April 16, 2018

Unstructured Files Solution for GDPR Compliance

Cord3’s unstructured file solution for GDPR compliance protects the sensitive contents of your files on internal and Cloud servers from unauthorized access.

When you think about it, the folders on your internal and Cloud servers contain super-sensitive information: private customer and employee information, sales data and account management plans, strategic negotiations, business plans, supply chain management, safety plans, … the list goes on and on. Attacks on personally identifiable information (PII), intellectual property, and strategic data often target file servers (internal and Cloud) because they hold a treasure chest of high-value information.

Organizations have been using file/folder technology for decades to store sensitive information. Unfortunately, it has traditionally been extremely difficult to protect files in folders using encryption. The only solution has been IT-managed Access Control Lists (ACLs). Although ACLs work to some extent, they are difficult to manage and error-prone. Much worse, ACLs provide no protection against insider threats from IT administrators. With ACLs, when external hackers obtain IT administrator privileges –  which is always their goal – the hackers have full access to all of the files stored on internal or Cloud file servers!

Cord3’s unstructured file solution encrypts files in folders so that only authorized people can view the contents of sensitive files. “Authorized people” is defined based on your policy, which is centrally controlled by administrators that are not part of the IT department. IT and other privileged administrators and external hackers cannot access sensitive information even if they have privileged access to the file or Cloud servers.

The file solution is completely transparent to users. All they have to do is hit “Save” and “Open” as they normally would. Cord3 takes care of the encryption and encryption key management so users (and administrators) don’t have to. All of the key management and encryption is done on Cord3’s servers, which are entirely under your control. Privileged administrators for your enterprise file servers and Cloud servers never have access to the encryption keys, so they cannot access the information in the files on the servers.

There is nothing to install on users’ desktops and mobile devices. And there is nothing to install on the file or Cloud server. Cord3’s file solution is controlled by centralized policies, not users’ choices, and separates keys from message contents.

In addition to making your sensitive files GDPR compliant today, Cord3’s solution already solves the next big problem in security – the breaking of public-key cryptography by quantum computers. Cord3’s encryption of files is done using only strong, standard symmetric encryption, so there is nothing to be concerned about when quantum computers can break public-key cryptography. You can read more about Cord3’s strong encryption here.