Vera provides enterprise data security by controlling access to and usage of files and folders that exist both in and outside of a corporate/protected network. They do this through a permissions-based type of document encryption/protection. This system is capable of integrating with existing active directory environments and can federate to other trusted domains to allow for simple document access controls. The keys to this are maintained by Vera and can be rotated as needed or desired. This key rotation does not impact existing documents so there is no need to worry about them.
Through the system, and active directory you can identify groups or users that need access to file/folders and give them the permissions they need. These permissions can include read, edit, copy, paste etc. It is entirely possible to set up permissions that allow someone to only read a document and prevents them from even making a copy of them information or document. This helps to prevent internal leakage of information. The system also logs interactions with the files/folders so that if someone does try to make a copy of a document they are not supposed to it is logged for audit purposes and can be sent to your SEIM. If someone that is allowed to copy files does make a copy it automatically has the permissions of the original document so it is still protected.
You can also add multi-factor authentication for specific users and/or documents, identify trusted networks or zones to improve protections and also usability. One nice function is an NDA (Non-disclosure agreement) feature that can let you protect information until a predetermined date and then remove all protections so that it is available to anyone. Conversely you can also expire access to a document after a set number of days or a specific date to prevent access outside of when you would need it. Vera’s protections have also been extended to email and not just attachments. You can also protect the body of an email to limit who has access to this information.
The system is complex, but that complexities that make up the protections are not visible to the end user. This means that they do not need to know about the Active Directory integrations, federations, Key Management functions, or anything about the system. Instead they have access to what they need and no access to what they do not. The need to authenticate to view sensitive information is a small thing when you consider the extra protection and ease of use this provides. It means that you do not have to try and force users to use the cumbersome and expensive FTP or file transfer applications that are often required. They can now use what they like (or an easier to maintain/use system) to send files and still maintain confidentiality and regulatory compliance.
If set up correctly Vera can be the answer to wrangling in some of the issues that revolve around protecting corporate information from being leaked (intentionally or not) by users looking to do things as easily as possible. It can remove the need to block Boxx or DropBox and allow a security team to focus on other, much more important, things. This type of solution also is helping to shift the security landscape and mind set from the traditional walls and moat to a more data centric approach. Vera is not the only company that is heading in this direction and we really hope to see more moving into this space.