New way of securing messages in transit
A new data exchange system that will secure information wherever it is sent as an email attachment, by file transfer or on a CD, DVD or USB stick, could finally put an end to breaches after data is forwarded in error, stolen or lost in the post.
Launched today by Egress Software Technologies, Switch uses encryption and a web-based policy engine to enforce security rules on files before and after they are shared. “Switch uses strong AES 256-bit encryption and builds a secure package around files to be shared,” Bob Egner, President of US Operations told us. “It assigns an identity to each package and applies real-time controls on what a recipient can do with a file that is shared with them.”
“We believe it is a very important aspect of security that is under-served. We have done a lot of research in the market and found that although there are plenty of different secure messaging offerings, they each only address a piece of the puzzle.”
He said the company had considered the various merits of file and full disk encryption, PKI and EDI, data leakage and enterprise rights management software, before decided on a strategy for Switch.
“With Switch we wanted to develop a system that would enforce the same strong security policies as are used internally, to the business of sharing sensitive data with people outside the perimeter” Egner said.
He explained that the system does not interfere with business processes in any way, so a file can go out by a courier on a disc, or sent across an FTP network. Either way, it is secured by Switch’s ‘follow-the-data protection’.
“We are in no way involved in the actual transport of the data to be shared, the system is agnostic in that respect” Egner claimed.
Recipient assignments sit in the Switch policy engine in the cloud. Any time someone tries to access a secure package, their identity is checked in this engine to allow or decline their access.
In doing so the system brings an audit trail to all file sharing activity, before and after transmission. It also allows a user to “pull information back” if it needs to be recalled, the company claimed. The data owner can revoke access and permissions after a file has been sent. Egress Switch also offers a complete view of when the information recipient has opened or used the shared information, as well as if any unauthorised access attempts have been made.
Neil Larkins, COO and co-founder of the company said that RBS and CSC had tested the system. RBS thinks Switch has the potential to eliminate some CD/DVD authoring tools currently used by the bank’s product marketing department, and in other areas it will provide extra security when sending information to HMRC tax authorities.
Larkins said that a development road map had been agreed for the product. “Come June we will have finalised some Explorer and Outlook plug-ins, and completed the development of some additional endpoint enforcement features. These will let data owners control whether a recipient can edit, copy, print or save a shared file. We are also working on some data exchange mechanism customisation features for the end of the year.”
Available immediately, Egress Switch currently supports Microsoft Windows Vista and XP. Pricing for individual users starts with a pay-as-you-go model or a monthly subscription at $9.49 per month, while annual subscriptions for businesses begin at $34 per year for each seat.
London and Chicago-based Egress claims to be self-funded, having developed its $2.4 million security reseller business in 2007, before launching into software development.