VoltShare

What is VoltShare?

VoltShare delivers end-to-end encryption along with granular policy controls to simplify the process of securely sharing or storing sensitive data. It is available as an end-user application that provides a simplified workflow for securing data while using any existing cloud storage or collaboration tool. It is also available as a SDK + APIs to integrate with other enterprise apps to secure data sharing. In addition, the solution provides enterprises with rich controls for governance.

SecProbs
Figure: Unified End-to-end Encryption Requirement

The following list outlines the salient features of this solution:

  • Seamless implementation of end-to-end encryption prior to sharing information using tools such as email, Slack, Dropbox, Microsoft Teams, SharePoint, etc
  • Policy controls to only allow certain individuals and duration for decryption
  • Governance framework with single sign-on, auditability, policy overrides, and alerting
  • APIs and SDK to integrate with custom applications

VoltShare leverages and extends VoltStack’s identity and secrets service (innovations called Blindfold and Wingman).


Why use VoltShare?

Securely sharing sensitive data (eg. files and passwords) is challenging for many individuals and enterprises. While many collaboration and storage solutions support client-to-server encryption, they do not provide end-to-end encryption that is necessary to guarantee data security. In addition, it is very common for people to implement end-to-end encryption of PDF files using a password, but then the challenge shifts to securely sharing the password. Given the increasing number of breaches to email and cloud services, it is becoming extremely important to implement end-to-end security and access control to any sensitive data.

In addition, enterprises are being required to enforce strict governance of sensitive data, both within and across organizations, because of increasing compliance, audit, and insurance requirements. This compliance need is becoming even more pressing with increase in remote workers in uncontrolled locations and devices:

  1. Data privacy regulations - CCPA, GDPR, HIPAA
  2. Compliance laws - PCI-DSS, SOC-2, HIPAA
  3. Financial regulations for privacy of identity, data, etc.
  4. Internal governance and security

While many large enterprises have deployed complicated data security systems, these are expensive, hard to use, and hard to deploy + maintain. Even with these complex systems, enterprises struggle in sharing sensitive material with partners or customers as these systems require coordination of cross enterprise identity systems. Also, given the cost and complexity, these solutions are not accessible to consumers or small/mid enterprises.

VoltShare solves all of these problems without requiring users to change their workflows or implement complex and expensive solutions. We simplify delivery of end-to-end encryption because of our breakthrough in using well known identity (eg. email address) for authentication + key management + policy controls and offloading all of these complex tasks to our SaaS.


Key VoltShare Capabilities

VoltShare is offered as an easily consumable solution and consists of two components:

  1. Desktop/mobile application (or SDK+APIs for custom applications)
  2. A free or enterprise account on Volterra SaaS

The desktop application allows users to sign-in (and sign-up with Volterra SaaS), automates the provisioning of their certificate, and provides a simple interface showing input and output sections for crypto operations. Users simply either copy-paste sensitive material or attach a sensitive file into the input section, provide e-mail addresses of the intended recipient(s), define the policy for decryption, and click the ENCRYPT button to get an encrypted version of the material.

VSflow
Figure:VoltShare Operation Overview

Users can select the transport mechanism (e-mail, instant messaging, file sharing, etc.) of their choice to share the encrypted version of the material with the intended recipients. This prevents the leakage of sensitive information to the unintended recipients.

Upon receiving the encrypted material, the recipients can use the desktop application to sign into their Volterra account, feed the encrypted material in the input section, and use the DECRYPT option to recover the original data. The data is only decrypted if the recipient is in the original list that the sender had specified during encryption.

For certain use-cases, the customers may want to embed this encrypt, decrypt, and policy enforcement functionality within their own apps. This can be easily achieved by using our SDK+APIs.

Although VoltShare appears simple, the real value of this solution is in its ease of use and simplified delivery of complex cryptographic functionality, policy enforcement, and auditability.

  1. Special Cryptographic Properties - Using a patent-pending solution based on Volterra’s Blindfold and Wingman, VoltShare ensures that the clear version of data never leaves the user’s machine. Unlike other solutions that may perform data encryption/decryption on the server that has access to the key, VoltShare users need not worry about exposing their data to anyone, including Volterra’s decryption server. This is of huge value because Volterra does not receive or store sensitive data, even in encrypted format - it does not ever see the real data.
  2. Ease of Use & Implementation - The client application is built with non-technical users in mind and is extremely intuitive to use. Volterra delivers the entire service as SaaS - the IT administrators at enterprises do not need to deploy and maintain complex cryptographic software. In addition, for use cases that require users to embed this functionality in their own apps, they can easily do this using our APIs and SDK.
  3. Policy Enforcement - Obtaining precise control over information access is difficult, especially when sharing sensitive data outside of the enterprise. VoltShare has efficient user management for both enterprise and individual users and can be integrated into existing Single Sign-On (SSO) or can be protected by Multi-Factor Authentication (MFA). Only authorized users can request decryption of encrypted sensitive material. Administrators can compose policies that override user's original policies and block access to unwanted users or entire domains.
  4. Auditability and Alerting - One of the biggest challenges of security administrators is the visibility, auditability, and alerting on the movement of sensitive material. With VoltShare, administrators can monitor and audit the sharing of sensitive data and make quick changes to override policies as needed.

Example Use Cases for VoltShare

VoltShare has been built in such a way that it can be used to solve many different use-cases:

  1. Secure and controlled document sharing - In many day-to-day transactions between individuals, in both enterprise and personal settings, it is common to share confidential documents but there is always a worry of privacy, security limitations of the collaboration tools, and human errors. For example, it is common to send financial documents by email within a team but there is always a risk of these documents getting forwarded to unintended people. Another example is compromise of your email service and exposure of all the confidential information stored.
  2. Secure storage of documents with highly privileged access controls - With the passage of data privacy laws like GDPR, CCPA, and HIPAA, it is becoming critical to control who has access to confidential PII and PHI data and to securely share such information with partners. Using end-to-end encryption with policy controls helps alleviate the complexity of managing these documents
  3. Time-bound or policy-bound data sharing - With increasing value of data, enterprises are looking at ways to monetize their data and also control the duration of access of their valuable data assets. VoltShare’s policy engine provides the flexibility to the producers of data of control who have access to their data and the duration for which they can securely access this data. In addition, their corporate governance teams can override access at any time based on the change of business arrangements.
  4. Sharing data with 3rd parties - In many enterprises, it is common to rely on privileged and completely private communication with their clients, partners, and patients. In such situations, using end-to-end encryption removes the hurdle of using email (or even dropbox) for sending documents that would otherwise require more inconvenient document sharing tools. These industries include:

    1. Accounting firms
    2. Financial institutions
    3. Law firms
    4. Pharmaceutical companies
    5. Research data across universities
    6. Journalists sharing sensitive stories / breaking information
  5. Secure sharing and storage of technology secrets - It is very common for developers and technology companies to keep their passwords and key pieces of access control and/or other critical information on cloud storage and/or shared folders with very basic controls. These are not only vulnerable to data breaches but can make it impossible for organizations to pass audits and compliance checks. Some of these information include:

    1. API tokens - shared keys for SaaS apps
    2. Shared username/passwords

      1. Root passwords (eg. VMware nodes, Network HW, ILO cards for servers)
      2. Emergency VPN accounts
    3. Sharing configurations of critical hardware and software
    4. Sharing TLS keys

Concepts