A security domain is generally a collection of computers, servers, and users that are trusted to exchange data and are protected by network security filters, inspectors, and firewalls. However, when data leaves one security domain and enters another, the new domain, is by default, not trusted and the data must be decrypted prior to transfer, thereby losing protection. Modern network architectures make use of transport protocols such as SSL (Secure Sockets Layer), TLS (Transport Layer Security), and VPN (Virtual Private Network) to stretch the boundary of the security domain and temporarily encompass visiting machines to safely exchange data. Unfortunately, once the data leaves one security domain (source) to another (intermediate or destination), the sender now has to trust the recipient and its environment to keep the data safe.

Cy4Secure introduces “data element security domain” where once data is encrypted, it remains secure and access can be controlled by the owner no matter where the data resides. Once this protected data is passed to intermediate applications/machines such as a web application server or a cloud compute instance, the data remains encrypted and unusable in the event of a breach. Upon arrival at the destination endpoint, the data remains encrypted until the recipient is authenticated by Cy4Secure as someone authorized by the data owner or application to access the data.

READ MORE: Maintain control and security of supply chain ERP data even after it leaves the database.

In the event data is stolen or intercepted, the Cy4Secure protected data remains secure. For example, when backing up a recipient’s machine, moving backups to an archive or cold tier, or forwarding the protected data to a co-worker or in the event a mobile device is stolen along with the protected data. In all cases, when Cy4Secure protected data is lost, stolen, abandoned, or forgotten, it remains secure and becomes permanently inaccessible once access is removed or retired, ensuring cybercriminals or non-authorized users only obtain unintelligible data.