Despite a rash of recent hacker intrusion and theft of data that have victimized governmental agencies and various industries such as healthcare, the one remedy that can thwart these efforts, namely at-rest data encryption at record, field, and file level, remains surprisingly under-utilized.
This is mainly due to the fact that implementation of any type of data encryption involves complications surrounding the management of encryption keys and the difficulty of key management when it comes to any supply chain related exchange of data. Furthermore, if employing any of the various data encryption involves storing the key somewhere on the system or systems in order to make it available to various programs that need access to the unencrypted data, once hackers gain access to those systems, they can quickly locate the encryption keys and render the entire implementation useless by decrypting the information using the encryption keys.
DEXUSshieldTM is a unique approach to the problems surrounding encryption key management. In our patent-pending approach, we encrypt the encryption key using a higher-level passcode (any password, digital passcode, or biometric based user identification and verification) known only to the data owner to encrypt the actual encryption keys and store those keys in an encrypted key vault. This higher-level passcode is never stored on any of the systems that contain the encrypted data or the encryption keys. Using this method, the only possible path to decrypt the data is to provide the passcode, which will decrypt the encryption keys, which in turn is used to decrypt the data. Using our approach, it is impossible for any unauthorized access and decryption of the sensitive and confidential data.
Using this method, employees within the organization, including IT personnel, can only view the sensitive data once authorized by the data owner. This authorization can be for all of the data or specific record types, fields, files, etc. DEXUSshieldTM handles the sharing of the necessary encryption keys without revealing the actual keys to the authorized personnel. Once an authorization is rescinded, the data is rendered unreadable.
Another important aspect of our approach is the facilitation of data exchange with supply chain partners. Any partner can be authorized in a similar fashion to an employee to have access to any and all sensitive data at record and field level. DEXUSshieldTM properly manages the access to the relevant encryption keys without revealing the actual keys. And deauthorization is just as simple.
With DEXUSshieldTM you can fully disable unauthorized access to your organization’s sensitive and confidential data while retaining complete control over authorizing and deauthorizing your personnel and third-party partners transparent access to the information without the complications typically encountered with encryption logic and key management.