Keys? We don't need no keys. How to share and encrypt without sharing the key.


So many keys, so little time


One of the big issues and barriers with encryption is key management – You need a strong, random, hard to guess key that both parties know, you need to share this key with the other party, and managing how to store the key somewhere safe is a serious impediment to widespread adoption of encryption.

Any security focused app that want's to be successful needs a user experience that hides many of the steps needed to secure data while at the same time, securing the data. And even more importantly - You need to take the decision whether or not to encrypt out of the hands of your team by making it seamless and transparent.


With DropVault we try to address the issue of managing your keys – We let you share conversations and documents with anyone without ever sharing the encryption key.

How does this work?


When you create a channel and choose an encryption key, we also create a password.  For every user you invite to access the channel, we also create a unique password for them. This password is one of the pieces needed to access the key. The important piece is that key itself is never shared.

Why this makes a difference?

By just having a password for each user, we are keeping the key secret. This improves security and also means that when a user or customer leaves or no longer requires access to the channel, you simply remove the invite (and password). They walk away with no knowledge of the key itself.

Keys? We don’t need no keys


When you think that any communication with another party or person will likely involve more than one message, so generating and sharing a key for each message would be an administrative nightmare, and a user experience killer.

So we address this by grouping all communications (or conversations) with another party into a channel and then securing the channel with the key and the password.



By just having a password (and two factor authentication/Fido/Yubikey) the user experience is much better. Just invite someone to the channel, give them their password  and DropVault automatically decrypts all the conversations and documents in the channel - Can be one conversation or 100 conversations, with or without documents yet every single one is encrypted and secured.

 Because the user is already in the channel and authenticated, adding a new conversation or document is simple and the encryption is transparent. Just add or reply, attach your documents and save. In the background, Dropvault encrypts and adds it to the channel.

 We don't need to ask for any keys or passwords to save or send. That's a user experience that makes your team share securely by default.

Why this makes sense




You now have a highly secure way to share encrypted conversations and documents while keeping the user experience as good as it can get.


  • You also make your documents more secure because you never compromise the key – this is always held by the business and never by the user that is accessing the content.
  • You can revoke access at any time – The key never needs to be changed because it’s never been shared.
  • By keeping conversations inside a secured channel, you allow the user to interact and view any message or document without the need to manage keys for each message. This increases productivity and time in the app while ensuring security.
  • With the entire channel being secured, the decision to secure a message or document is no longer a choice for the user.  This is security by default and makes you sharing 
That's it. You now have a platform for sharing securely with your team or your customers and never sharing the key. What's more is that it is security by design and by default. Anything shared using your DropVault channel is secured and the decision to secure it is not left to your team. 

Comments

Post a Comment

Popular posts from this blog

So many parties, so little time - How Dropvault brought secure collaboration to property conveyancing

Image
Property conveyancing is essentially collaboration between many parties. Bringing together all the tasks needed to complete a property purchase and managing these tasks & paperwork across a number of independent teams. And doing so securely. It's this very collaboration that takes time and is prone to delays and missed deadlines. One delay, one missed email with a valuable document, can disrupt timelines and squeeze profit out of what is already a low margin activity. So many parties, so little time Conveyancing by it's very natures involves input and actions from many parties - From two or more legal teams,2 banks or financial institutions, estate agents/realtors and the clients themselves - Coordination across all these parties at the various stages of the process is complicated and time consuming. Today this is mostly carried out over email - Sending or cc'ing multiple parties in banks, estate agents, property searches - the list is endless and tracking th
Read more

Why email sucks as a secure collaboration tool

Image
We all use email – it’s been around for so long and although we’ve added features and the apps have got better, it’s still basically the same beneath the hood. But email today is used far more than anyone would have ever thought – for teams, as a filing cabinet, team collaboration and countless other uses. The problem with email is that it was never designed for any of this and it struggles to be successful when stretched beyond it's limits. Why are apps like Slack and Microsoft Teams growing so fast? Look at the rise and massive success of messaging apps like Slack or Microsoft Teams. They are evidence that email for teams doesn’t work great and to stay productive, to regain control, we need to move onto apps that are designed for something more than just sending a message. So what’s DropVault all about? In a nutshell – It’s secure collaboration and document sharing. In today's world we need collaboration and sharing but we also need security and priva
Read more