Public key infrastructure
We have built a public key infrastructure that sits next to our document management system in order to protect our client documents. The public key is used to encrypt the data. The private key is used to decrypt it. Each user is issued with a separate key pair which controls access to the entire tree of files and folders belonging to that user.
Encryption key storage
It truly matters where you keep your encryption keys.
If they are stored on the main server with your data, anyone with access to the server can theoretically find those keys and decrypt your data. We do everything possible to protect access to our servers, just like everyone else and have internal policies in place that prohibit our staff to access client data.
But what if something goes wrong? What if we are hacked and your data is stolen? It happened already to some of the biggest companies in the world including Yahoo, Target and many many others. One could argue that part of the reason why these companies were targeted is because of the way they managed client encryption keys. Getting access to their servers what most of the battle won.
We do not want to appear as a honey pot for client data. That is why we offer an encryption key management service that makes us look unattractive to potential hackers.
Encryption key management service
Here is how it works. There are four ways to manage your encryption keys:
- MyDocSafe manages the keys on the main server (this is currently the default option)
- MyDocSafe manages the keys and keeps them completely separate from the main server
- MyDocSafe issues the keys to an escrow agent who manages the keys on hour behalf.
- MyDocSafe issues the keys to you.
The first option gives you the most convenience. You do not need to worry about forgetting your password because you can automatically reset it. There are no additional costs involved.
The second and third options add a lever of inconvenience. If you forget the password you need to ask us or your escrow agent to release the keys to you so that you can reset the password. Each transaction of releasing / depositing the keys will involve a cost.
The forth option is most secure and requires you to take full responsibility for your keys. You can reset your password yourself as long as you have the keys. However, if you lose your keys, we will not be able to help – your data will remain encrypted until you somehow remember the lost or forgotten password. Here, the transaction of issuing the keys involves a cost but there are no other costs involved.
We strongly believe that keeping keys separate from the data and making that information public makes that data a little less attractive to hack. That is why we strongly encourage our users to consider option 2, 3, 4 above.
There are a number of publicly available resources on encryption and especially on public key cryptography. We recommend this Wikipedia entry that describes the fascinating and elegant properties of large prime numbers and have a helping hand to what currently is a standard way of transmitting secrets over a public communication network.
This entry, also from Wikipedia, tells you more about encryption key management and its importance to modern business.