VoltShare Overview

What is VoltShare

VoltShare delivers end-to-end encryption along with granular policy controls to simplify the process of securely sharing or storing sensitive data. It is available as an end-user application that provides a simplified workflow for securing data while using any existing cloud storage or collaboration tool. It is also available as a SDK + APIs to integrate with other enterprise apps to secure data sharing. In addition, the solution provides enterprises with rich controls for governance.

SecProbs
Figure: Unified End-to-end Encryption Requirement

The following list outlines the salient features of this solution:

  • Seamless implementation of end-to-end encryption prior to sharing information using tools such as email, Slack, Dropbox, Microsoft Teams, SharePoint, etc
  • Policy controls to only allow certain individuals and duration for decryption
  • Governance framework with single sign-on, auditability, policy overrides, and alerting
  • APIs and SDK to integrate with custom applications

VoltShare leverages and extends VoltStack’s identity and secrets service (innovations called Blindfold and Wingman).


Why use VoltShare?

Securely sharing sensitive data (eg. files and passwords) is challenging for many individuals and enterprises. While many collaboration and storage solutions support client-to-server encryption, they do not provide end-to-end encryption that is necessary to guarantee data security. In addition, it is very common for people to implement end-to-end encryption of PDF files using a password, but then the challenge shifts to securely sharing the password. Given the increasing number of breaches to email and cloud services, it is becoming extremely important to implement end-to-end security and access control to any sensitive data.

In addition, enterprises are being required to enforce strict governance of sensitive data, both within and across organizations, because of increasing compliance, audit, and insurance requirements. This compliance need is becoming even more pressing with increase in remote workers in uncontrolled locations and devices:

  1. Data privacy regulations - CCPA, GDPR, HIPAA
  2. Compliance laws - PCI-DSS, SOC-2, HIPAA
  3. Financial regulations for privacy of identity, data, etc.
  4. Internal governance and security

While many large enterprises have deployed complicated data security systems, these are expensive, hard to use, and hard to deploy + maintain. Even with these complex systems, enterprises struggle in sharing sensitive material with partners or customers as these systems require coordination of cross enterprise identity systems. Also, given the cost and complexity, these solutions are not accessible to consumers or small/mid enterprises.

VoltShare solves all of these problems without requiring users to change their workflows or implement complex and expensive solutions. We simplify delivery of end-to-end encryption because of our breakthrough in using well known identity (eg. email address) for authentication + key management + policy controls and offloading all of these complex tasks to our SaaS.


Key VoltShare Capabilities

VoltShare is offered as an easily consumable solution and consists of two components:

  1. Desktop/mobile application (or SDK+APIs for custom applications)
  2. A free or enterprise account on Volterra SaaS

The desktop application allows users to sign-in (and sign-up with Volterra SaaS), automates the provisioning of their certificate, and provides a simple interface showing input and output sections for crypto operations. Users simply either copy-paste sensitive material or attach a sensitive file into the input section, provide e-mail addresses of the intended recipient(s), define the policy for decryption, and click the ENCRYPT button to get an encrypted version of the material.

VSflow
Figure:VoltShare Operation Overview

Users can select the transport mechanism (e-mail, instant messaging, file sharing, etc.) of their choice to share the encrypted version of the material with the intended recipients. This prevents the leakage of sensitive information to the unintended recipients.

Upon receiving the encrypted material, the recipients can use the desktop application to sign into their Volterra account, feed the encrypted material in the input section, and use the DECRYPT option to recover the original data. The data is only decrypted if the recipient is in the original list that the sender had specified during encryption.

For certain use-cases, the customers may want to embed this encrypt, decrypt, and policy enforcement functionality within their own apps. This can be easily achieved by using our SDK+APIs.

Although VoltShare appears simple, the real value of this solution is in its ease of use and simplified delivery of complex cryptographic functionality, policy enforcement, and auditability.

  1. Special Cryptographic Properties - Using a patent-pending solution based on Volterra’s Blindfold and Wingman, VoltShare ensures that the clear version of data never leaves the user’s machine. Unlike other solutions that may perform data encryption/decryption on the server that has access to the key, VoltShare users need not worry about exposing their data to anyone, including Volterra’s decryption server. This is of huge value because Volterra does not receive or store sensitive data, even in encrypted format - it does not ever see the real data.
  2. Ease of Use & Implementation - The client application is built with non-technical users in mind and is extremely intuitive to use. Volterra delivers the entire service as SaaS - the IT administrators at enterprises do not need to deploy and maintain complex cryptographic software. In addition, for use cases that require users to embed this functionality in their own apps, they can easily do this using our APIs and SDK.
  3. Policy Enforcement - Obtaining precise control over information access is difficult, especially when sharing sensitive data outside of the enterprise. VoltShare has efficient user management for both enterprise and individual users and can be integrated into existing Single Sign-On (SSO) or can be protected by Multi-Factor Authentication (MFA). Only authorized users can request decryption of encrypted sensitive material. Administrators can compose policies that override user's original policies and block access to unwanted users or entire domains.
  4. Auditability and Alerting - One of the biggest challenges of security administrators is the visibility, auditability, and alerting on the movement of sensitive material. With VoltShare, administrators can monitor and audit the sharing of sensitive data and make quick changes to override policies as needed.

Example Use Cases for VoltShare

VoltShare has been built in such a way that it can be used to solve many different use-cases:

  1. Secure and controlled document sharing
  2. Secure storage of documents with highly privileged access controls
  3. Time-bound or policy-bound data sharing
  4. Sharing data with 3rd parties

    1. Accounting firms and their clients
    2. Financial data across firms and banks customers
    3. Pharmaceutical companies sharing drug/trial data
    4. Research data across universities
    5. Journalists sharing sensitive stories / breaking information
  5. Secure sharing and storage of technology secrets

    1. API tokens

      1. Shared keys for SaaS apps (integrations, etc)
    2. Shared username/passwords

      1. Root passwords (eg. VMware nodes, Network HW, ILO cards for servers)
      2. Emergency VPN accounts
    3. Sharing configurations of critical hardware and software
    4. Sharing TLS keys

Concepts