Enterprises are facing enormous security, data loss and compliance risks with increased mobility of workforce and proliferation of consumer file sharing services together with mobile devices in the enterprise network.
Vaultize is an enterprise-grade platform for secure file sharing, anywhere access, mobile collaboration, endpoint backup and mobility - together with mobile content maanagement (MCM), endpoint encryption, remote wiping and Google Apps backup - that helps enterprises mitigate these risks with complete enterprise control and visibility on the use of unstructured data. It is the only solution that does military-grade (AES 256bit) encryption together with de-duplication at source (patent pending) – making it the most secure and efficient solution in the world. Vaultize comes with highest level of enterprise-grade security, scalability, performance, robustness and reliability.
Vaultize is the first EFSS vendor to fully integrate EMM into a single offering – giving enterprises complete control and visibility over the sensitive corporate data, irrespective of the device used for accessing and sharing – facilitating increased adoption of Bring-Your-Own-Device (BYOD) even in highly regulated and security-conscious verticals. Vaultize now includes Mobile Device Management (MDM) features such as remote wipe, data containerization, storage and network encryption, PIN protection and white-listing of apps for mitigation of security and protection concerns with BYOD. Vaultize goes beyond MDM with features like automatic wiping based on geo-location or IP address or time-out. It further facilitates Mobile Content Management (MCM) through access rights and allows corporate IT to prevent data loss, security and compliance breaches by controlling what users can do with corporate data on their mobile devices using natively built-in document editor.
2. Vaultize – Quick View
Enterprise Platform for Secure File Sharing (EFSS)
and Anywhere Access with:
• Mobile Content Management (MCM)
• Data Protection
• Data Loss Prevention (DLP)
• Mobile Device Management (MDM) feaures
‘Innovation Leadership in Enterprise File Sync and
Share (EFSS)’ – 2013
‘Innovation Leadership in Enterprise Mobility
Security’ - 2014
3. Vaultize, What it is…
Enterprise Platform for Enabling Secure Sharing,
Anywhere Access and Mobile Collaboration
with
End-to-End Data Security
and
Flexible Deployment Options
Enables a variety of solutions:
File Sharing & Sync, Managed Data Mobility,
BYOD, Secure Anywhere Access, Data Loss
Protection, …
VPN not required
Choice of Appliance, On-premise,
Private Cloud or Public Cloud –
All highly scalable and available
4. How Vaultize Differentiates
Why Vaultize? Part I
Large enterprises including those in regulated and security
conscious verticals across the globe trust Vaultize
Unmatched End-to-end Security
• Encryption and de-duplication together at source (on user devices) for on-
transit data, - patent pending technology
• The most secure and efficient solution – VPN-free
• Others either perform encryption at or de-duplication on user device (and not
both) – compromising either security or efficiency
Privacy and Compliance
• Corporate IT can own and manage keys - Data Privacy Option (DPO)
o Regulatory compliance (data residency or data sovereignty)
o Data in-transit and while stored in the cloud/server is risk-free (Complete privacy)
o No risk of the vendor giving out your data to authorities without your consent
(Subpoena)
5. How Vaultize Differentiates
Why Vaultize? Part II
Enterprise Platform
• Architected from the ground up as an enterprise platform
• Complete end-to-end regulator-level enhanced security and privacy
• Competitors are built as point products
Complete Administrative Control and Visibility
• Devices can be fenced off, features disabled, or contents securely wiped
out, if the users go beyond a pre-defined geography or IP range
• MCM controls - copy/paste, printing and emailing
6. How Vaultize Differentiates
Why Vaultize? Part III
Efficiency – Optimized for Mobility
• VPN-free
o builds a secure channel using patent-pending at-source encryption technology,
SSL and OAuth-based authorization
• Global content-aware de-duplication
o as high as 90% reduction in network bandwidth
Flexible Deployment Options
• Cloud-in-a-Box - Appliance
• Private Cloud – Software Only
o Perpetual License
o Annual Subscription
• Public Cloud - SaaS
7. Vaultize Architectural Components
• This presentation covers Vaultize Public Cloud hosted on
Amazon Web Services
• Private cloud deployments follow a similar architecture
• Vaultize Cloud
• Load Balancers
• API (REST) Servers
• Meta-data (Database) Servers
• Content Store (Amazon S3)
• WebUI Servers
• Client Components
• Vaultize Agent (Windows, Mac, Linux)
• Vaultize Apps (iOS, Android)
• Centralized Web-based Administration
• Web GUI
9. Vaultize Load Balancers
• Ensures high availability & responsiveness of servers
• Routes traffic to API and WebUI servers (separate LBs)
• Weighted least connections algorithm
• Health check of servers
• HTTPS monitoring
• Application-level monitoring
10. Vaultize API Servers (1)
Vaultize API servers expose a JSON-based REST-ful API
Stateless servers – load balancing is easy
Clients make secure API calls to server
Using HTTPS – 256-bit SSL
Each API call has to be authorized using Oauth
Unauthorized calls rejected, but recorded
Repeated unauthorized calls result in investigation and/or ban
Server platform
Typically virtual machine based
Multiple NICs
Stateless, so storage could be normal disks
Firewalled to allow only API traffic
Customized and hardened CentOS 6.x
Continuously auto-monitored (see next slide)
11. Vaultize API Servers (2)
Web server is nginx
Lightweight, high-performance and robust
Application server is in web.py framework
Interaction with nginx using WSGI
Some modules are in pure C for performance reasons
Monitoring & Statistics
Internal - using monit, cron scripts etc.
External - using health monitor in Load Balancers and other
servers
Third-party - using partner services
Also used for automatic load handling (see below)
Dynamic load handling and provisioning
Additional servers provisioned when load increases
Bad servers restarted
Amazon Cloudwatch in AWS
12. Vaultize Database Servers
Vaultize meta-data is stored in MongoDB
Scalable & high performance “document” database
Built-in replication and high availability
Auto-sharding for load balancing
Cluster of database servers
Servers added as database grows
Each server in a 3-way replica set
Periodically backed up
13. Vaultize Content Store
Data chunks are stored in Amazon S3 in public cloud
Additional encryption using Vaultize secret keys before storing
High-performance online storage (increase on-demand)
Redundant (minimum 3-way) storage
At-least 3 different devices across multiple zones
Support for Azure Block Storage, Rackspace CloudFiles
and file systems too
14. Vaultize Cloud Web UI
Web-based UI servers
o Powerful administration interface
o Simple end-user UI for accessing and sharing their data
System & hardware configuration similar to API servers
Pages are standards-compliant
Generated using Mako Templating Engine
HTML,CSS and JavaScript (jQuery)
Tested/debugged using Firebug, Google Page Speed, etc.
Some pages use AJAX
E.g. Files Browser, validations
Data exchanges in JSON (and not XML)
15. Vaultize Client Components
Vaultize Agent
Talks to API Servers over HTTPS and Oauth
Maintains access rights and restrictions
Keeps device in sync for configuration, policies etc.
Performs encryption, smart de-duplication, versioning and
compression
256-bit AES encryption at source (on client device itself) using unique
customer keys
Chunking is variable-sized using sliding window technique
Signatures are HMAC (SHA-256) keyed using unique customer tokens
Compression using zlib
Predictive Caching (for instant restore of important data)
Monitors changes to data under sync, collaboration, sharing
Book keeping done using SQLite
Platform Independent
Written in Python and pure C
Windows, Mac and Linux
16. Vaultize Compatibility
Works on laptops, desktops and servers
Supported on Windows (XP SP2 onwards), Mac and Linux
iOS and Android Apps
18. Vaultize Solutions
Secure Enterprise File Sharing & Sync (EFSS)
Sharing using secure links
• Easy sharing with outside party
• No FTP sites or email attachments
• Passwords, auto expiry, notifications
• Online document viewer – control download/printing etc.
• Geo, IP and time based access control
Outlook Plug-in
• Replace attachments with secure link
• Policy-based – size of attachments, recipients, sender, etc.
• Monitoring, Revoking
Group sharing – with individual access rights
Sync data anywhere, selectively
Automatic versioning
19. Vaultize Solutions
VPN-free Secure Anywhere Access
(File Server Access)
• Securely access File Servers and NAS from anywhere
• Access with CIFS semantics
• Pass-through Mode – secure relaying of files
• Access control on server
• Geo, IP, time based
• No VPN required!
• Support for SharePoint and other repositories coming soon
20. Vaultize Solutions
Mobile Content Management (MCM)
Challenges with Mobile Device Management (MDM)
• Complex
• Costly
• Heavy handed – controls device (privacy intrusion)
Vaultize Secures Corporate Contents through Mobile Content
Management (MCM)
• Control copy-paste, print, email, sharing with other apps, etc.
• Built-in document editor – MS office and PDF annotation
Mobile Data Containerization
• Corporate data in secure container
• Segregate corporate data from personal data
• Encryption and remote wiping of container
• Auto-wiping based on Geo, IP, time-expiry
21. Vaultize Solutions
Data Protection (Endpoint Backup)
Protection policies to automatically backup files and folders
Group-based policies
• Powerful Exclude and Include filters
Efficient backup of endpoints over WAN without VPN
• Smart De-duplication saves up to 90% bandwidth
Continuous or Scheduled backup with pause and resume
Web and Mobile access
Self-restore
• a version, a folder or a point in time copy and move all data from an old
device to a new device
Support for open files (including Outlook PST)
• Optimized backup of large size PST
22. Vaultize Solutions
Google Apps
Backup Google Apps Accounts – Emails and Documents
• Secure Google Apps data (emails/documents) from malicious
destruction, hacking, user/software errors
• Automatic Backup
• Backup once-a-day (default) or as scheduled
• Retention Policy
• Super saving (de-dup across endpoints + Google Apps)
Easy Download
• Download/restore a mail, document or a complete account
Migration
• Migrate accounts within a domain or across domains
23. Vaultize Solutions
Data Loss Prevention (DLP)
Endpoint Encryption
• Policy-based on files and folders on user devices
• Transparent to users
• Selective - more efficient than full disk encryption which is
• Leverages time-proven technology of
Windows Encrypting File System (EFS)
Tracking
• Geo tracking - IP addresses and geo-locations
Wiping
• Secure remote wiping of data in case of device loss or user leaving the
organization
• Policy-based automatic wiping if device leaves a pre-defined geography or IP
range (Geo fencing)
• Military-grade techniques
• Selective wiping of files and folders based on patterns and types
Selective encryption and wiping make it very easy to do BYOD
through data containerization
24. Vaultize Solutions
Data Privacy Option (DPO)
Compliance of Data Privacy, Data Residency
and Data Protection Regulations
No Need of Any Special Hardware On-Premise
(like Gateway Appliances)
Enterprise Customer Retains the Full Control Over Encryption
Keys
• Keys are never stored on any infrastructure not under enterprise control
• Data is secured while in motion and at rest in the cloud
• Ability to access data remains solely with the customer
Vaultize is the only solution that provides this option
• Other solutions encrypt data at server
25. Enterprise-class Administration
Administrative Controls
• Manage company-wide policies, settings and data
• User provisioning – Active Directory, LDAP or Google Apps
based
• Push policies from a centralized place
• Authentication and SSO using AD and LDAP
• Privacy
Quick and Easy Deployment Across Organization
• Active Directory GPO based push installation
• AD and LDAP authentication support
Reporting and Dashboard
Monitoring, Audit Trail and Alerts
26. Flexible Deployment Options
Cloud-in-a-box Appliance
• Fully integrated hardware + software – “plug and play”
• Support for HA and DR
• Licensed by number of users and storage capacity
On premise / Private Cloud
• Vaultize software on customer’s hardware or private cloud
• Single or Multi-server
• HA, DR and large scale cloud
• Flexibility to choose storage (DAS, SAN, NAS, Cloud Storage)
• Option of Perpetual license or Annual subscription
• Licensing based on number of users
Vaultize as a Hosted Service / Public Cloud
• Fully hosted - No hardware or software to manage
• Highly available, highly scalable and disaster proof
• Subscription based on users and storage capacity
27. How Vaultize Works in a Corporate Network
Agent-based
Agent-less
• File Sharing & Sync
• Group sharing
• Sharing using links
• Auto Expiry
• Passwords
• Mobility & Mobile Content Mgmt
• Anywhere Access
• File Servers & NAS
• Access Control
• Geo, IP & time
• File/folder patterns
• BYOD
• Data Loss Protection
• Backup, Encryption
• Remote Wiping
• Centralized Admin Console
• Reporting
• Monitoring
• Alerts
Mobiles
Intranet or
Internet
Versioning Encryption Dedupe MCM
NAS Roaming Devices
End-to-End Security
(VPN not required)
Encryption
At Source
Decryption
At Destination
Firewall+VPN