Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application. This ubiquitous encryption solution protects all your corporate data by seamlessly encrypting files on end-points (computers/mobile devices), corporate servers and public cloud providers. With Kapalya, users have the ability to share encrypted files across multiple cloud platforms.
|Kapalya’s Approach||Other Vendor's|
|Cloud Key Management||Manage your own encryption keys||Use cloud provider’s encryption keys|
|File & Folder Encryption||Unique key served per file and folder||One key served per user for all their files|
|Key Storage||Keys are served in real-time and destroyed after encrypting||Keys could be stored on endpoints or public clouds|
|SSL Tunnel||Files are sent encrypted and through an SSL tunnel||Files are sent in clear-text via an SSL tunnel|
|Encryption||Client-side - Files are encrypted on the endpoint before upload||Server-side - Files are encrypted after data is uploaded|
|Proxy-Based||Files are encrypted on the end-point, before upload||Files are in clear text on endpoints and encrypted only when leaving the corporate perimeter|
|Role-Based Policies||Privileged users never have visibility into end-user data||Access to end user data is defined using role-based policies|
|Privileged Cloud Admins||Cloud admins are masked from viewing all data||Admins at public cloud providers have visibility into your corporate data|
|File Sharing||Ability to share encrypted files across multiple cloud Storage providers while only sharing the unique key for that specific file||Only able to share encrypted files within one cloud storage provider’s network, often unknowingly sharing the key to view all your sensitive files|
|Multi-Vendor Strategy||Kapalya’s Encryption Management Platform is one solution that encrypts data on endpoints, private clouds and public clouds||Security teams must employ one vendor to encrypt on endpoints, another for private clouds and yet another to protect on public clouds|
The Encryption Management Platform creates a secure vault on user endpoints where:
The problem with using the encryption offered by public cloud vendors:
Some cloud providers allow customers to bring and manage their own keys. However, integrating with a cloud provider’s key management system requires programming which could result in time consuming efforts and if not configured properly, could expose the customer’s data.
The Encryption Management Platform is cloud agnostic and uses client-side encryption so files and folders are encrypted before leaving the endpoint. While in-transit, files are double encrypted as they move through an SSL tunnel. Since the user controls the keys, your files are protected from eavesdropping by any third-party, including your cloud storage provider.
A unique encryption key per file allows users to share protected files across cloud storage platforms and to other Encryption Management Platform users.
Kapalya creates a secure vault for each user on your private cloud as well, to allow file and folder protection within your network.
Key management done differently:
Kapalya’s data classification engine scans 250+ file types for social security numbers, credit card numbers, state I.D.s and driver's’ license numbers. The engine is customizable to identify the sensitive data your organization handles.
If confidential data is found sitting on endpoints, the platform will prompt users with a list of files, and options to preview, encrypt or delete.
The frequency of scans can be on-demand or programmed to run at certain times or intervals and can be configured based on business needs.