RESOURCE CENTER
Stay informed with whitepapers, videos, and FAQs.
Whitepapers
Videos
TeissTalk Panel
Join TeissTalk host Thom Langford, along with Confidencial’s Karim Eldefrawy and other panelists, for an insightful conversation covering zero trust, data classification, and AI-powered data protection.
What Role Do Telemetrics Play in Securing Sensitive Data?
Explore telemetrics: the automatic measurement and transmission of statistical data about document access and usage.
How Can You Reap the Benefits of Both a Public and Private cloud?
Confidencial's solution unlocks the control and privacy of a private cloud while offering the scalability of public providers.
How Can Companies Share and Exchange Sensitive Data?
Delve into how companies handle the ingestion of private customer data, highlighting the pitfalls of the current system.
What is Selective Encryption and What Does it Enable?
Delve into selective encryption and how data-level embedding allows companies to maintain a single reusable document.
The Marriage Between LLM and Cryptography: Opportunities and Challenges
Explore the integration of LLM and cryptography, and together, we'll delve into the opportunities and challenges present.
Defining Data-Centric Security: Why Is It the Future?
Why securing the actual data structure rather than solely focusing on the surrounding infrastructure will improve your posture...
How Are Cyber Threats Transforming
Over Time?
The rise of spear phishing and targeted cyber attacks, AI, and what the future of cybersecurity and encryption...
Preparing for the Quantum Era: What Do Companies Need to Know?
Companies should anticipate the need to replace current solutions with systems that are post-quantum...
Key Management in Cryptography:
What and Why?
Cryptography is much more than just securing data by encrypting it. We need to ensure only the correct person...
What Is Cryptography, and Why Should You Care?
Discover the significance of cryptography in safeguarding digital information and why understanding it is...
Confidencial's Secure Document Request - A secure way to request sensitive documents
Confidencial's Secure Document Request (SDR) provides a secure method for requesting sensitive documents from...
10 Reasons to
use Confidencial
10 Reasons to use Confidencial Try Confidencial for yourself. Click here to get started...
Protecting the
Puzzle Pieces
Every year organizations spend millions on cybersecurity to build perimeter defenses around their sensitive information...
Securing your sensitive information with Confidencial
Unencrypted data is the most prevalent root cause of data breaches, regardless if that information was compromised...
[Webinar] Data is the New Perimeter
Dive into the limitations of traditional Zero Trust Network Access (ZTNA) and discover the 'Shift-up' Zero Trust approach, focusing on deploying a data-centric security model and leveraging AI to enhance protection across diverse environments.
How Does Confidencial Offer a Shield Against Ransomware?
Understand the various types of ransomware attacks and how organizations like yours can combat them.
How you can auto-protect unstructured data with Confidencial.io
Utilizing business rules, regex, and locally run AI, we secure sensitive information across your business ecosystem.
Can Collaboration Flourish in a Privacy-Conscious Era?
Explore the rise of corporate silos due to concerns about data breaches and privacy protection.
How Can You Safely Share Sensitive Documents Across Corporate Borders?
Together, we'll explore traditional document security and the complexities of sharing information with external parties.
Enforcing Security Policies:
How Can AI Help?
Discover how policies can shape AI functionality or, conversely, be subject to interpretation by artificial intelligence programs.
Zero Trust Explained & How to "Shift Up" Your Security Approach
Why “shifting up” zero trust to every layer within an organization is essential for safeguarding sensitive information...
Is Your Organization Ready for Post-Quantum Cryptography?
The importance of establishing a risk profile, determining necessary steps, and timing for preparing...
Why Are Quantum Computers
a Security Threat?
Gain insight into the vital role of post-quantum cryptography in the era of quantum technology...
Why Is Cryptography Vital
for Cybersecurity?
Learn how cryptography underpins the safety of our digital interactions...
Using Confidencial with
Microsoft Word
In this video, we'll show you how easy it is to secure sensitive information within a Microsoft Word document using...
Confidencial's Cloud Protector:The latest innovation in protecting cloud storage
In this video, we'll introduce you to Confidencial's Cloud Protector. Cloud protector is designed to allow you to search...
Why you should use Encryption vs Redaction to secure sensitive information!
Why you should use Encryption vs Redaction to secure sensitive information! Try Confidencial for yourself. Click here to get...
PDF Selective
Protection
Learn how to protect sensitive information with a PDF file. Protect the entire PDF file, or secure portions of the file...
FAQ
-
What encryption schemes does Confidencial utilize?Confidencial utilizes multi-receiver hybrid-encryption to (selectively) encrypt data in documents and other content forms. In hybrid encryption, one encrypts the data with a symmetric encryption scheme (e.g., AES) using a randomly generated key. One then encrypts this random symmetric-key with the receivers’ public-key. Confidencial utilizes AES-256-GCM (as the symmetric encryption scheme) to encrypt the actual data. The randomly generated AES key is then encrypted via the public-key of the receivers. We are currently utilizing RSA-OAEP with 2048 bits, but this is a configurable parameter and will be upgraded in 2023. The use of the RSA-OAEP is just as a public key encryption scheme and does not depend on any specifics of the internals of the RSA algorithm (what is called black-box use of the encryption scheme). Any other suitable public-key encryption scheme can be used instead of RSA.
-
Can the platform be upgraded to utilize post-quantum cryptography (PQC)?Confidencial utilizes patented multi-receiver hybrid-encryption to (selectively) encrypt data in documents and other content forms. In hybrid encryption, one encrypts the data with a symmetric encryption scheme (e.g., AES) using a randomly generated key. One then encrypts this random symmetric-key with the receivers’ public-key. Confidencial utilizes AES-256-GCM (as the symmetric encryption scheme) to encrypt the actual data; AES-256 is considered post-quantum secure. The randomly generated AES key is then encrypted via the public-key of the receivers. We are currently utilizing RSA-OAEP with 2048 bits, but this is a configurable parameter and will be upgraded in 2023. The use of the RSA-OAEP is just as a public key encryption scheme and does not depend on any specifics of the internals of the RSA algorithm (what is called black-box use of the encryption scheme). Any other suitable public-key encryption scheme can be used instead of RSA. Once the NIST PQC standards are finalized, one would be able to replace RSA with post-quantum encryption schemes.
-
Does Confidencial store my encrypted documents?No. Confidencial does not store nor receive any user documents. Users encrypt the documents and store them as they normally would. They then send them to their intended recipients via email, web upload, (S)FTP, Slack, cloud storage, or any other communication or storage method of choice.
-
Is Confidencial going through any certification and accreditation process?Yes. Confidencial is planning to apply for SOC2 (System and Organization Controls) compliance by end of 2023.
-
Do I need to install separate add-ins for Word and Excel?No, there is no need to install one add-in for Word then install the add-in again for Excel. Simply install one add-in and start using Confidencial's document protection capabilities in both Word and Excel.
-
Do users in my organization have to create new passwords with Confidencial?No. If an enterprise administrator creates an enterprise/organization account on Confidencial, they can enroll users in their enterprise using its Active Directory (AD) accounts into Confidencial. This is accomplished by creating a connection between Confidencial and the organization's AD to redirect signup requests to AD. However, this option is not available if users are enrolled in the public space via individual accounts.
-
Can I encrypt to users registered with Confidencial but outside my organization?Yes. The encryption experience is the same for users inside and outside your organization. This is assuming that your organization's administrator allows users inside it to encrypt to users outside the organization (whether to users registered in other organizations or registered in the public space using individual accounts).
-
Can I encrypt to users not registered with Confidencial?Yes. You can utilize Confidencial’s escrowed key service and generate one-time-use keys that are utilized to encrypt documents to unregistered users. This happens automatically when you encrypt to an unregistered user. You can then send the encrypted documents to the users via email, Slack, cloud storage, or any other method of choice. Confidencial does not obtain the encrypted documents. When the intended user receives the document (or email) they are redirected to Confidencial to register and install the add-ins and the documents will then be decrypted automatically. In the future any encryption to the new users will use their long-term privately generated keys which will be generated when they complete their registration.
-
Who owns and stores the decryption/private keys?The Confidencial platform is flexible and can accommodate multiple secure key storage options depending on customer needs. In all cases, user’s decryption/private keys are always stored in a secure distributed manner and never stored in the clear in a single database or server. The most common key storage options are: Organizational Accounts: In an organizational account, the private keys can be stored in a local or cloud-based database or Key Management Server (KMS) managed by the organization. Another option is to deploy a Key Share Server (KSS) supplied by Confidencial which stored secret share (shard) of a user’s key. The other secret share (shard) of a user’s key is stored in another KSS hosted in Confidencial’s cloud. In this setting, even if an organization’s KSS is compromised or breached, no user keys are leaked. The same applies if Confidencial’s infrastructure or backend is compromised. This setup mathematically guarantees that no information about the private keys is revealed is breaches occur. This deployment setup provides a high-level of protection and is recommended by Confidencial. Individual Accounts: If desired, users can locally generate and store private keys. In this case, the user must load the key when they log into the Confidencial add-ins, or desktop or mobile apps. If users prefer simplicity, they can store their keys in a secure distributed form, namely password protected and secret shared form in Confidencial’s cloud platform. The keys are automatically retrieved when the user logs into the add-ins, or desktop or mobile apps with their correct username and password. The keys are then deleted from local memory and storage once the user logs out. We stress that Confidencial does not obtain any documents encrypted by the users, and because of this the keys stored in Confidencial will not be useful. And, again, if the user does not trust Confidencial with their private key, they can always store it locally.
