Does Cy4Secure meet the requirements of GDPR and other data privacy regulations?
Yes. Cy4Secure is specifically designed to encrypt all PII and PHI data types, thereby, ensuring that personal information is not divulged to hackers or unauthorized employees of the company and can be forgotten by deleting the corresponding cryptographic key.
How much management or maintenance does Cy4Secure require?
Analogous to managing access control lists, IT can control data access for new or departing employees or between business with other companies. Deleting an account, rights to access cryptography keys or the keys themselves removes all ability to decrypt any or specific protected data. All key service maintenance and publicly available browser plugin updates are performed by Bonafeyed directly.
How do you pronounce Cy4Secure?
[ sahy-fer si-kyoor ] or Cipher-Secure.
If the Bonayfeyed SaaS is terminated can encrypted data still be accessed?
If you want to end the Cy4Secure service, you should retrieve and decrypt any protected information that you want to keep and use. Once your service agreement ends, an account is deleted, or the associated data security keys are retired, it is no longer possible to decrypt protected data.
Does Bonafeyed ever see a customer’s data?
Never. Cy4Secure’s architecture separates data and control paths such that protected data and crypto operations run completely on your device, machine, or server. Your data is never sent to nor accessible by Bonafeyed. With Cy4Secure, your data is always secured.
Does Bonafeyed know who has access to protected data or which key works on a specific data element?
No. All information regarding you and others is protected using a one-way hash function similar to block chaining. It is not possible for Bonafeyed, or anyone else, to discover your names or the names of others you share data with.
Can existing databases or production databases be protected?
Yes. Bonafeyed provides tools to preprocess database entries in place and simultaneously encrypt data requests on demand while the preprocessing completes.
What if an employee leaves the company or authorized person is terminated?
Data security access for the ex-employees can be immediately terminated so that any files or data that is protected by Cy4Secure is unusable.
What if I want to revoke access to information/data already queried from a database such as a report?
Simply remove user(s) from the group associated with the protected databases' cryptographic keys.
Is this an all or nothing deployment decision?
No. Cy4Secure can be deployed or used by a single group, any combination of database fields or columns can be protected or left in the clear. With the use of Data Security Gateway, IT can start immediately on any application and later deploy natively supported applications or web applications.
Can Cy4Secure protect more than a database?
Yes. Cy4Secure can be applied to cloud applications backed by a database.
What does “transparent protection” mean?
User workflows do not require additional steps or time to protect data.
Will Cy4Secure work on mobile devices such as tablets and smartphones?
Yes. Bonafeyed works on any database backed application or web application running on a standard browser on a Cy4Secure aware application.
What happens if a cybercriminal breaches our system and takes the encrypted data?
In the event of a data breach, the hackers will gain access to heavily encrypted data that is useless to them. Cy4Secure can protect data on any granularity with each encryption utilizing a different key. For example, a database with 1 million records, 100 columns including 10 PII/PHI fields requires over 10 million different 800-bit encryption keys making the task of decrypting 10 million times more difficult.
Does Cy4Secure work with other security technologies such as firewalls, network inspection boxes, SSL or data loss protection schemes?
Yes. Cy4Secure is 100% compatible and interoperable with today’s security technologies.
Does Cy4Secure prevent data breaches?
Effectively, Yes. Hackers may still take your data, using Cy4Secure ensures that in the event of a data breach, the protected data is useless and cannot by exploited by cybercriminals, employees, or bad actors.
Does Cy4Secure work with 3rd Party SaaS platforms such as Saleforce.com, ServiceNow or WorkPlace?
Yes. Because SaaS applications are typically databases running in the cloud, Cy4Secures encrypts data sent to or “shared” with the cloud application. In other words, the SaaS operates on encrypt data that can be stored or searched without any changes.
Can more than one person or company be required to allow access to protected data?
Yes. Cy4Secure supports diversified keys or access controls.
Can you protect images stored in a database field as well as data?
Yes. Cy4Secure uses a patented approach to protect all types of data ensuring the data remains interoperable for applications looking for valid image types.
How does the Cy4Secure solution compare to homomorphic technologies?
Cy4Secure does “not” require dedicated computing resources to operate and does not affect the performance of a database application. Cy4Secure works with any database or database driven application without modification, drivers, agents, or modules. Other than allowing basic arithmetic functions on encrypted numerical fields, homomorphic technologies have no benefit over Cy4Secure’s interoperability, compatibility, speed, and flexibility.
Does Cy4Secure permit normal database queries on protected data including arithmetic operations on numerical values?
Yes, Cy4Secure encrypted database fields (in columns or rows) including numbers are fully searchable. Protected arithmetic operations can either be performed within authenticated search platforms such as Lucene, Solr and Elastic or reports can be post processed by an authenticated client.
What happens if an endpoint device is stolen or compromised?
Protected data always remains encrypted on endpoint devices. Access to the protected data can be revoked such that when an endpoint device is compromised, the data is not accessible.
Is backup or archived data still protected?
Absolutely. Once data is encrypted it remains encrypted wherever it is stored, on centralized storage, the cloud, or an endpoint device. The encrypted data can reside on any system and remains fully protected even when moved to backup archival systems. If access to this data is removed, the data remains protected and unusable even after being restored.
Why is SSL data-in-transit not enough to protect data?
SSL is mainly designed to protect data during transport and from eavesdroppers when connected using wireless connections. Once the data arrives at its destination, the data resides on the endpoint device in the clear available for anybody to see.
Is Cy4Secure as hard to use as rights management or public/private key solutions?
No. Classic DRM or IRM solutions first require a publication step to protect data. Cy4Secure’s approach is to operate transparently and does not require “extra steps” or disruption to your workflows to protect data or the need for separate exchange of public keys or passwords to share encrypted data.
What happens if Bonafeyed’s Cy4Secure Arbiter is breached?
Nothing. The perpetrators only obtain a collection of keys that has no perceivable connection to the data its protecting. They would be faced with trying to figure out from trillions of keys what and where the data it is related to. This is because Bonafeyed does not know the location of any data nor do we ever touch or store the data, so the customer is not at risk. In addition, Bonafeyed CSA system is protected using an advanced air-gap technology to prevent online breaches.
We are currently using data-at-rest encryption and DLP – why switch or consider your solution?
You don’t need to switch. As a matter of fact, we recommend continued use of existing security technologies. Bonafeyed complements current security solutions by protecting data within a database, all data field types at any level of granularity allowing database relational queries to occur on encrypted data making Bonafeyed the only solution to handle “data-in-use" protection.
We already use TDE (Transparent Data Encryption) on our database management system, is this not enough?
TDE is only for data-at-rest and intended to protect data when the storage devices are physically stolen. It does not protect against unauthorized queries to the database giving a false sense of protection. A simple query will always result in providing data in the clear. This is not about only protecting data in-flight and data-at-rest.