AirZip FileSECURE employs a range of security
features to prevent unauthorized use of electronic files
and documents. Each secured file will be protected by
many or all of the following:
- Strong Encryption. FileSECURE secures all files
using AES256 encryption Ė strong enough to be
authorized for securing Top Secret documents by the
- Unique encryption keys. Every file is secured
using a unique encryption key limiting the damage
should a key become compromised.
- Detects and blocks screen capture programs.
FileSECURE blocks literally thousands of screen
capture and remote access applications to stop
confidential information being compromised.
- Prevents unauthorized printing. A user must be
granted specific print permission for a secured file
before being able to print it.
- On-screen and print watermarking/digital
information regarding the user (e.g. host name, IP
address, mac address, Windows user name, FileSECURE
User ID, date, etc.) accessing the document when
displayed or printed. Primarily used for forensic
analysis if someone has used a camera to take a
picture of on-screen content or made unauthorized
copies of printer output.
- Lock user access to physical workstations. Users
can be prevented from accessing secured content from
anywhere other than specifically approved
workstations (up to 8 different workstations per user can be registered).
- Encrypt temporary and recovery files. FileSECURE
secures the most common method used to hack into our
competitorís products, many of which use file
locking to protect these.
- User authentication. Userís must authenticate
themselves each time they access a secured file.
FileSECURE has its own user database, but can also
be integrated with LDAP and Active Directory
directory services or two factor authentication
solutions such as RSA SecureID and Entrust PKI.
- Audit trails. From the moment a file is secured,
all activity concerning that file is logged in FileSECUREís audit trail database. Comprehensive
reporting is available for analyzing events and
relationships between events, documents, permissions
- Secure communications. All communications between
FileSECURE Clients and the Authentication & Policy
server are conducted over Secure Socket Layer (SSL)
channels using the same technology and security as
is used when you conduct online banking.
- Distributed securing. FileSECURE performs all
securing activities (encryption and compression) on
the securing userís workstation rather than sending
files to be secured to a central location.
(FileSECURE A-Author, S-Author, Publisher and
WebSECURE components do run on their own servers
which should be dedicated and physically secured).
- Dynamic rights. A userís rights to a secured file
can be changed or revoked at any time. If the userís
employment is terminated access to all their secured
files can be revoked immediately. If the userís
computer is stolen, access to secured files from
that specific computer can be immediately revoked.
- Content owner control over security. The
owners of sensitive information can control policies
and access rights themselves. All other, including
IT staff, are not able to access secured information
unless explicitly granted permission.
- Offline control and tamper detection. The only
time FileSECURE userís are able to ďleaseĒ rights is
when they enter offline mode, primarily used when
traveling without internet access. An encrypted
cache is populated with keys and rights for selected
files. The maximum time that a user can cache keys
and rights is determined by policy. Once that time
expires, the user must connect to the Authentication
& Policy Server and refresh the cache (at which
time the audit trail is also transferred from the
encrypted cache to the server). Numerous
tamper detection methods are deployed to detect
attempts at compromising the cache. For example, if
any attempt to set back the system clock us
detected, the keys in the cache are destroyed.
- Cryptographic separation in OnDemand
environments. FileSECURE was uniquely designed from
the ground up to operate in an OnDemand or hosted
environment where multiple different organizations
are running under the same copy of FileSECURE. Each
organization is cryptographically separated from
each other, so that even if a user from one
organization were able to obtain access to a secured
file belonging to another organization hosted on the
same server, they would be unable to do anything
with it. In addition, no files Ė secure or unsecured
- are ever sent to or stored on the Authentication &
Policy Server thereby preventing the operators of
the OnDemand service from even attempting to access
- Printer whitelisting for location based printing
(available on special request). Further restricts
authorized printing to specific physical printers.