nCrypt – Managed Encryption

Our Managed Encryption solution, nCrypt, allows your IT administrators to focus on delivering their applications without having to worry about managing their encryption keys, designing security policies or having to go through the pain of modifications to network infrastructures to facilitate a secure operation.

nCrypt, our Managed Encryption solution uses fault tolerant key management appliances held in a secure, UK location on dedicated hardware, communicating securely using mutually authenticated TLS sessions over the internet to an encryption server, which provides the mechanism to perform the encryption and decryption of data at the point of storage.

Our service protects data wherever it is stored. This means that if your data is held within your data centre, in the cloud, third-party contractors or even a mixture we can strongly protect the data at rest, allowing you to decide on how each user or application can access the data and what they can see or do with it.

The service has five modules:

• Transparent data encryption for flat files and databases
• Application level encryption
• Tokenisation or data masking within applications
• Secure key management and storage
• Secure gateway services for Box, Amazon S3, Salesforce and proprietary NAS/SAN storage

Future Proof

Over time your encryption needs might mean that you wish to take over control of the security policies for your data or even build your own system. The nCrypt solution easily accommodates this either by:

1. The creation of a secure domain within our system which allows you to manage the security policies and reporting leaving us to simply manage the platform with no access to your security policies or procedures.
2. We can install your own system, train and support you in its operation but transfer all your existing policies from the managed platform onto your own. This minimises the ‘downtime’ involved in bringing up your own system and defining new policies.

Technical Information: Key Features

The Digital Pathways Managed Encryption Service, nCrypt allows our NOC staff, or yourselves, to create encryption keys (which are totally secure and not viewable by you, or us, under any circumstances) for your application and construct encryption policies allowing you to control which user is accessing the protected data, what applications you wish them to use and when they are allowed to perform these operations.

Once the system has been configured, the encryption agent runs transparently in the background encrypting and decrypting data without the user being aware; or you having to make any changes to your application.

Our managed encryption service gives you the ability to define how you want to use the service. You can allow our NOC staff the ability to manage your system on your behalf, or you can assign your own administrators access based on their roles.

The roles available are as follows:

• Reporting – The ability to access logs and run reports for their assigned hosts
• Key administration – The ability to generate, annotate, retire and delete encryption keys
• Security administration – Access to and creation or deletion of encryption policies and hosts
• Transparent to all applications – no modifications to application code is required
• Encryption keys are not stored with the protected data
• Access to the data is controlled by user name and or application
• Scales from one to tens of thousands of processing cores, real or virtual
• No limit on the number of users or applications accessing the data
• Decouples data ownership to data management
• Full audit of access to protected data
• Compliance reporting

Managed encryption keys used

128/256 bit AES Transport encryption
Mutually authenticated TLS

OS/Infrastructure Requirements

SLES Linux from v11
Redhat enterprise Linux from v5 (not oracle Linux)
Centos from v5
MS Windows server

Filesystems supported

EXT2/3/4 NFSv3 NTFS
Vxfs (on centos/redhat 5,SLES) ReiserFS (SLES)
LVM (RHEL)