BlakFXCrypto SecurityCurrency MarketCybersecurityFoundersHackingNSASecurity AuditUncategorizedWork

Best Cloud Data Security Encryption Approach — BYOK? HYOK? or Helix22?

Data is moving to the cloud, there is no disputing that fact. However, inherent in migrating data, AI experiments and machine learning is that your data goes into the hands of a 3rd party and is reliant on their data security capabilities. Further, data privacy regulations mandate the organizations that collect the data remain responsible for its privacy and protection regardless of any contractual agreements or outsourcing arrangements. Organizations accustomed to traditional methods of protecting and controlling access to data where they managed all aspects of data security require a shift in their thinking about data privacy. It is not about keeping people away from the data, it is about protecting the data itself.  The introduction of outsourced IT Operations and Managed Services years ago and now cloud migrations require a shift from managing all aspects of router, firewall, server and workstation configurations to managing data security through contractual agreements.

BYOK vs HYOK produced by SecuPI

Organizations remain accountable even when they have almost no direct control over any of the infrastructure processing the data i.e. the cloud service provider (CSP).  Real-time detection of anomalous data access activity and User Behavior Analytics (UBA) are needed to compensate for the loss of traditional Data Loss Prevention (DLP) functionality including in-house server, network event and end-point protection solutions.

Bring Your Own Key (BYOK) is an encryption key management system that allows enterprises to encrypt their data and retain control and management of their encryption keys. However, some BYOK plans upload the encryption keys to the cloud server provider (CSP) infrastructure. In these cases, the enterprise will forfeit control of its keys.

Regulated industries, such as financial services and healthcare, require keys to be segregated from the cloud Data Warehouse compute and storage infrastructure.   Hold Your Own Key (HYOK) enables companies to comply with this requirement with encryption applied to the most sensitive columns, and dynamic masking or filtering access to other sensitive columns – achieving a balance between data protection, compliance, analytics and usability of the data.

The only way for organizations to retain full control when transitioning to the Cloud is through Anonymization of data or rendering enough sensitive data fields inaccessible when in the Cloud and only accessible again when coming back on-premise or back within their span of control.  This is where the Hold Your Own Key (HYOK) concept becomes essential.  Encrypting data prior to sending to it the Cloud and only decrypting once back on-premise is the only way to satisfy any more conservative trust models.

Cloud Service provider encryption solutions, however, cannot strike the required balance.  Disk, file, tablespace or even Column level encryption solutions still mean the Cloud Provider controls the keys!  This protects against an intruder walking out of the data center with a disk drive but not any normal access channels to the data.  Cloud Services provided solutions including Bring Your Own Key (BYOK) designs are not acceptable to organizations in any highly regulated industries or processing particularly sensitive data.

Another major problem is encrypting all the data. If data is 100% encrypted, then fields and columns cannot be accessed and are therefore are inadequate for use as a data set. It becomes impractical then from a business standpoint, to encrypt all data fields or offer access only on a “need-to-know” basis. The result is that most data is shared on the CSP without encryption at all. Your data is then 100% reliant on the CSP not being breached.

Device-2-Device (D2D) Encryption by BLAKFX offers DNA BindingTM cryptography that embed with the data itself. The key exchange originates on an encrypted device (not in software or an app) and is augmented with a genuine “zero-knowledge” universal key server. The recipients device must have Helix22 installed in order to exfiltrate the data. Therefore, we offer perfect data security with 100% compliance, in your control, at all times. This of course is the optimal scenario. Your firm controls full control over access to your data sets at all time.

Enter BLAKFX. The Helix22 offers 100% data security on your firms data while it is at rest, in use or in transit. It also works on every CSP and on any device or in any programming language.

With Helix22, this means that data is protected on your infrastructure, on a CSP and is 100% compliant. Also, it means that no other service provider will be able to access data or have it breached. Compliance is controlled also 100%  by your frim as all the keys are in your possession and/or generated by the BLAKFX key serer, which is 100% zero-knowledge.

Here is how it works.

Helix22 delivers perfect security assurance due to our genius engineering team that has invented a new model for data security that required an innovative look at the problem. The approach we took was to protect the data itself. Almost all other data security products try to build a perimeter or being fanatic on user credentials. However, once the product is breached or a password is stolen, even if it is 2FA or encrypted, your firms data is in the clear.

You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even if credentials are stolen the data cannot be exfiltrated. This means that all data is 100% protected regardless of the type of attack.

Another substantial advantage of Helix22, is that it protects all data whether at rest, in use or in transit. All communication apps for example, only encrypt data while in transit. Therefore, that encryption become useless for internal IT security or Artificial Intelligence or Machine Learning experimentation. All data generated during these massive computing exercises is equally protected in real time. Plus, the latency period for the Helix22 is exponentially less than any other security product, so it actually contributes to faster processing times.

              Our Motto

       In Math We Trust

In this protocol, we are truly a “zero-knowledge” server so your private communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity ever for any data leak.

The Helix22 data security SDK accomplishes the following:

  • Protects all your firms data at rest, in use and in transit
  • Renders ransomware threats obsolete
  • Eliminates human error
  • Eliminates all malicious or interior attacks
  • Verifies original content i.e. minimizes the threat of impersonation attacks and deep fakes
  • Reduces latency
  • Installs with 5 lines of code
  • Runs on any CSP, platform, network, device and in any programming language
  • Provides perfect future/forward secrecy
  • Delivers “zero-knowledge” encryption
  • Compatible with all cloud, 3rd party and vendor services
  • Is quantum ready – so there’s no need to upgrade when the time comes
  • Requires no employee training
  • Exceeds all gov’t and banking standards
  • Meets compliance regulations

U2U/D2D encryption

We can make all these claims as the tech engineers at BLAKFX invented and patented a genuine user2user (U2U) or device2device (D2D) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Signal and Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) or device-to-device world, there is no opportunity at all for any data leak.

This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all firms involved be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.

Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period.  We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.

One final practical genius of DNA BindingTM is in that it is immediately compatible with whichever system or software you are utilizing. Therefore, any organization can forward information to another and then discuss it and there is immediate privacy.

BLAKFX is Based on Success

Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.

                                                                                         

Founder – Robert Statica PhD            Founder – Kara Coppa                   Founder – Alex Maslov MS, MBA                    

 

                               

Co-Founders of Wickr                    KatimTM Ultra Secure Smartphone

 

Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.

We like to refer to Helix22 as “22nd Century Data Security.”

The wrold's foremost B2B and B2G data security product.

Helix22 – Zero Risk