanized, on public cloud or private cloud.

In addition, CloudMask enables organizations to set fine-grained access controls. These controls restrict sharing and group access of particular data depending on the application, type of data, and the role of the creator.

As a result CloudMask helps in achieving a single organizational wide security framework that works consistently across the different applications while enforcing fine-grained access controls.

CloudMask tokenizes and encrypts users’ data at the moment of its creation, well before it leaves their machine. The Cloud Application receives meaningless data that has no mathematical relation to original user data. Unlike standard encryption algorithms, the tokens are compatible with the application data requirements and do not break its functionality.

As a result, threats of data leaks/loss – through unauthorized access, or hacked accounts – are eliminated without disrupting the Cloud Application functionality.

When examining security solutions, clients need to examine the certifications that have been awarded to the solutions provider. For obvious reasons, claims cannot be taken at face value. Certification is the only proof that the vendor claims are checked according to a published standard that the client can rely on and that the tests have been performed by a trusted third party.

Any Data Protection service will have two major elements:

1. The Crypto engine; that is responsible for encrypting the data according to a mathematical formula. The Federal Information Processing Standard (FIPS) Publication 140-2 is one of that provide certification that covers this element.
2. The Solution integrity; this represents the end-to-end solution processes that include handling of data before and after encryption, key management, code protection, event handling, etc. The Common Criteria for Information Technology Security Evaluation (CC) is the main international standard (ISO/IEC 15408) for end-to-end computer security certification.

More than 95% of security attacks target the process deficiencies and the leakage between the different modules not on the crypto engine.

CloudMask received the Common Criteria Certification that managed by the Canadian Communications Security Establishment (CSE). CSE is Canada's national cryptologic agency. The assurance lab that has conducted the test for CloudMask is Computer Sciences Corporation (CSC), an American multinational corporation that provides information technology (IT) and professional services.    Learn More