Key management is one of the most critical activities in ensuring that a security system is successful. With CloudMask, the user has exclusive access to their keys.
CloudMask relies on Identities, based on asymmetric key pairs, to authenticate, encrypt, and sign data. A single user may have one or more Identity, typically with a dedicated Identity for mobile devices. Watch Video
While CloudMask integrates with Certificate Authorities (CA) to manage these Identities, organizations do not require a CA in order to use CloudMask. In such cases, CloudMask transparently uses the cryptographic engine to generate and manage asymmetric key pairs for its own purposes. Accordingly, three models of Identity management are supported:
1) Enterprise On-Premise CA, where CloudMask integrates with the organization's existing on-premise Certificate Authority.
2) Managed PKI, where CloudMask integrates with leading managed PKI offerings such as Entrust and WiseKey.
3) Built-in Identity Management, where CloudMask generates and manages asymmetric key pairs for each user Identity.
Not all tokenization and encryption algorithm are created equal. Common tokenization algorithms apply a deterministic algorithm (at least partially) which can be used by attackers to deduce information about the users’ data. Instead, CloudMask patent technology applies random tokens which have no mathematical relation to the original data. The actual data is then encrypted using user’s certificate and never sent to the Cloud Application.
CloudMask patent technology provides Dynamic Data Masking (DDM) that masks production data in real-time.
Given that the encrypted data does not need to conform to restrictions formatting/length restriction that may be imposed by the Cloud Application, there is no restriction on the strength of the encryption algorithm. CloudMask supports leading FIPS-compliant encryption engines and users may configure CloudMask to use the desired encryption library along with applicable algorithms parameters. Learn More
Insiders pose a substantial threat by virtue of their knowledge of, and access to, their employers’ systems and/or databases. Insiders can bypass existing physical and electronic security measures through legitimate measures. The use of
CloudMask encrypts users data at the moment of its creation using their own certificates. The data is never in clear at any place except in the user access point – desktop, or mobile device. As a result, malicious insiders which may have network
Organizations’ existing security frameworks do not easily extend into cloud applications. Inconsistencies in Authentication and Authorization across different processes introduce
CloudMask offers certificate-based single-sign-on and data protection across
In addition, CloudMask enables organizations to set fine-grained access controls. These controls restrict sharing and group access of particular data depending on the application, type of data, and the role of the creator.
CloudMask tokenizes and encrypts users’ data at the moment of its creation, well before it leaves their machine. The Cloud Application receives meaningless data that has no mathematical relation to original user data. Unlike standard encryption algorithms, the tokens are compatible with the application data requirements and do not break its functionality.
As a result, threats of data leaks/loss – through unauthorized access, or hacked accounts – are eliminated without disrupting the Cloud Application functionality.
When examining security solutions, clients need to examine the certifications that have been awarded to the solutions provider. For obvious reasons, claims cannot be taken at face value. Certification is the only proof that the vendor claims are checked according to a published standard that the client can rely on and that the tests have been performed by a trusted third party.
Any Data Protection service will have two major elements:
More than 95% of security attacks target the process deficiencies and the leakage between the different modules not on the crypto engine.
CloudMask received the Common Criteria Certification that managed by the Canadian Communications Security Establishment (CSE). CSE is Canada's national cryptologic agency. The assurance lab that has conducted the test for CloudMask is Computer Sciences Corporation (CSC), an American multinational corporation that provides information technology (IT) and professional services. Learn More