Cloud Computing

The Challenge with Cloud Computing & Secure Access and Storage

There is no doubt, we now live in the Cloud! We rely on network access for most of our applications and documents. The ability to login in and be productive from virtually anywhere increases productivity and the convenience outweighs most of the risks. But there are very real risks and for certain documents the Cloud is not enough. DropBox, iCloud, Google and all Cloud-based solutions work hard to protect their data with varying forms of login authentication and “data at rest” protections…but it is not enough. Stored corporate data is at risk if the Cloud is part of the solution.

How SPYRUS Helps

SPYRUS Windows To Go drives make an ideal configuration for remote access to Cloud computing resources, providing a true secure trusted endpoint. With the addition of SPYRUS PocketVault™ Encryptor “PVE™” file encryption applications to the WorkSafe™ or Worksafe Pro™ devices, the most comprehensive solution to security for file sharing becomes part of your SPYRUS Secure Cloud Computing solution. File encryption is the only universal technology to simultaneously and elegantly protect data-at-rest, data-in-transit and data-at-work in cloud-computing environments, and SPYRUS is the only company to bring a full range of military-grade hardware-based FIPS 140-2 Level 3 certified cryptographic file-encryption solutions to your IT operations with the added strength of PVE file encryption certificates, and advanced elliptic curve and AES cryptography.

For secure access to the corporate cloud, the embedded Rosetta HSM security controller can provide hardware two-factor authentication to the corporate cloud as well as to the cloud applications such as Office 365, SharePoint or OneDrive. The user can even do smart card log on to the operating system on the SPYRUS Windows To Go live drive.

Once you are in the Cloud, the data files are all accessible. The PVE application solves this issue by individually encrypting each file that is stored in the Cloud. The PVE On The Go application resides in the encrypted compartment of the SPYRUS Windows To Go live drives and is bound to the FIPS 140-2 Level 3 validated embedded Rosetta HSM security controller. An added benefit is that the employee can designate others to securely access the encrypted files stored in the Cloud through the exchange of PVE certificates used for authentication.

With SPYRUS PVE file encryption applications, the file encryption key is always in the sole possession of the originator and not shared among either recipients or intermediate services such as file-sharing services and open-network facilities with centralized key management or access to originator keys. Since SPYRUS PVE file encryption is based on protecting data confidentiality from originator to recipient(s), regardless of the networks and servers and services (Goggle Disc, Microsoft Azure, DropBox, Box Inc, Amazon Web Service, Egnyte, Druve, Citrix ShareFile, etc,) through which it travels, the data originator is in sole control of the intended recipient’s ability to decrypt and read individual encrypted files by selecting the distribution list prior to transmission. This SPYRUS feature enables portability for each data originator or recipient to use their choice of distribution and storage services to send or receive protected confidential data. SPYRUS PVE file encryption technology makes the networks completely fungible as transmission conduits and not value-added services.   Cloud-computing and collaboration becomes safe with SPYRUS and always keeps the key to the confidential data with the users.

Your enterprise can enforce access to only your data and applications and prevent local access or data storage. In addition, the SPYRUS Windows To Go devices provide an outstanding solution for the challenges involved with supporting endpoints from computing platforms in remote offices or even teleworkers operating from home based, strongly heterogeneous computing environments. The full spectrum of features provided by the SPYRUS family of Windows to Go devices provides a secure, managed endpoint that is an extension of the corporations IT infrastructure.  For highly cost effective, simple application work which accesses the remote cloud, using the shared data storage and application execution resources, the enterprise can supply employees with a 32 GB SPYRUS Windows To Go drive provisioned with the Read Only (RO) option. The RO options permits employees to boot securely from any platform, including BYOD/BYOC or untrusted home computers.

The SPYRUS Windows To Go devices are complemented by the P-3X series of high-security, solid-state disk (SSD) USB 3.0 encryption devices that protect data with next-generation Elliptic Curve Cryptography (ECC) and XTS-AES cryptography. Like the Windows to Go family of hardware encrypted versions, every file on the WorkSafe Pro and PocketVault P-3X is securely protected in its encrypted SSD storage when the drive is not powered and unlocked.

In particular, these capabilities are important for use in public clouds with varying degrees of security and information assurance. For example, PocketVault P-3X can be used to store an encrypted version of files that are accessible from your computer, as well as decrypt and save them to other locations. Employees can share encrypted files with other authorized PVE P-3X and PVE Pro users by using PVE P-3X to create and exchange digital certificates to create a list of PVE Contacts. You can include any of your PVE contacts on a sharing list when you encrypt a file or folder with PVE, and those contacts can decrypt that file or folder on their own computer running PVE Pro. You can also decrypt encrypted files that are shared with you by your PVE Contacts.

You can share encrypted PVE files with other users by creating and exchanging your PVE Certificate and add PVE Certificates from other users to your PVE Contacts folder. When encrypting a file, you can select PVE Contacts to share decryption capabilities for that file as described below.

Some notable features of SWTG products for the use in accessing cloud based data and application resources are as follows:

Security for Data at Rest

SPYRUS WorkSafe Pro and Secure Portable Workplace™ use advanced XTS-AES 256 mode of encryption, totally transparent to the user while operating at SSD category speeds. It is the IEEE standard for full disk encryption and much stronger than using software based full disk encryption. For added protection without reducing performance, SPYRUS provides its Defense-in-Depth two-layer encryption protection by enabling optional   BitLocker software encryption, with the BitLocker passwords securely protected in the hardware encrypted memory partition. (SPYRUS Windows To Go Live Drives)

Mitigate Data Leakage and Malware Propagation

For teleworkers performing their duties by accessing cloud based applications; VDI, VPN or via remote portals, the SWTG devices provisioned for Read-Only provide strong cryptographic security for VDI and thin-client applications by eliminating persistent data changes to the data stored on the drives and also mitigate the persistent threats of exfiltration and malware propagation to the corporate network. (SPYRUS Windows To Go Live Drives)

Device and Data Management

All SWTG products are complemented by the SPYRUS Enterprise Management System (SEMS).   SEMS offers risk management via global, national and organizational control over those important corporate and personal IT information assets which have previously been confined and protected within the physical IT infrastructure of a facility, but now require protection as they travel the world within USB endpoint devices.   SEMS provides central management for SWTG drives with numerous policy driven functions including user access, device enablement/disablement, “kill” inoperability, group or user policy changes, audit recording, and password changes. The SEMS architecture allows an unlimited number of devices to be managed with facilities for multiple administrators based on organizational needs and policies. The persistent audit trail provided by SEMS permits the real time monitoring of an “Acceptable Usage Agreement” for BYOD support.

In-field updates and policy changes can be uniformly administered with SEMS and SCCM with common procedures rather than returning devices to a central “loan pool.”   SEMS ease of use is an important management and cost consideration in deploying scalable device management systems. Under SEMS, System Administrators primarily operate in a demand-based environment. SEMS allows them to take actions for control of devices based on user-driven operational help requests, threat circumstances, or organization-driven policy changes. (SPYRUS Enterprise Management System – SEMS)

We already work with:

Speak to an Expert

If you would like to speak with a SPYRUS expert regarding our products and services, please click on the button below to get all of our contact information. We look forward to assisting you and answering all of your questions.