Transfer General
SHARE SENSITIVE DATA SECURELY | USE PUBLIC CLOUD STORAGE | CRYPTOGRAPHICALLY CONTROL ACCESS | MITIGATE EXPOSURE RISK
Encrypt First – Share Later
Transfer General (TG) allows data owners to distribute highly sensitive data securely while lowering their distribution costs. The TG enables organizations to make use of public storage to distribute data without fear of disclosure. The TG uses cryptography to empower data owners to remain in control of their data even after it has been distributed.
See How It Works
Transfer General is disrupting the confidential data market by enabling companies to share encrypted data.
Mitigate risk by encrypting data before sharing.
Transfer General is disrupting the confidential data sharing market by enabling companies to share encrypted data sets. The data owner can heave a sigh of relief knowing that the data that is being shared is safe because it’s encrypted on-premises and can only be decrypted on an authorized device by an authorized user at the other end. The Transfer General has two components – Transfer General Main(TGM) and Transfer General Remote(TGR).
TGM – TGR – Storage Bucket
TGM – A hardened virtual appliance deployed next to the source of the data-to-be -shared/distributed. The data is ingested into the TGM and the TGM encrypts it as soon as it receives it. Only you have access to the data encryption key. One TGM can support multiple partners. The TGM is generally deployed within a data center.
TGR – A hardened virtual appliance deployed within the partner’s network in the DMZ. The TGR decrypts the shared data and grants access to authorized users. The TGR can not operate independently. It must be paired with a TGM and it can only be paired with only one TGM. The TGM administrator controls all paired TGR devices and is able to cryptographically deny access to the data that is stored within a TGR even without direct access to it.
Storage bucket- The storage bucket is used to share data with multiple partners. The main benefit of using a cloud storage bucket is to be able to distribute large data sets and to lower the distribution cost. It is virtually impossible to make use of limited bandwidth that is generally available within a corporate network to share large data sets with multiple parties. The public cloud provides an excellent solution to this problem as long as you can adequately lower the data disclosure risk. We help you do just that – your data is encrypted before it is uploaded into a cloud storage bucket and it is never decrypted in the cloud thereby mitigating the possibility of a compromise due to cloud IAM misconfiguration or an insider attack.
The Transfer General is an ideal solution for sharing highly sensitive data with multiple partners located in geographically dispersed locations. It is a particularly suitable solution for regulated industries that share data with their partners and can be held liable for a data breach due to inadequate security measures put in place by their partner.
Share Highly Sensitive/
Regulated Data With Your Partners
Mitigate Partner Risk
The Transfer General encrypts data before it is shared with a partner. Once the data is shared with a partner it remains encrypted since it is stored in a device (TGR) that you provide to your partner as part of the initial setup. This hardened device sitting within the partner’s DMZ keeps the data safe and allows access only to authorized users.
Maintain Control Over Shared Data
Just because the data has been shared does not mean that you lose control over it. The TGM administrator can cryptographically deny access to the data that is stored within a TGR with or without gaining access to the device. Also, the TGR is designed to provide access on a need-to-know basis.
Conserve Compute Resources
Large data sets consume lots of computing power and/or bandwidth to share with multiple users. However, the Transfer General moves the encrypted data into a storage bucket so it can be shared with multiple partners without impacting your own corporate computing resources. It is worth noting that only encrypted data is stored in the storage bucket eliminating any possibility of disclosure due to cloud storage misconfiguration or due to an internal attack by a rogue storage administrator.
Archive Highly Regulated / Sensitive Data Using Cloud Storage And Maintain Confidentiality of Your Data
The Transfer General enables you to archive your regulated/sensitive data in private and public clouds so that you can cut down on your storage cost without exposing yourself to risks stemming from a data breach or non-compliance.
Since the data is encrypted before it leaves your network you know it’s safe to store it in a cloud platform. You can retrieve the encrypted data at any point and then decrypt it within the safety of your own network.
Store Regulated Data Securely
With data-at-rest encryption done on-premises, the Transfer General makes it easy for enterprises to store their regulated/sensitive data in a cloud storage bucket while preserving the sanctity of their data and ensuring compliance to avoid costly penalties.
Retrieve Data Anytime
Retrieve encrypted data from the storage bucket and decrypt it within secure confines of your own network at any time. This way you can maintain the integrity and confidentiality of your regulated data.
Lower Your TCO
Take advantage of cloud economics by leveraging low-cost long-term storage without exposing yourself to any liability due to non-compliance or a successful data breach.
Technical Features
TG encrypts data on-premises
TG encrypts files, object names, and meta-data on-premises before data is transferred into a cloud storage bucket or shared with a partner. The encrypted data can only be decrypted on an authorized device by an authorized user.
TG extends the data owner’s control
TG extends the data owner’s control over the shared data by allowing the data owner to cryptographically disable partner’s access to the shared data at any time.
TG provides a comprehensive audit trail
TG provides a comprehensive audit trail. Data security operations are logged at four different locations to achieve immutability.
+Benefits
- TG eliminates the need to set up a virtual private network for sharing highly sensitive data.
- TG allows the data owner to ensure the safety of the data even when it is shared with a partner.
- TG protects data when stored in a cloud bucket against a service account compromise and incorrect IAM permissions.
- TG lowers operational costs by allowing companies to archive sensitive data in a cloud storage bucket.
- TG is easy to deploy and manage.
- Robust audit reports help customers to comply with privacy regulations such as HIPAA, GDPR, and PCI DSS.
- TG lowers your corporate liability exposure and/or risk of non-compliance.
Enterprise-grade Data Security and Compliance
The HIPAA Act requires covered entities to provide public notification upon discovery of a breach of unsecured ePHI (Electronic Patient Health Information) involving more than 500 records. However, ePHI that is secured via encryption does not trigger the breach notification requirement. SG-TDE-AnyCloud can help covered entities to gain protection under the Safe Harbor provision of the HITECH Act by helping them transparently encrypt their ePHI stored in a database or a file server, hosted on any cloud platform.
Businesses rely on SG-TDE-AnyCloud to meet PCI DSS mandates 3, 7 and 10. Our customers include tier-1 merchants as well as small businesses. We have gained experience over the years and designed our solution in a manner that makes it easy for you to comply with the PCI DSS mandates.
SB 1386 was signed into law on September 25, 2002 and became effective on July 1, 2003. AB 1950 was signed into law on September 29, 2004 and became effective on January 1, 2005. SB 1386 states that businesses, which conduct business in California, and keep personal information about individuals, must put measures in place to monitor such information – and upon discovery of any breach or any suspected breach, must report the event to all individuals that may have been affected. AB 1950 extends the intent of SB 1386 beyond notification, and mandates that these organizations must take adequate steps to safeguard personal information about individuals. SG-TDE-AnyCloud can help you comply with California’s SB1386 by transparently encrypting data and controlling access.
