Organizations adopt data encryption strategies to secure sensitive information. However, the encrypted data must be available in unencrypted format to support compliance investigations, legal discovery, and content inspection. The traditional method for decrypting data is time consuming and requires manual access to private encryption keys. DecryptNaBox automates and secures the entire decryption process.
DecryptNaBox eliminates the need for private key escrow during data decryption by separating the PKI into two different roles; the Client role, which is responsible for data decryption and the Server role which handles the message key decryption. As such, the need for a user's private key is eliminated.
The Data Decryption Client (DDC) is responsible for pulling encrypted material from the designated source, decrypting
the material and routing it to the outbound destination. Zeva offers three different editions for the DecryptNaBox Client:
Lite, Professional, and Enterprise. In addition, DecryptNaBox Client can be implemented as an extension to third party
platforms or as a generic Microsoft CAPI adaptor.
The Lite Edition offers basic a basic decryption tool with a simple user interface. Using Lite, customers can use a job creation wizard to submit decryption jobs based on an Outlook profile and local file system. This edition provides enhanced features compared to Zeva's Sectool. Some of the new features include: process embedded messages, support for CNG, and support of individual MSG files.
The Professional Edition uses the same simple user interface as Lite with the additional of approval workflow and enhanced reporting capability. In this edition, the approval workflow is subject based. Unlike the Lite edition, this edition requires a Back-End server to facilitate approval workflow. The Back-End server also controls decryption request permissions, key protection, and auditing features.
In addition to all features provided by the Lite and Professional edition, the Enterprise Edition allows customers to submit decryption jobs that are executed remotely. The approval workflow in this edition allows the request to be subject based and/or content based. In addition, the job can be created to run automatically to allow for scenarios such as content inspection and/or automatic data decryption for archiving.
The DecryptNaBox Server is an extension of any associated Certificate Authorities (CAs). It re-constructs keys from
associated CAs and runs a session key decryption service for DecryptNaBox Data Decryption Clients. It provides private
key protection and safe handling via the Hardware Security Module (HSM). Additionally, it ensures the audit logs and back-
end configuration files are protected. Zeva offers two editions of the DecryptNaBox Server: Government and Commercial.
The Government Edition is designed for the US federal
government agencies. It includes all required components
and features for federal agencies to comply with applicable
regulatory and security requirements.
The Commercial Edition is designed for common commercial
usage. It provides an affordable entry point with optional features
to increase system security to comply with applicable regulatory
and security requirements.