With so many security products on the market offering encryption as either a product feature or an entirely separate product, it’s vital to understand how the many products differ to protect sensitive data. Through the course of Active Cypher’s product development, companies often ask how Active Cypher compares to specific products. We compared Active Cypher to others and eventually concluded that all other products are either – platform and/or server-based products. We have extracted several key features that set Active Cypher apart from all other file encryption products on the market today. The matrix at the end of this article shows a comparison of Active Cypher vs platform & server-based file encryption products.
What is Active Cypher?
Active Cypher is a 100% automated file encryption solution that protects every file on a company’s servers, at rest and in-transit. Using existing servers and software, Active Cypher requires no administrative overhead, no user involvement and is fully integrated into the client’s existing Azure Tenant and Subscription. Due to its low overhead and automated installation process, Active Cypher can be installed in less than one hour.
How Does Active Cypher Work?
Active Cypher “piggybacks” on a company’s existing Active Directory file access permissions maintained by its information technology department. Because Active Cypher uses a company’s existing Active Directory, it allows the viewing of encrypted data by authorized users in the AD Security Groups to view and edit the data. Azure Active Directory, Multi-factor authentication, SSO, Device Management and Threat Analytics are fully supported by Active Cypher without the need for third-party interface, proxy’s, servers or services, which eliminates the need for separate resource-intensive platforms.
Active Cypher is NOT a SaaS (Software as a Service) or PaaS (Platform as a Service). Rather, Active Cypher is a 100% client-deployed solution with all database, security and key management functions deployed in the client’s Azure Cloud Subscription with client availability for oversight, auditing, scaling and continuity planning that is available to their own subscription. All identity, authentication and access control rights are handled by the Azure & Office 365 functions that a company already uses.
Active Cypher Deployment
Active Cypher is easy to install and is deeply-integrated within the Microsoft Server and Azure/Office 365 environment. Active Cypher easily integrates with cloud storage services like One Drive, Office 365, SharePoint, DropBox, Box, Google Drive and others. Active Cypher is flexible and can be deployed on-premise, as a hybrid solution or as Cloud-only, within an hour. If a company is performing a “lift-and-shift” into Azure, Active Cypher is there protecting all company files. This means there is no need for implementation services, technical enablement programs or customer onboarding programs.
Platform-based file encryption
It is understandable that on the surface, a person may believe that platform-based solutions and Active Cypher are similar. However, digging a bit deeper, the differences become clear. Let’s take a look at platform-based solutions.
What is a “Platform”?
A platform-based solution is oftentimes referred to as a “gateway”. Both platforms and gateways can be thought of as third-party cloud services (SaaS) where all of your company data that requires protection must first be sent to the platform to be protected and then sent back to the originating source. Most platform-based solutions require a separate database of users, groups, policies and permissions to be created, managed and synchronized. This system requires constant update and management time by a company’s information technology staff. Most platform-based solutions require expensive, multi-person consulting engagements to be performed before the installation and deployment begin. This is necessary because a platform-based solution must operate between you and your data protection. This “man in the middle” technique creates network endpoints which must be identified, created and maintained. This enables the system to retrieve data from the servers and send it to their cloud platform to be protected and routed back to their servers before being sent to other users or shared remotely.
How Do Platform-based Solutions Work?
The platform is typically a centralized, vendor-owned service provider that provides tracking, reporting, auditing, policy control and monitoring and originates from their own vendor cloud (platform). The platform requires administrative overhead to create and deploy policies, monitor and audit effective classification and the compliance of those policies with testing and the ongoing tuning and testing of the policies over time.
A platform-based solution is an external centralized platform with many connections, that need to be configured and maintained for both internal (to the client) and external endpoints (to cloud providers). As a result, tactical teams are required to architect, implement, deploy and support platform-based solutions. Some of the programs may include technical enablement programs, customer onboarding and adoption programs or have their own training programs. All these additional programs are presumably ongoing paid services as part of their onboarding and deployment programs. Not only do these add time and costs but it leaves files exposed to internal and external data breaches during this period of onboarding.
Server-based File Encryption
Server-based file encryption solutions are typically part of an overall suite of applications that are not built to be part of the existing network structure. Rather, server-based solutions must be “bolted onto” a company’s network with their own vendor-specific, vendor created directories for user management, administrative consoles and utilities. This requires continued administrative and maintenance of systems, which are redundant for companies that currently run Active Directory on their network.
What is “Server-based”?
An easy way to identify server-based file encryption is to look at their installation. Server-based file encryption solutions require additional hardware including servers, appliances, applications, tools and consoles. A typical server-based solution is a “bolt on” to your current network rather than being deeply integrated within your existing network like Active Cypher.
How Do Server-based Solutions Work?
The server-based solution performs its file encryption and data protection running alongside your current network. This requires administrators to create a separate database of users, groups and policies in addition to the Active Directory Domain, which is the master source of users, groups and policies on your network.
From an administration point of view, server-based solutions are burdensome to both information technology managers and end-users. Server-based solutions require the distribution of applications, plug-ins and add-ons that must be distributed to end users and typically require installation into Office, Outlook and other applications along with the distribution of templates or policies. Even with all those add-ons there are no guarantees that users will adopt it into their workflow.
Server-based solutions are the most expensive and complex to deploy; both as a capital expense and labor costs. A typical server-based deployment requires a lengthy pre-deployment engagement from the vendor. This pre-deployment engagement is so the vendor can decide how to integrate their solution into a company’s functioning network and identify “mounting points” for their servers, utilities, applications, tools and accessories.
The server-based deployment involves extensive information technology staff training to learn how to properly and efficiently manage another complex system in addition to the existing network infrastructure.
A server-based deployment must involve the end-users because most rely on participation from the end-users. This allows them to understand how they should be protecting the company’s data. If left untrained or improperly motivated, the end-users can severely limit the effectiveness of the overall solution without 100% user adoption.
Active Cypher, platform-based solutions and server-based solutions encrypt your data on-premise and in the cloud helping companies with their compliance and security needs.
When you look closely at the three types of solutions, platforms are a centralized external solution, requiring a company to build around the platform’s needs, while server-based solutions require additional hardware, administration overhead, training, user adoption and monitoring. Active Cypher’s solution is deployed within a company’s existing Microsoft Server, Azure/Office 365 environment making it scalable enough to withstand the elasticity of company growth within enterprise environments.
When making these decisions, it’s important to ask yourself, “should we custom build a solution that may take weeks or months and may only keep your files marginally safe?” Or would it make more sense to use a product that is extremely secure, easy to install, and deeply integrated with the largest software company in the world?
The choice is yours.