Why Locktera File-Level Encryption:
| Benefits | Description |
|---|---|
| Granular Protection | With file-level encryption, each file is individually encrypted using advanced methods like AES 256 or Post-Quantum Cryptography (PQC). This ensures that even if other parts of the system are compromised, each file remains secure. File-level security isolates sensitive data, meaning a breach in one system or folder doesn’t expose other files. |
| Reduced Attack Surface | By encrypting files individually, Locktera reduces the attack surface available to hackers. Even if attackers gain access to a device or system, they would still need to break the encryption for each file, making it much harder to steal usable data. This limits the risk of large-scale data breaches. |
| Data Mobility and Flexibility | Locktera’s file-level encryption ensures that files remain secure wherever they go, whether stored on local drives, shared across networks, or uploaded to the cloud. It supports secure file sharing between users or third parties, ensuring that data remains protected during transmission and access is restricted to authorized users. |
| Simplified Breach Response | In the event of a security breach, Locktera’s file-level encryption ensures that sensitive files remain secure, even if unauthorized access to the broader system occurs. This containment reduces the need for extensive remediation and breach notifications, as encrypted files are less likely to result in the disclosure of sensitive information. |
| Compatibility with Multiple Environments | Locktera’s file-level encryption is compatible with various environments, including cloud storage, on-premises systems, and hybrid infrastructures. Whether files are stored locally or remotely, Locktera maintains the same high level of security, ensuring consistent data protection across platforms. |
| Digital Rights Management (DRM) | Locktera incorporates DRM policies at the file level, which allows organizations to control how files are used even after they’ve been shared. DRM ensures that files cannot be copied, edited, or printed without proper authorization. This gives organizations the power to restrict usage of sensitive files beyond just access control, preventing data misuse or leaks. |
| Audit Trails and Monitoring | Locktera provides detailed audit logs for each file, showing who accessed it, when, and what actions were taken (view, edit, share, etc.). These logs are essential for monitoring file usage and detecting any unauthorized or suspicious activity, enhancing security oversight. |
| User Accountability | File-level security promotes user accountability by tracking actions on a per-file basis. This visibility ensures that users are held responsible for their interactions with sensitive data. It deters malicious insiders or unauthorized actions by ensuring that every access or modification is recorded. |
| Support for Secure Collaboration | Locktera’s file-level security enables teams to collaborate securely by sharing encrypted files with authorized users while maintaining strict access control. This fosters secure teamwork without compromising data security, especially when working with external partners or contractors. |
Critical for ensuring the confidentiality and integrity of your sensitive data
File-level encryption is critical for ensuring the confidentiality and integrity of your sensitive data. Unlike broader system-level or disk-level encryption, file-level encryption applies security directly to each individual file, allowing for more precise control over what is encrypted, who has access, and how data is managed. This granular approach protects data from unauthorized access, even if the system or network is compromised.
The importance of file-level encryption is especially clear in today’s digital landscape, where data is constantly being transferred across networks, stored in cloud environments, and shared with third-party vendors.
With file-level encryption, even if attackers gain access to a system, the encrypted files remain unreadable without the proper decryption keys. Additionally, file-level encryption helps comply with regulatory requirements like GDPR and HIPAA, ensuring sensitive information is adequately protected.
By encrypting individual files, organizations can maintain control over their data, reduce the impact of data breaches, and ensure that sensitive information remains secure—no matter where or how it’s stored.
| Feature | Locktera File Level Encryption | Standard Disk or Storage Encryption |
|---|---|---|
| Granularity of Security | Locktera secures individual files rather than the entire disk. This means you can apply encryption to specific files or folders, giving you more control over what is protected. Different files can have different encryption keys and access controls, allowing selective encryption based on the sensitivity of the data. | Encrypts an entire disk or storage device. Once the system or device is unlocked (such as by logging in), all data is accessible to authorized users without further control at the file level. |
| Selective Access Control | Locktera with file-level encryption, specific users or groups can be granted access to individual files based on need. This is useful in environments where different files require different levels of confidentiality, or where various stakeholders need access to certain files but not others. | Provides access to all data once unlocked, making it less flexible in environments where selective access is crucial. |
| Protection in Motion | Locktera protects files even when they are in transit or shared outside of their original storage environment. This ensures that files remain encrypted regardless of where they are stored or how they are transferred (e.g., via email, cloud services). | Secures the data only when it is on the device. If the data is moved to another system or shared, it may lose its encryption unless additional measures are taken. |
| Revocation and Expiry | Locktera supports revoking access or setting expiry dates for files. This means that even after a file has been shared, access to it can be removed remotely, providing ongoing control. | Doesn't offer this level of control. Once access to the system or device is granted, there is no further ability to revoke access to specific data. |
| Auditability and Monitoring | Locktera provides detailed audit logs, allowing you to track who accessed or attempted to access specific files, when, and from where. This is crucial in industries that require compliance with security standards (e.g., finance, healthcare). | Typically lacks this feature since it is concerned with securing data at the device or storage level rather than managing and auditing individual file accesses. |
| Protection Against Insider Threats | Locktera protects files even from users who have access to the underlying system or disk. For example, administrators might have access to the disk but not the files encrypted at the file level, providing another layer of protection. | Doesn't provide this level of protection, as anyone with access to the disk after it's unlocked can potentially access all files. |
Locktera hybrid AES-256 and PQC encryption
Locktera’s hybrid encryption combines the proven strength of AES-256 for current security needs with Post-Quantum Cryptography (PQC) to defend against future quantum threats. This dual-layer approach ensures your data remains protected both today and in a post-quantum world.
AES-256 Encryption Benefits
| Benefits | Description |
|---|---|
| High Level Security | One of the highest levels of encryption security available today. With its 256-bit key length, it offers a practically unbreakable level of security against brute-force attacks. It would take an astronomical amount of time and computing power for an attacker to successfully guess a 256-bit key. |
| Quantum-Resistant (for now) | Considered quantum-resistant, meaning that current quantum algorithms (like Grover's algorithm) would still require an infeasibly large amount of quantum computing power to break it. While quantum computing could reduce the strength of symmetric algorithms, AES-256's long key length provides a significant buffer. |
| Widely Adopted and Trusted | Widely implemented across industries and has been standardized by NIST (National Institute of Standards and Technology) as a secure encryption algorithm. It is used by governments, military, and financial institutions globally, providing a level of trust and reliability in the algorithm. |
| Efficient Performance | Despite its strong security, AES-256 is also relatively efficient in terms of computational power and speed, especially when implemented in hardware. Many processors have built-in hardware acceleration for AES, further improving performance. |
| Versatile and Flexible | Used for encrypting a wide range of data types and is suitable for a variety of applications, including file encryption, communications security (TLS), disk encryption (BitLocker, FileVault), and VPNs. |
| Compliance and Regulatory Acceptance | Recognized by many data protection regulations, including GDPR, HIPAA, and PCI DSS, as a best practice for securing sensitive data. This ensures compliance with legal standards for encryption in various industries. |
| Symmetric Key Encryption | AES-256 is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. This makes key management simpler in many cases, as only one key needs to be securely stored and transmitted between parties. |
| Resistance to Known Attacks | Extensively studied and resistant to all known practical cryptographic attacks, such as differential, linear, and side-channel attacks. Its design has stood the test of time, with no serious vulnerabilities discovered since its adoption. |
PQC Encryption Benefits
| Benefits | Description |
|---|---|
| Low Overhead Cost | Falcon offers fast and lightweight signature verification, making it ideal for applications that need to process a high volume of transactions or messages quickly. |
| Compact Signature Size | Falcon has one of the smallest signature sizes among post-quantum algorithms, which is highly advantageous for applications where bandwidth, storage, or transmission size is limited (e.g., embedded systems, IoT devices). |
| Efficient Key Generation and Signing | Falcon provides efficient key generation and signing processes, making it more suitable for environments with limited computational resources. |
| Lattice-based Security | Falcon is based on lattice-based cryptography, which is widely regarded as one of the most secure cryptographic foundations in the post-quantum era. It provides strong security guarantees against both classical and quantum attacks. |
| NIST Standardization | Falcon has been selected as one of the finalists in the National Institute of Standards and Technology (NIST) post-quantum cryptography standardization process, lending it credibility and trust for future applications. |
| Post-Quantum Security | Falcon is resistant to quantum attacks, particularly Shor’s algorithm, which could break classical encryption schemes such as RSA and ECC. This ensures that Falcon remains a strong candidate for long-term cryptographic resilience. |
PQC Benefits to AES 256
| Benefits | Description |
|---|---|
| Quantum Resistance for Asymmetric Cryptography | PQC encryption algorithms are specifically designed to be resistant to quantum computers. Quantum computers, using algorithms like Shor's, could break widely used asymmetric encryption methods such as RSA and ECC by efficiently factoring large numbers or solving discrete logarithms. |
| Asymmetric Encryption and Key Exchange Security | PQC algorithms provide quantum-safe solutions for asymmetric encryption, key exchange, and digital signatures, which are critical for secure communications (e.g., TLS, VPNs). They allow two parties to exchange keys over insecure channels in a quantum-safe manner, which is essential for long-term data protection. |
| Long-Term Data Protection | PQC encryption ensures that data encrypted today remains secure against future quantum computers. This is especially important for sensitive data that needs to remain protected for many years, such as in healthcare, government, or financial services. |
| Digital Signature and Authentication Security | PQC encryption offers quantum-safe digital signatures and authentication mechanisms. These are essential for ensuring the integrity and authenticity of messages or software updates, especially in systems like blockchain, secure communication protocols, or IoT devices. |
| Protection Against Future Threats | PQC algorithms offer protection against future quantum computers that could render many current encryption methods obsolete. As quantum computing technology advances, PQC encryption is necessary to future-proof secure communication and data storage. |
| Broader Cryptographic Functions | PQC algorithms support a broader range of cryptographic functions beyond data encryption, including key exchange, digital signatures, and identity verification, which are crucial for secure communication, blockchain technology, and digital identity management. |
PQC is the new recommended encryption solution
Prevent harvest now, decrypt later cyberattacks with Locktera’s Quantum Safe Encryption. Meet quantum computing challenges with Locktera’s portfolio of products.
Why are companies acting now?
CISA, NSA and NIST Publish New Resource for Migrating to Post-Quantum Cryptography
The agencies urge all organizations, especially those that support critical infrastructure, to begin early planning for migration to post-quantum cryptographic (PQC) standards by developing their own quantum-readiness roadmap.
Secure your enterprise for the quantum era
“Quantum computers are scaling rapidly. Soon, they will be powerful enough to solve previously unsolvable problems. This opportunity comes with a global challenge: quantum computers will be able to break some of the most widely-used security protocols in the world.” ~ IBM
Locktera Access Control Rules
Locktera’s Access Controls provide robust, customizable security for your data. By setting rules for location, IP addresses, and user permissions, Locktera ensures that only authorized individuals can access sensitive files. With advanced encryption and detailed access logs, Locktera offers complete visibility and control over who can view, edit, or share your data, enhancing security at every level.
| Access Control | Description |
|---|---|
| Password Required | Require a viewer to enter a password up to 256 characters to access content files. Locktera does not store passwords. If the user forgets the password, containers cannot be accessed without it. |
| Lockout | Viewers have 5 attempts to successfully enter the correct password and access the container contents. On the 6th attempt, the viewer will be locked out and instructed to contact the sender. The locked container appears as locked on the sender's dashboard. To regain access, the sender must manually unlock the container, and the viewer can reattempt access via correct password entry. |
| Read Only Permission | The container contents can be designated for read-only access. Viewers cannot edit, download, print, or screen capture contents. |
| Download Permission | The viewer can download container contents. Content files downloaded to their local device by the viewer are no longer encrypted. Files that are incompatible with the browser will not render and must be shared, allowing the recipient to download the contents. This allows viewers to download the file to a local drive and access/view them via software located on the local device. Senders are instructed to choose "Allow Download" for files that are not viewable. |
| Authorized Viewers | Designate people authorized to access content files. List authorized viewers by email, organization roles, groups, or allow anyone with the link to access. |
| Time-Limited Access | Specify a date range that authorized viewers must access container files. |
Advanced Access Controls
| Advanced Control Rule | Description |
|---|---|
| Access Control |
Flexible Control: Allows container access rules to be modified. Content files are immutable, and the container password cannot be changed. Authorized viewers, download permission, location, IP address, and number of open rules can be modified. Fixed Control: Container fixed with the original access rules and authorized viewers. These containers cannot be modified. |
| Open Number | Limit access to a specific number. |
| Geographical Location | Locktera allows you to designate specific locations where containers can be accessed and block access from other locations. Multiple locations can be set for both access and restriction, using IP address geolocation to determine device locations. Geolocation is accurate to the city or region level. VPNs use their associated IP address geolocation for these rules. Designate the location where containers must be accessed. |
| IP Address | Locktera allows you to designate specific IP addresses for container access and block others, with the ability to set multiple addresses for both. IP rules can limit access to a company VPN or building Wi-Fi. Locktera uses Classless Inter-Domain Routing (CIDR) for efficient IP allocation. Blocked IP addresses are logged in an Access Denied Report for monitoring. Designate the IP address from which containers can be accessed. |
Key benefits of using Access Control rules for each secure container :
| Benefit | Description |
|---|---|
| Granular Security | Access can be tailored to individual users, locations, or IP addresses, ensuring that only authorized personnel have access to specific containers. |
| Enhanced Data Protection | By limiting who can view or modify data, you reduce the risk of unauthorized access, data breaches, or accidental changes. |
| Compliance Support | Access Control rules help enforce data security policies, making it easier to meet regulatory requirements like GDPR or HIPAA. |
| Audit and Monitoring | Access logs provide visibility into who accessed data and when, supporting security audits and enabling quick response to suspicious activity. |
| Flexibility | Multiple rules can be applied, allowing dynamic management of access across different users, departments, and geographic locations. |
| Reduced Attack Surface | By restricting access based on IP addresses, locations, or VPNs, you minimize potential entry points for attackers. |
Locktera delivers additional security and enhanced performance when data is in transit with TLS 1.3 :
| Feature | Details |
|---|---|
| Faster Handshake and Performance | TLS 1.3 reduces round-trip communications during the handshake process, enabling faster secure connections. The handshake requires only one round trip, reducing latency and improving user experience in high-traffic environments. |
| Stronger Encryption Algorithms | TLS 1.3 eliminates weaker cryptographic algorithms like RC4, SHA-1, and MD5, and mandates stronger ciphers like AES-256-GCM, ChaCha20-Poly1305, and ECDHE. These ensure resistance to cryptographic attacks. |
| Forward Secrecy by Default | TLS 1.3 enforces Forward Secrecy (FS) by default, ensuring that even if long-term keys are compromised, past communications remain secure. This protects sensitive data like encryption keys and confidential files. |
| Simplified Protocol, Reduced Attack Surface | TLS 1.3 removes outdated features like compression and renegotiation, reducing complexity and eliminating vulnerabilities from older versions. This makes Locktera less prone to attacks such as CRIME and BREACH. |
| Resistance to Downgrade Attacks | TLS 1.3 includes protections against downgrade attacks, ensuring connections use the strongest protocol version. This guarantees Locktera operates under the highest security standards during communications. |
| Improved Privacy | TLS 1.3 encrypts more handshake metadata, preventing eavesdroppers from accessing sensitive session information. This ensures confidentiality of session identifiers and encryption parameters. |
| Enhanced Security for Post-Quantum Readiness | TLS 1.3 supports advanced cipher suites and key exchange mechanisms, making it adaptable for quantum-resistant algorithms to secure future communications. |
Secure On-Premise Deployment
Locktera Share offers the flexibility of being deployed as an on-premise solution, providing organizations with full control over their data within their own infrastructure. This ensures that your sensitive information remains entirely within your network, allowing you to leverage Locktera’s powerful encryption, access controls, and compliance features while maintaining complete oversight. On-premise deployment is particularly ideal for industries with strict regulatory requirements, such as healthcare, finance, and government, or for organizations with data sovereignty needs, ensuring that no external cloud environment handles your sensitive data.
Hybrid Flexibility: Secure On-Premise Control and Cloud Scalability
Locktera also supports hybrid deployment models, integrating seamlessly with major cloud platforms like AWS, Azure, and Google Cloud. This hybrid approach allows organizations to keep mission-critical or highly sensitive data on-premise while leveraging the scalability and efficiency of cloud services for other aspects of their operations. With native support for databases like Cosmos DB, MongoDB, and S3-compatible storage solutions, Locktera ensures secure and seamless data management across both on-premise and cloud environments.
This hybrid model provides the best of both worlds: organizations can maintain the security and control of on-premise deployments while benefiting from the flexibility and scale of cloud infrastructure. Locktera’s deployment options are designed to meet diverse business needs, ensuring your data is secure, compliant, and managed efficiently—whether fully on-premise, fully in the cloud, or a customized combination of both.
Locktera Share SaaS
Locktera Share’s SaaS version, hosted on Microsoft Azure, provides a secure and scalable solution for businesses seeking cloud-based document sharing and management. With storage locations in the US, UK, and Europe, Locktera ensures that your data is housed in compliant and geographically appropriate environments, meeting regional data residency requirements. The Azure-powered SaaS platform offers high availability, robust security features, and easy integration with existing enterprise systems, making it a reliable solution for organizations of all sizes.