Problem: Security of data-at-rest and data-in-transit

  • The primary concern: how to control, secure, and protect internal data or data that is processed by a third-party service and does not reside on own premises
  • Also directly attached storage can be vulnerable due to curious or malicious insiders, administrators, partners, hackers, contractors, or outsourced service providers
  • Another concern is that cloud service providers only protect the infrastructure of their service but not the stored data in itself, which is the responsibility of the customer (i.e. “shared responsibility”)
  • A significant number of regulations are in effect worldwide that relate to protection of private and sensitive data. Some are focused on protection of specific industry information and others are concerned with proper disclosure of data loss incidents and general privacy

Solution: Envault patented, simple and unbreakable double-guard protection

The Envaulting method simply encrypts the data to be protected, removes a small part of it (ie. fragment) and sends it to a trusted location.

How Envaulting works

  • File data is encrypted at the client with AES 256
  • The AES 256 encrypted file is split into two:
    • Encrypted main body which is padded to original size
    • Encrypted fragment (c. 0,5% of encrypted data + audit data, file name, user name, transaction type)
  • The fragment is sent to the Fragmentvault server located at a trusted location. The Fragmentvault server also stores the encryption key. The rest of the encrypted file stays at the original location where it is saved
  • When an authorized user with the client software accesses the file a request is made using highly secure Transport Layer Security (TLS) protocol and once authenticated the fragment and key are sent back to the user client
  • The client software accesses the fragment and the key, reassembles the encrypted file and decrypts it for access to the authorized user
  • Envault’s solution allows to centrally manage the fragments so access to a fragment can be blocked or a fragment can be destroyed in case of a security incident or other need

Read more



Envault Corporation

Tekniikantie 12 (INNOPOLI 1), 02150 ESPOO, Finland, EU

en_USEN fiFI