What is Zero Knowledge Encryption?
If zero knowledge means every piece of information is absolutely confidential, and all data remains only with the user of a software or service, how does zero knowledge apply to encryption?
Zero knowledge encryption basically states that data is kept secure via a unique user or encryption key, one that even the application developer does not know. You, and only you, can access your encryption key.
But wait, aren’t all encrypted files or data always inaccessible except to authorized users given the appropriate keys? Well…yes and no. Some cloud-based applications, such as Dropbox, Google Drive, and OneDrive sacrifice true zero knowledge encryption to keep file exchanges humming along at not-quite-warp-speed. The result: speedy file transfers, but with the accompanying fact that the application or service technically holds the key to your data. In theory (or with a bad-egg employee or cyberthief lurking about) your files might be the source of entertainment during someone’s lunch break or worse, of criminal hacking.
Software or services that operate with a zero-knowledge platform do so without being able to brandish the keys to your files. Your data remains secure and under your control only.
Why Don’t All Apps Use Zero Knowledge Cryptography?
Speed. It’s all about the speed. When data is in transit and encrypted some speed is sacrificed.
Why? Because encrypted data is filtered through a series of changes such as permutations, substitutions, and other operations as it moves along, slowing down the transmission processes to a degree. File speed is one factor to weigh when selecting a file transfer solution.
Related Reading: Which is Faster FTPS or SFTP?
Cloud-based File Transfer Risks
The biggest risk taken when relying on popular file sharing tools such as Dropbox is that they can retain the ultimate right to access your information as they store all the encryption keys. Now, are they popping into your files on the daily? No. Typically, this scenario is seen when a government entity requests data. But the fact remains, services can and do use your unique encryption key to unlock your data. Additional risks include:
- Meta data access: With the encryption key in possession, even meta data in your files is accessible by the solution or service
- User access: Depending on your level of service, there are limits on available permission settings. Error and misuse can potentially allow for access by non-authorized recipients.
- File control: Again, how long file versions are saved is a matter of which version of a file sharing solution you purchased. Some store version histories for 30 days, while others may keep files for up to 180 days. In that time, data is vulnerable to a breach or leak.
- Regulatory gaps: Here comes that tier issue again. Unless you’re careful about which tier of service you select, you may not be fully covered for regulatory compliance on PHI for HIPAA and HITECH, as there is not full insight or reporting on user history and movement of data.
Related Reading: How to Use Cloud Data Transfer Solutions Effectively
Is Zero Knowledge Encryption Absolutely Necessary?
The encryption method you ultimately select depends on a number of key factors, including:
- How sensitive is your data?
- How you plan to transmit data in and out of your organization
- File size: do your large files need to be compressed
- Do you need files encrypted at rest before they are sent, as well as during transmission?
- Do you need your connection or channel encrypted?
- What encryption standards do your trading partners or others require? For regulated industries, encryption standards to meet compliance obligations can sometimes be very specific.
The above factors must be considered before choosing to send encrypted files. To do so safely, a managed file transfer solution is one popular option.
On-Demand Webinar: How to Choose the Right Encryption Method for Securely Exchanging Files
Encryption with MFT is a Secure Choice
If you’ve got a need for file encryption, an MFT solution can protect your files while they are at rest or storage as well as while they are winging their way to their end destination. A robust MFT solution, like GoAnywhere MFT, can secure inbound and outbound file transfers via industry-standard network protocols and encryption.
Encryption for Data at Rest and in Transit
GoAnywhere MFT encrypts your data at rest with the following protocols:
While data is in transit GoAnywhere uses SFTP, FTPS, HTTPS, and AS2, AS3, and AS4 to carry the encryption load. In addition, the solution’s Secure Mail option allows users to quickly send confidential messages and files using the convenience of email and the security of HTTPS.
When an email is sent with Secure Mail, the message and attachments are automatically encrypted and stored on your server. GoAnywhere MFT then sends an email notification to the recipients with a link to the encrypted message and files. This link allows the user to download the message and files over a secure HTTPS connection directly from your server.
In addition to strong encryption and convenience, GoAnywhere MFT helps streamline and automate the file transfer process with:
- Alerts: You can set up notifications for pre-determined events to get up-to-the-minute information on any file movement.
- Automation: Workflows can be scheduled for both time and events to take on some of the manual, repetitive workload and make collaborating and moving files between users, internal systems and trading partners easier.
- DMZ Secure Gateway: Keep incoming ports closed to your private/internal network, and keep your file servers, passwords, and user credentials safe.
GoAnywhere Delivers Encryption Solutions
GoAnywhere MFT is a centralized, easy-to-use solution for transferring sensitive data. If you’d like to see it in action, schedule a 15-, 30-, or 60-minute demonstration of encryption in action
Or give it a try today to start locking down your sensitive data immediately.
