Addressing the aftermath of encryption

Protecting data and communications has become increasingly critical in a world of evolving cyber threats. Encryption provides the only end-to-end protection against these threats. Zeva offers solutions to enhance cybersecurity strategies so organizations can prevent data loss and meet regulatory & compliance requirements.

Is your Data Secure?

Is you data secureEfforts to thwart hackers have been inadequate to stop the theft of sensitive data. Data encryption is the most effective strategy to mitigate the damage of data loss. Cybersecurity solutions are incomplete without a comprehensive program of data encryption. Zeva offers solutions and services to enable organizations to implement effective data encryption strategies, and address the complexities of managing and inspecting encrypted data.

Data Protection

Criminal, malicious, and state-sponsored hacking of sensitive data is creating havoc for business and government. After spending billions on technology attempting to prevent unauthorized entry into data networks, the situation is worse than ever. Data encryption provides the ultimate protection and should be an integral part of every comprehensive security program. Yet organizations avoid encryption due to what appear to be the complexities of its implementation and ability to access encrypted data for inspection. Do not sacrifice data security for convenience! Zeva can help you establish the right balance in your data encryption program.

Data Leakage Prevention

When data is lost to nefarious actors, the impact can be severe. Businesses suffer the financial losses of remediation and restitution, damage to reputation, and potential loss in competitiveness. Governments address these violations in a regulated environment, and deal with the potential national security and political implications. Sensitive communications, such as electronic mail, should be protected through a well-defined, strong encryption program. Zeva solutions can help enhance the effectiveness of your data loss program.

Securing Data in the Cloud

The scope of data stored in the Cloud is growing rapidly as organizations embrace this technology for convenience and cost efficiencies. However, with convenience and cost savings also comes potential risks to data. Understanding how data is stored and protected on Cloud platforms and networks can often be overlooked. A comprehensive approach is needed to protect data as it is stored and transmitted across organizational boundaries. Zeva solutions can help mitigate data risks when achieving the benefits of the Cloud.

Can you Access your Data after Encryption?

access your data after encryptionInspection of electronic data is an integral step in supporting legal eDiscovery, compliance investigations, and Freedom of Information Act (FOIA) requests. Industry regulations and privacy concerns are resulting in growing use of data encryption, such as encryption to secure sensitive electronic mail. This adds complexity to data inspection processes and can also interfere with reading the messages on mobile devices.  Government and industry regulations are increasingly requiring the use of data encryption. Zeva delivers solutions that can securely decrypt encrypted email messages for investigative and mobility applications.

Enabling Mobility

The expanded use of encryption to secure electronic mail can prevent users from reading encrypted messages on mobile devices. Policies that limit storage of user credentials on mobile devices, such as with smart card use (e.g. PIV/CAC), introduce additional challenges. Zeva MobileDecrypt makes it possible to read encrypted email on mobile devices using derived credentials. MobileDecrypt places no software on the mobile device, and the encrypted email messages can be read using popular mobile email applications.

eDiscovery Planning

Traditional eDiscovery collection methods address encrypted data very late in the process, and in a highly inefficient way. Some courts are becoming less tolerant of incomplete responses to legal discovery due to presence of encrypted data, such as encrypted electronic mail. With the increasing use of data encryption, it is prudent to address the impact of encrypted data when planning for eDiscovery strategies and tools. Zeva DecryptNaBox can decrypt high volumes of encrypted email messages, and can be integrated with eDiscovery solutions.

Compliance Investigations

Governments and commercial organizations must comply with a myriad of statutory, regulatory, and internal policy requirements. The process to monitor for compliance and investigate potential violations using electronic data is impeded when that data is encrypted. The growing use of encryption to secure electronic mail complicates the inspection of the email content. Zeva DecryptNaBox can expand the inspection of content through automated decryption of large volumes of encrypted email messages.

Freedom of Information Act Requests

Most U.S. Government Agencies are facing a growing number of Freedom of Information Act (FOIA) requests, along with ongoing Congressional oversight inquiries. As FOIA backlogs increase and Agencies become overburdened, the number of requests ending in court intervention is growing. The process to produce information is impeded when electronic data is encrypted. Zeva DecryptNaBox can decrypt large volumes of encrypted email messages, and meets FIPS 140-2 Level 3 requirements for securely handling Federal PKI encryption keys. DecryptNaBox can be an integral part of an Agency’s toolkit to lessen the burden of responding to FOIA requests, and can be integrated with FOIA software solutions.

Ransomware Defense Planning

The most aggressive form of Ransomware, referred to as crypto-ransomware, maliciously encrypts a computer user’s file, and then seeks payment for the encryption key needed to decrypt the data. The prevalence of this type of Ransomware is growing, and organizations should have a defense strategy to deal with it. Since many of the encryption keys used are publically available, it is possible to find the correct encryption key before considering the compromise of payment. Zeva has strategies for addressing this approach.

Is your Cybersecurity strategy comprehensive?

Malware Defense

Significant investments are made to protect digital assets and the integrity of computer networks against the threats of malware, computer viruses, and data leakage. E-mail is the most common way these threats enter systems and networks. Malware and anti-virus scanning, configured to scan email content at the network edge or email server, skips encrypted content. Content scanning tools designed to limit data leakage also skip encrypted content. Zeva’s DecryptNaBox solution can be configured to enable scanning of encrypted content, including content contained in email attachments to mitigate the threats of malware, viruses and data leakage.

PKI Policy and Governance

The use of Public Key Infrastructure (PKI) can provide an organization with methods to create, manage, distribute, and revoke digital certificates for authentication and data encryption. It is not unusual for organizations to deploy PKI technologies without adequate governance, such as roles, policies, and procedures. Zeva offers services to define effective policies and governance processes to ensure that an organization’s use of PKI is properly managed and controlled.

Strong Encryption Strategy & Design

Data encryption is the most effective strategy to mitigate the potential damage of hacking and data theft. Data encryption is a necessary component of a comprehensive cybersecurity program. Organizations often avoid encryption due to complexities of its implementation. Zeva offers services to design and implement effective data encryption strategies as part of a comprehensive cybersecurity program.

Cryptographic Software Development

Organizations may have requirements that off-the-shelf cryptographic solutions are unable to meet. Zeva offers design and development services to create innovative solutions or customize existing solutions, to enhance an organization’s security posture by implementing cryptographic tools. Zeva engineers are experts in the industry technologies. Zeva maintains technology partnerships to provide access to applicable vendor Software Development Kits (SDK). As a CMMI Level 3 company, Zeva follows predictable and repeatable development processes to ensure on schedule, on budget delivery of solutions with the highest degree of quality.

Key Migration, Escrow & Recovery

PKI key storage and management over long periods of time can be complex and time consuming. Technology conversions and Merger & Acquisition activities often result in the need to migrate keys and store legacy keys. Where legacy keys have been used for data encryption, those keys will be needed to read the encrypted data. Zeva offers comprehensive solutions to support secure storage of keys, migration of keys, and secure key recovery. And Zeva offers tools specifically designed for conversion of encrypted email when changing PKI technologies.

mike mccaul“We should be careful not to vilify encryption itself, which is essential for privacy, data security, and global commerce” – Mike McCaul

edward snowden“Properly implemented strong crypto systems are one of the few things that you can rely on” – Edward Snowden

bruce schneier“If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology” – Bruce Schneier

gene spafford“Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench – Gene Spafford