Encryption Management Platform

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application. This ubiquitous encryption solution protects all your corporate data by seamlessly encrypting files on end-points (computers/mobile devices), corporate servers and public cloud providers. With Kapalya, users have the ability to share encrypted files across multiple cloud platforms.

Industry Challenge and Kapalya Solution

Kapalya’s ApproachOther Vendor's
Cloud Key ManagementManage your own encryption keysUse cloud provider’s encryption keys
File & Folder EncryptionUnique key served per file and folderOne key served per user for all their files
Key StorageKeys are served in real-time and destroyed after encryptingKeys could be stored on endpoints or public clouds
SSL TunnelFiles are sent encrypted and through an SSL tunnelFiles are sent in clear-text via an SSL tunnel
EncryptionClient-side - Files are encrypted on the endpoint before uploadServer-side - Files are encrypted after data is uploaded
Proxy-BasedFiles are encrypted on the end-point, before uploadFiles are in clear text on endpoints and encrypted only when leaving the corporate perimeter
Role-Based PoliciesPrivileged users never have visibility into end-user data
Access to end user data is defined using role-based policies
Privileged Cloud Admins
Cloud admins are masked from viewing all dataAdmins at public cloud providers have visibility into your corporate data
File SharingAbility to share encrypted files across multiple cloud Storage providers while only sharing the unique key for that specific file
Only able to share encrypted files within one cloud storage provider’s network, often unknowingly sharing the key to view all your sensitive files
Multi-Vendor StrategyKapalya’s Encryption Management Platform is one solution that encrypts data on endpoints, private clouds and public cloudsSecurity teams must employ one vendor to encrypt on endpoints, another for private clouds and yet another to protect on public clouds

End-point Security

The Encryption Management Platform creates a secure vault on user endpoints where:

  • A data classification engine scans the endpoint for sensitive files and prompts users to encrypt
  • All data within the vault is encrypted
  • Each file and folder is assigned a unique encryption key
  • No additional disk or storage space is taken up on the endpoint

Public-cloud security

The problem with using the encryption offered by public cloud vendors:

Some cloud providers allow customers to bring and manage their own keys. However, integrating with a cloud provider’s key management system requires programming which could result in time consuming efforts and if not configured properly, could expose the customer’s data.
The Encryption Management Platform is cloud agnostic and uses client-side encryption so files and folders are encrypted before leaving the endpoint. While in-transit, files are double encrypted as they move through an SSL tunnel. Since the user controls the keys, your files are protected from eavesdropping by any third-party, including your cloud storage provider.
A unique encryption key per file allows users to share protected files across cloud storage platforms and to other Encryption Management Platform users.

Private Cloud

Kapalya creates a secure vault for each user on your private cloud as well, to allow file and folder protection within your network.

  • Your internal corporate administrators do not have privileges to view end-user data.
  • User’s credentials are not tied to the enterprise’s active directory

Encryption Key Management

Key management done differently:

Data Classification

Kapalya’s data classification engine scans 250+ file types for social security numbers, credit card numbers, state I.D.s and driver's’ license numbers. The engine is customizable to identify the sensitive data your organization handles.
If confidential data is found sitting on endpoints, the platform will prompt users with a list of files, and options to preview, encrypt or delete.
The frequency of scans can be on-demand or programmed to run at certain times or intervals and can be configured based on business needs.