Downloadable User Guide


How is Kapalya different from a file sharing/storage service?

We provide encrypted file sharing across multiple clouds and is cloud-agnostic. Individual file-sharing companies only allow file sharing on their own service. You have the choice to do encrypted file sharing across multiple cloud providers.

How is Kapalya different from a cloud collaboration service?

Kapalya is cloud-agnostic so you have the choice to encrypt and share files across multiple clouds. Individual public cloud providers only allow file sharing within their own platform. Kapalya complements and enhances your cloud provider(s) by providing the ability to share files across platforms in a secure manner.

Where does Kapalya encrypt my files?

Kapalya uses client-side encryption, therefore all encryption happens on the endpoint.

How are keys managed?

Keys are served in real-time from a FIPS 140-2 key manager and never stored on any endpoint, public cloud, or private cloud storage.

Can I do encrypted file sharing?

Yes, you can share encrypted files across multiple public clouds, private clouds and file storage platforms.

How do you ensure my keys will not get compromised?

Each user gets assigned unique keys for each encrypted file and/or folder. The keys reside in a FIPS 140-2 key manager and are never stored on endpoints, cloud storage or private clouds. Keys are destroyed after the encrypt or decrypt function is performed.

How do I know which files contain sensitive data?

The data classification engine scans for sensitive data of 250+ file types including; credit card numbers, social security numbers, driver's licenses and more. Kapalya’s Encryption Management System then shows users a list of sensitive files sitting on their endpoints and prompts users with the option to encrypt some or all detected files.

Which public clouds do you support?

Currently, Kapalya supports Amazon S3, Box, and OneDrive. We are in development to release integrations with Google Drive and Dropbox in the near future.

Which end-points do you support?

Kapalya supports the following endpoints:

  • Windows versions: 7, 8, 8.1, 10

  • Mac OS versions: Yosemite, Sierra, High Sierra

  • iOS devices: iPhone 6, iPhone 6 Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X and iOS versions 10 and higher

  • iOS tablets: iPad, iPad mini, iPad Air, iPad Pro

  • Android smartphones versions 6.0 and higher

  • Android tablets versions 6.0 and higher

Which private clouds do you support?

Currently, Kapalya supports Windows’ private cloud. We are in development to release an integration with Linux in the near future.

Does this replace existing encryption services provided by public cloud vendors?

No, Kapalya does not replace the encryption provided by your current public cloud provider. It complements and enhances the public cloud by providing an additional layer of security by protecting data at rest and in transit and allowing for secure file sharing across multiple platforms. With Kapalya, you manage your keys, subsequently masking your cloud provider’s admins from viewing your sensitive data.

Can I share my encrypted files with people outside my enterprise?

Yes, provided the recipient of the file is also using the Kapalya Encryption Management System.

Do you support version control?
Yes. but only on public clouds.

How do you ensure no local, cloud or enterprise administrators can view my files?

Each user is assigned a new set of keys and credentials which administrators do not have access to. The new set of user credentials are assigned their own set of keys for every file or folder. Kapalya creates an account for each user, upon initial login, the user must change their password and enter a pin. On mobile endpoints, in addition to these credentials, a 6-digit pin is also used to authenticate a user before allowing access to the file.

Do you support single sign-on?

Yes. Through biometrics and facial recognition. But you have the option to enable multi-factor authentication.

Do you support multi-factor authentication on mobile end-points?


Can I encrypt and upload entire folders?


Do you support VDI environments?

Yes. Kapalya has been tested successfully on VMware VDI environments.

Can I use my existing HSM (hardware services module) or software based key managers to integrate with Kapalya’s solution?

Yes. Custom configurations can be deployed for Kapalya to support third party HSMs provided they are KMIP compliant.

Is it hosted in the cloud or do you have an on-prem version?

Both. Hosted on AWS and Azure… and on-prem on a VMware environment.

How do I size the key managers to be used (Enterprise customers only)?

This will depend on your number of users, number of devices and average number of anticipated files and folders.

Do you provide automatic synchronization of files and folders from end-points to any public cloud?
Currently we do not automate this process but it is in the works. However, all files and folders from any endpoint can be easily moved to the cloud.

How are existing cloud security policies managed?

Kapalya integrates with the existing cloud vendor’s security policies.

How are users provisioned on the system?

Users are provisioned through Kapalya’s provisioning server. Users can be provisioned one-at-a-time or in batches (with enterprise edition.)

Do you have existing integration into enterprise Active Directory servers?

Kapalya can integrate with existing Active Directory, however, we recommend against this as an added protective layer in the event the Active Directory gets compromised.

How are keys rotated for users?

Keys do not need to be rotated because each file and folder gets assigned a unique key.

How do I recover files for employees that have left the company?

An administrator needs to reset the user’s credentials and use the new credentials to recover files.

How are mobile devices registered with the solution?

Mobile devices are registered using their UDID, ESN and IMEI to ensure uniqueness of the device.

Can you revoke access to individual devices belonging to a user?

Yes. Administrators have the ability to revoke access to any device registered to any user.

If I lose my mobile device, can a third party run forensics and read the data on my mobile device?

No, because they will not be able to get to the encryption keys because they are not stored on the device.

How do you protect data-in-transit?

Through a VPN tunnel, IPSec or SSL.

What kinds or VPN do you support?

Kapalya supports IPSec or SSL VPN tunnels.