How SPYRUS Helps
SPYRUS Windows To Go drives make an ideal configuration for remote access to Cloud computing resources, providing a true secure trusted endpoint. With the addition of SPYRUS PocketVault™ Encryptor “PVE™” file encryption applications to the WorkSafe™ or Worksafe Pro™ devices, the most comprehensive solution to security for file sharing becomes part of your SPYRUS Secure Cloud Computing solution. File encryption is the only universal technology to simultaneously and elegantly protect data-at-rest, data-in-transit and data-at-work in cloud-computing environments, and SPYRUS is the only company to bring a full range of military-grade hardware-based FIPS 140-2 Level 3 certified cryptographic file-encryption solutions to your IT operations with the added strength of PVE file encryption certificates, and advanced elliptic curve and AES cryptography.
For secure access to the corporate cloud, the embedded Rosetta HSM security controller can provide hardware two-factor authentication to the corporate cloud as well as to the cloud applications such as Office 365, SharePoint or OneDrive. The user can even do smart card log on to the operating system on the SPYRUS Windows To Go live drive.
Once you are in the Cloud, the data files are all accessible. The PVE application solves this issue by individually encrypting each file that is stored in the Cloud. The PVE On The Go application resides in the encrypted compartment of the SPYRUS Windows To Go live drives and is bound to the FIPS 140-2 Level 3 validated embedded Rosetta HSM security controller. An added benefit is that the employee can designate others to securely access the encrypted files stored in the Cloud through the exchange of PVE certificates used for authentication.
With SPYRUS PVE file encryption applications, the file encryption key is always in the sole possession of the originator and not shared among either recipients or intermediate services such as file-sharing services and open-network facilities with centralized key management or access to originator keys. Since SPYRUS PVE file encryption is based on protecting data confidentiality from originator to recipient(s), regardless of the networks and servers and services (Goggle Disc, Microsoft Azure, DropBox, Box Inc, Amazon Web Service, Egnyte, Druve, Citrix ShareFile, etc,) through which it travels, the data originator is in sole control of the intended recipient’s ability to decrypt and read individual encrypted files by selecting the distribution list prior to transmission. This SPYRUS feature enables portability for each data originator or recipient to use their choice of distribution and storage services to send or receive protected confidential data. SPYRUS PVE file encryption technology makes the networks completely fungible as transmission conduits and not value-added services. Cloud-computing and collaboration becomes safe with SPYRUS and always keeps the key to the confidential data with the users.
Your enterprise can enforce access to only your data and applications and prevent local access or data storage. In addition, the SPYRUS Windows To Go devices provide an outstanding solution for the challenges involved with supporting endpoints from computing platforms in remote offices or even teleworkers operating from home based, strongly heterogeneous computing environments. The full spectrum of features provided by the SPYRUS family of Windows to Go devices provides a secure, managed endpoint that is an extension of the corporations IT infrastructure. For highly cost effective, simple application work which accesses the remote cloud, using the shared data storage and application execution resources, the enterprise can supply employees with a 32 GB SPYRUS Windows To Go drive provisioned with the Read Only (RO) option. The RO options permits employees to boot securely from any platform, including BYOD/BYOC or untrusted home computers.
The SPYRUS Windows To Go devices are complemented by the P-3X series of high-security, solid-state disk (SSD) USB 3.0 encryption devices that protect data with next-generation Elliptic Curve Cryptography (ECC) and XTS-AES cryptography. Like the Windows to Go family of hardware encrypted versions, every file on the WorkSafe Pro and PocketVault P-3X is securely protected in its encrypted SSD storage when the drive is not powered and unlocked.
In particular, these capabilities are important for use in public clouds with varying degrees of security and information assurance. For example, PocketVault P-3X can be used to store an encrypted version of files that are accessible from your computer, as well as decrypt and save them to other locations. Employees can share encrypted files with other authorized PVE P-3X and PVE Pro users by using PVE P-3X to create and exchange digital certificates to create a list of PVE Contacts. You can include any of your PVE contacts on a sharing list when you encrypt a file or folder with PVE, and those contacts can decrypt that file or folder on their own computer running PVE Pro. You can also decrypt encrypted files that are shared with you by your PVE Contacts.
You can share encrypted PVE files with other users by creating and exchanging your PVE Certificate and add PVE Certificates from other users to your PVE Contacts folder. When encrypting a file, you can select PVE Contacts to share decryption capabilities for that file as described below.
Some notable features of SWTG products for the use in accessing cloud based data and application resources are as follows: