products solutionssupportpartnerspurchasecompany

   

 

AirZip FileSECURE employs a range of security features to prevent unauthorized use of electronic files and documents. Each secured file will be protected by many or all of the following:

  • Strong Encryption. FileSECURE secures all files using AES256 encryption Ė strong enough to be authorized for securing Top Secret documents by the U.S. Government.
  • Unique encryption keys. Every file is secured using a unique encryption key limiting the damage should a key become compromised.
  • Detects and blocks screen capture programs. FileSECURE blocks literally thousands of screen capture and remote access applications to stop confidential information being compromised.
  • Prevents unauthorized printing. A user must be granted specific print permission for a secured file before being able to print it.
  • On-screen and print watermarking/digital fingerprinting. Overlays information regarding the user (e.g. host name, IP address, mac address, Windows user name, FileSECURE User ID, date, etc.) accessing the document when displayed or printed. Primarily used for forensic analysis if someone has used a camera to take a picture of on-screen content or made unauthorized copies of printer output.
  • Lock user access to physical workstations. Users can be prevented from accessing secured content from anywhere other than specifically approved workstations (up to 8 different workstations per user can be registered).
  • Encrypt temporary and recovery files. FileSECURE secures the most common method used to hack into our competitorís products, many of which use file locking to protect these.
  • User authentication. Userís must authenticate themselves each time they access a secured file. FileSECURE has its own user database, but can also be integrated with LDAP and Active Directory directory services or two factor authentication solutions such as RSA SecureID and Entrust PKI.
  • Audit trails. From the moment a file is secured, all activity concerning that file is logged in FileSECUREís audit trail database. Comprehensive reporting is available for analyzing events and relationships between events, documents, permissions and users.
  • Secure communications. All communications between FileSECURE Clients and the Authentication & Policy server are conducted over Secure Socket Layer (SSL) channels using the same technology and security as is used when you conduct online banking.
  • Distributed securing. FileSECURE performs all securing activities (encryption and compression) on the securing userís workstation rather than sending files to be secured to a central location. (FileSECURE A-Author, S-Author, Publisher and WebSECURE components do run on their own servers which should be dedicated and physically secured).
  • Dynamic rights. A userís rights to a secured file can be changed or revoked at any time. If the userís employment is terminated access to all their secured files can be revoked immediately. If the userís computer is stolen, access to secured files from that specific computer can be immediately revoked.
  • Content owner control over security. The owners of sensitive information can control policies and access rights themselves. All other, including IT staff, are not able to access secured information unless explicitly granted permission.
  • Offline control and tamper detection. The only time FileSECURE userís are able to ďleaseĒ rights is when they enter offline mode, primarily used when traveling without internet access. An encrypted cache is populated with keys and rights for selected files. The maximum time that a user can cache keys and rights is determined by policy. Once that time expires, the user must connect to the Authentication & Policy Server and refresh the cache (at which time the audit trail is also transferred from the encrypted cache to the server). Numerous tamper detection methods are deployed to detect attempts at compromising the cache. For example, if any attempt to set back the system clock us detected, the keys in the cache are destroyed.
  • Cryptographic separation in OnDemand environments. FileSECURE was uniquely designed from the ground up to operate in an OnDemand or hosted environment where multiple different organizations are running under the same copy of FileSECURE. Each organization is cryptographically separated from each other, so that even if a user from one organization were able to obtain access to a secured file belonging to another organization hosted on the same server, they would be unable to do anything with it. In addition, no files Ė secure or unsecured - are ever sent to or stored on the Authentication & Policy Server thereby preventing the operators of the OnDemand service from even attempting to access content.
  • Printer whitelisting for location based printing (available on special request). Further restricts authorized printing to specific physical printers.