What is Zafesoft?
Zafesoft protects critical content through transparent, character-based encryption that is permanent. Original content and derivatives (and their derivatives) are secured and remain secured.
Zafesoft was founded to solve the security from the “insider threat” and the challenges of enabling collaboration (with edit) that enables the generation of derivative content. Zafesoft delivers a significantly more granular and dynamic level of security, implementing a powerful new paradigm designed especially for our collaborative world.
Zafesoft security protects original content through a patent-pending encryption and management method. Once content is Zafed it is always protected, no matter how it is altered or shared, or used to create more content, wherever it travels – within or outside of your corporate firewalls.
How is Zafe Different?
Today’s security paradigm operates on the fundamental premise of protecting access to the container of a file or server. Once access is granted, an authorized user can use a variety of methods to share content. Technologies such as DLP, as well as DRM, were created in an attempt to protect derivative content from leaving the corporation. Unfortunately, these technologies have failed to protect critical information.
Zafesoft shifts the security paradigm to focus on the content itself- not just the container. By protecting the characters of content with Always On Encryption Zafe prevents any unauthorized users from viewing any portion of the Zafed content.
Zafe is the only solution available today that protects derivative content for its entire life – no matter where it travels, regardless of where it is shared or stored, including the cloud.
What is Zafed content?
Zafed content is both encrypted and put under Zafe tracking for auditing and recall purposes. No changes are made to the content itself and all Zafe security capabilities are transparent to authorized users.
What hardware and software do I need?
Zafesoft is deployed as a cloud-based application. You don’t need to add or change any hardware.
The Z Central Server acts as the controller for the Zafe infrastructure. It manages User Authentication, creates Audit Trail Reporting and implements Security Profiles and Policies. The Z Central Server sits in a secure cloud environment and can be extended with a Z-Hub for protection within and outside of corporate firewalls.
The Z-Opener is a transparent client-side read that provides the Local Intelligence to Enforce and synchronize policy (with the Z Central Server), block activities/actions, to view Content or to expire Content.
How do I deploy Zafesoft?
Zafe is simple to deploy – as part of a normal business process. Users are assigned their appropriate security policy, All users belong to a default “employee” policy, some users may also belong to other policies, simultaneously. Existing folders may be designated as Zafed, or permanently Zafed. Files in these Zafe folders are immediately Zafed. Users can use these files as before. Dropbox or BOX folders may also be designated as Zafed. That’s it – your content is secured!
When authorized users click to open their first Zafed content – they are able to open these files. New users are sent email invitation to download and install the Z-Opener, once installed and authenticated, they are set. They are not required to login every time. After the Z Opener is setup one time (requires two passwords) it manages security for that device and user going forward – transparently and simply.
Individual users can easily Zafe their own content through a folder or icon click on their desktop.
Does my content go to the Zafesoft Central Server? What about cloud security?
Your content is never uploaded to the Z Central Server. The content only goes where the users of the content send it. This is a great benefit to organizations that work with sensitive information; since there is no such thing as a secure cloud (the cloud is only as secure as the people running it, some of who have to have full access).
Once you Zafe your secure information, you can save it on anyone’s cloud because the content is secure. The administrators can manage the information, its backup, recovery, storage, co-lo etc. Your content remains secure with Zafe.
What about disconnected users?
Zafesoft supports disconnected users in a variety of manners.
What about screen capture?
Zafesoft suppresses screen capture of Zafed content.
What about printing?
If a user can print the document, then they can scan and use OCR (optical character recognition) to convert it to digital text again. That could be a security leak.
Zafesoft makes “Printing” a policy choice. It can be disabled, and users will not be able to print Zafed content, although they can continue to edit, save, email etc. this same content – if allowed. Non-Zafed files will continue to print.
How is Access Control different from Information Security?
Access control is what IRM and DRM (information rights management, digital rights management) technologies provide to the original files. Zafesoft prevents the insider threat.
Access control allows the owner of the file to decide who (authorized user) can open that file. What they do with that information after that is beyond the control of the owner (from a security point of view). So an authorized user can make a copy of the information, and potentially send, email, ftp, USB etc. to a million people anytime they want. Since the information goes out as free and clear (without traceability), it is difficult to discover who caused the leak.
However DRM technologies can limit the user’s rights on the document/file. So a DRM policy could be created that prevents all the other users (not the owner) from edit, copy, paste, and save. Now this document is fairly secure, since the authorized user cannot easily take this information and send it to a million people. This is how DRM can appear like information security, when it is providing partial access control. Many leak points exist in these systems.
Information Security is about securing the information everywhere, in all the environments where it is created, used, modified, transferred and ultimately sunset. It must provide multi-operating system access across multiple applications, and users and applications (authorized or not) must not be able to leak the information as information. This includes security from unauthorized print, any screen capture, unauthorized access, a copy paste to Notepad, support for Excel spreadsheets etc.