HighTech Finland › Information & Communications › All articles in this section   ›  Safer without passwords – much safer

Mobility & Networking
Software & Systems
All articles in this section


Safer without passwords – much safer

Envaulting – from Envault – is a unique, password-free encryption method that combines bullet-proof protection with unprecedented ease of use and the capability to remotely monitor and control data.

Envault’s innovative technology represents the next generation of data protection, as it uses centralised key management rather than end-user passwords to control access to data. Thanks to fully automatic data protection, end-users no longer have to decide whether a document should be protected or not, nor do they need to rack their brains for good passwords.

Traditional encryption systems are ultimately compromised in terms of the protection they can offer, as anyone, including a disgruntled employee or an IT administrator, who knows the right passwords or can access a master password can take the data with them and remain unnoticed by the owner of the data.

Traditional encryption suffers from one major shortcoming – it relies on people and user passwords. With Envault protection, all data is automatically protected, without the need for any user action, passwords, or other user-based security decisions.
Using Envault technology, however, a company can choose who can access its data, and where and when – wherever it is, on a laptop, a smartphone, a file server, removable media, in an email system, or even in the cloud.

Transparent protection

An Envaulted document appears and functions as normal for everyone permitted access to it, but for everyone else its contents are unreadable. Envaulted documents in the possession of employees leaving a company automatically become unreadable the moment their access is terminated.

File transactions are logged in real time, enabling an organisation to see who is copying what data to which form of storage. A system administrator or user can instantly block all access to documents or devices suspected of having been misplaced or used illegitimately, or destroy its contents, without having to establish a link to the drive itself – simply with one mouse click.

This is all achieved thanks to a tiny piece of client software installed on workstations and smartphones and a central management server.

Envaulting is also ideal for SSD drives. Erasing data reliably from these disks has proved difficult, and even overwriting the contents of an entire drive has been shown to be less than 100% effective. Using Envault’s technology, however, which saves only around 99% of file contents to a local drive, businesses no longer need worry where drives end up, as unauthorised users cannot make use of the data they contain.

What’s left out is what counts

The original innovation behind Envaulting was developed at VTT Technical Research Centre of Finland, drawing on the ideas formulated in Claude Shannon’s classic information theory. The technology uses standard AES encryption and a random secret key, and removes a small part of each file, storing it on a network server and creating a protected file from the remaining data. Data can only become meaningful and readable again when the missing information is reattached for users with authorised access. The removed part of the file acts as a unique fingerprint, enabling data to be reliably tracked and identified even if a file is renamed.

> Tuukka Autio
(Published in HighTech Finland 2011)