Zoom has made headlines for both providing a great way to communicate and also for their lack of security.
By using a tool like Zoom, or relying on the built-in encryption of really any solution such as Whatsapp or Signal, users have given control of who can access data to the solution provider.
We give a version of this example is sales discussions all the time.
My dog walker comes to my house every day at 2 pm to let my dog out and take the dog for a walk. I give the dog walker a key to the house so they can come in at 2 pm every weekday. But what I have done is not just given the dog walker access to my house at 2 pm every weekday. I have given the dog walker full control to decide whenever to enter my home.
The secure solution to grant access to the house without giving up control requires a broker to decide when the door should be unlocked. With today’s modern physical security tools, biometrics grants access. When the dog walker approaches the door, the broker can validate the dog walker via facial recognition, for example. Then the broker can check if the dog walker has permission to access the house at this specific time. Now that identity is confirmed, and the policy is validated, the broker unlocks the door.
SecureCircle’s Data Access Security Broker (DASB) is the broker for all your data protection requirements. DASB sits within the operating system kernel, and brokers access control to encrypted/protected data. Users don’t know DASB exists if the user’s identity is verified, and all the policies rules met, the user accesses protected data in the same way as unprotected data. Users without validated identity or policy rules will get an error and will not be able to access protected data.
SecureCircle’s DASB controls data even after the authorized user opens the file. DASB can apply controls over what applications use data, send data, and also automatically protecting derivative works.
With SecureCircle, companies retain control over data at all times, and permissions can be changed or revoked at any time regardless of where the data resides, which is much better than passing out a key to dog walkers or relying on a solution providers end to end encryption.