Defense in Depth: Protecting the Organization’s Data

Marty Meehan

Editor’s note: in this post, Cognitio’s Marty Meehan provides context on an economical, scalable and highly secure defense in depth solution leveraging PKWARE’s Smartcrypt and QuintessenceLabs. – bg

The stakes get higher every day. External security threats grow more sophisticated and unpredictable. Internal controls become more complicated and challenging to implement. When data breaches do occur, the information exposure, financial impact and PR damage can take years to repair. Security managers around the globe are facing the unavoidable truth that network and device protection are not enough. True information security requires persistent data-level protection, so that information remains inaccessible even after a security breach. Until now, organizations have had to choose between two approaches when implementing data-level protection: passphrases or public-key infrastructure (PKI). Each has significant drawbacks. Passphrases, the more common approach, are difficult to create, store, and exchange in a way that maintains the security of the protected data. PKI, provides stronger protection, but presents serious challenges in usability and key management. The shift toward mobile technology and cloud-based services has slowed PKI’s already low rate of adoption.

PKWARE’s Smartcrypt is a revolution in enterprise data centric security management enabling companies to maintain complete control over their protected data. The Smartcrypt solution combines the strength and reliability of PKI-based encryption with the ease and simplicity of passphrase-based security utilizing quantum key generation technology. Smartcrypt targets protecting the core of an organization’s asset: its data. The Smartcrypt Platform consists of an end-user application and a web-based manager console. It also includes a Software Development Kit (SDK) that is available in every major programming language. The robust security solution offers both data and field level protection that can be added right into workflows, repeatable processes and applications with minimal effort, and also used independently, as needed.

Persistent Protection and Remarkable Ease of Use

Featuring a variety of platform-specific user interfaces, the application supports a wide variety of encryption systems, key types, and key interfaces. Smartcrypt also features Smartkeys, an embedded key management solution that simplifies and automates the most challenging aspects of key management.

Once data is encrypted with the Smartcrypt application, the protection stays with the data everywhere it is used, shared, or stored. The application automatically creates, synchronizes, and exchanges encryption keys, ensuring that only authorized parties can access protected data.

The Smartcrypt Manager: Enterprise Control and Visibility

The Smartcrypt Manager console provides centralized key and policy management. The web-based administration console includes granular controls for configuration, policy, and approval management. Smartcrypt’s Data Security Intelligence feature provides complete visibility into which files are encrypted, which users have accessed them, and where the events took place.

When auditors, IT personnel, or DLP scanners need to review encrypted data, Smartcrypt’s policy keys provide reliable access. The solution can be configured so that every encryption operation contains one or more public keys, ensuring that the organization never loses access to its own data. Customers can elect to use Smartkeys or their own third-party generated keys (in X.509 or PGP format).

The Smartcrypt Application: Enterprise-Wide Data Protection

The Smartcrypt application operates on all major Enterprise IT platforms from mainframe to mobile and simplifies data protection for the organization in a way that no one thought possible. Strong data-level encryption, embedded key management and PKWARE’s industry-leading compression technology are combined into a single seamless solution out of the box.

The Smartcrypt application includes Smartkey technology to ease key creation and management. Smartcrypt also integrates seamlessly with existing PGP and X.509 public key security infrastructures.

All key creation, synchronization, and exchange operations take place in the background, making it easy to securely store and exchange data with partners and customers.

Policy controls can easily be created using the Smartcrypt Manager to enforce usage, standards and best practices across the enterprise or at the department or group level. Smartkeys: Key Management Made Easy At the core of the Smartcrypt application and management console is PKWARE’s revolutionary Smartkey technology. With Smartkeys, businesses gain across-the-board control of who can decrypt files and read data. Smartcrypt employs Quintessence Labs’ Quantum True Random Number generation technology to generate Smartkeys that give users the ability to quickly and easily protect sensitive data.

A Smartkey is generated and utilized by the Smartcrypt application for a specific file, folder, or other protected asset. With Smartkeys, user access to protected files and folders can be added or revoked at any time—even if the files have been shared, copied, renamed, transferred, or emailed—ensuring full lifecycle protection.

Smartkeys are automatically generated, shared, and synchronized between authenticated devices without changing or interrupting user workflows.

Smartcrypt also allows users to encrypt data for external parties such as vendors or partners. A cloud-based key server stores and distributes keys based on the organization’s security policies, even for external users who are granted access after the encryption takes place.

In addition to the encryption applied to the protected data, each Smartkey itself is encrypted and exchanged according to a policy-driven access list. This innovative approach allows security managers to respond quickly when a user loses a protected device, or when access needs to be revoked from an individual or group. By simply changing the encryption on the Smartkey, administrators can block unwanted access without the need to re-encrypt large amounts of data.

How Smartcrypt Benefits Your Organization:

Securely Exchange Data

Smartcrypt applies persistent encryption to files before they are exchanged with outside partners and customers. This enables an organization to retain control over information regardless of how many times that information is copied, backed up or forwarded. This approach also allows users to exchange sensitive information through cloud services or protocols like email and FTP that provide little security on their own.

Exceed Compliance Requirements

Compliance standards in government, healthcare, and financial sectors mandate the protection of data at rest and in motion. Smartcrypt facilitates mandated separation of duties, protection from insider threats, and integration with DLP processes. The Data Security Intelligence capabilities included provide visibility into what sensitive information is being protected and by who, and where it is transmitted and/or accessed.

Protect Cross Platform

From mainframe to mobile phone, Smartcrypt provides complete cross-platform encryption. With integrations for common applications like Office and Outlook, Smartcrypt can be used to protect information stored on end-user devices, network shares, and even file sharing services. Smartcrypt is also easily integrated into back-office and batch processing workflows.

Enhance DLP

Organizations need flexible data security solutions that work with data loss prevention technology and processes. Smartcrypt can be integrated with existing DLP strategies to enable sensitive information discovery and encrypted remediation.

The Smartcrypt Platform Highlights:

Enterprise Cross Platform

  • An end-to-end encryption application available for every enterprise operation system

Embedded Key Management (Smartkeys)

  • Automatic public/private key generation, synchronization and exchange
  • Quantum true random number generation (Quintessence Labs)
  • Exchange and manage keys with external collaborators
  • Retain control over data after it has left the organization
  • Access to data can change without re-encryption
  • Delivery of keys to enterprise IT, Audit and DLP people and technology

Advanced Platform Control

  • Provides visibility, policy, control, discovery using the Web interface to the Manager console
  • Easily revoked or automatically expired access control to protected files

High Performance

  • Takes advantage of IBM and Intel hardware encryption accelerators
  •  Data compressed up to 95% before encryption, resulting in significant storage/transit savings

Existing PKI

  • Support for OpenPGP encryption and key formats
  • Support for X.509 certificate based encryption
  • Support for passphrase based encryption

Key Storage and Retrieval

  • Software: PKCS#11, LDAP, CAPI/CNG, Keychain, Keystore, ICSF- CKDS, PKDS, KMIP, Security Server, RACF, ACF2, Top Secret
  • Smartcards including PIV / CAC
  • Hardware: KMIP HSM


  • Encryption: 3DES, AES128, AES192, AES256, CAST5 IDEA, AE-x
  • Signing: SHA-1, SHA-256, HA-384, SHA-512
  • Strict checking and check revocation status (optional)


For three decades, PKWARE has provided encryption and compression software to more than 30,000 enterprise customers, including 200 government entities. Inventor of the .ZIP file format, PKWARE’s smart encryption security solutions armor the data itself and eliminate vulnerabilities wherever data is used, shared, and stored. PKWARE’s security solutions include robust key management capabilities that support key stores, and their inherent encryption keys, typically found on enterprise-wide IT platforms. These key stores may house symmetric or asymmetric keys used for securing sensitive data. Additionally, PKWARE’s most recent product offering, Smartcrypt, employs Smartkey technology that reduces complexities associated with key generation and key usage for Smartcrypt users. PKWARE’s partnership with QuintessenceLabs extends Smartcrypt key management support and key generation capabilities using their Trusted Security Foundation and true random number generation technology.

About Quintessence Labs:

QuintessenceLabs is a global leader in quantum cybersecurity. At the forefront of the commercial development of quantum security solutions, thet deliver unique solutions integrating high-value cybersecurity with advances in quantum technology. These include the world’s fastest true random number generator; advanced key and policy manager and integrated encryption solutions for on premise or in-cloud implementations.