• How does 2Encrypt protect sensitive data?
• Does 2Encrypt actually perform the encryption?
• What encryption algorithms can 2Encrypt use?
• Does using 2Encrypt cause my encrypted resources to take up more space?
• How will 2Encrypt work with data once it is at my corporate office?

How does 2Encrypt protect sensitive data?

2Encrypt provides an application-based approach to encryption using industry standard algorithms that ensure only authorized applications are able to read encrypted data.

When an application attempts to write data to a file or other resource, the resource in question is checked by 2Encrypt to determine if it is targeted for encryption. If so, then the data being written to the file is encrypted on the fly before it ever reaches the resource. Similarly, data being read from a targeted resource will be decrypted before being passed to the application. In this way, the only place the data exists in its clear form is within the memory of the process that is collecting or manipulating the data. Any application not targeted by 2Encrypt will see the data only in its encrypted state.

Does 2Encrypt actually perform the encryption?

2Encrypt uses a plug-in architecture for encryption; we can do the encryption ourselves or use a 3^rd party encryption provider. There have been cases where, at a customer’s request, we have embedded the actual cipher code into the 2Encrypt encryption plug in, but our strong preference is to delegate the actual encryption of the data to a 3rd party provider—typically the built in Windows encryption provider. The reason: we want to ensure customers don’t become overly reliant on 2Encrypt from a data standpoint, and that they have confidence in the encryption algorithm that a publicly available provider confers.

What encryption algorithms can 2Encrypt use?

The encryption mechanics of 2Encrypt work on a plug-in model and can be configured according to what the customer needs. The ones that we have implemented extensively are AES and 3DES, but there really is no restriction on the algorithm that can be used, or the strength of that algorithm.

Does using 2Encrypt cause my encrypted resources to take up more space?

There is a slight, predictable, increase in the space required to store encrypted resources.

This is for 2 reasons:

1. 2Encrypt prefixes each resource with information about the mechanism and key used to initially encrypt that resource. This provides 2Encrypt with the ability to have all of the information necessary to decrypt the data regardless of whether configurations or keys have changed since the resource was encrypted.
2. The data in the resource is encrypted with a symmetric cipher, which does not expand the size of the data itself, but does require that the data resulting from the encryption operation be of a length corresponding to a block length used by the cipher. In other words, the length of an encrypted resource will always have a length that is a multiple of x, where x is the block length of the cipher.
   

How will 2Encrypt work with data once it is at my corporate office?

Data at the corporate office can be protected using 2Encrypt, since it can be used on any Windows machine anywhere within the organization. So, for example, encrypted data sent to corporate from the stores can continue to be protected and made available to authorized users seamlessly. By the same token, corporate applications that run on Windows and create or manipulate sensitive data can be protected using the 2Encrypt engine.