FAQs

General Users 

What is unique about Keyavi Data technology?  

Only Keyavi protects your data at the data level so that your data is secure and under your control wherever it goes, whoever has it and when, not if, your data is breached or accidentally shared to unauthorized users so that you can share your data freely and securely.  

How quickly can I install and deploy Keyavi in my organization? 

Our cloud-based product has been up and running within organizations in a single week. Our professional services team can help accelerate policy assessment and review to allow for quick deployment. We also offer on-premise and white-labeled solutions for public and private sector organizations.   

Can I share self-protecting data with someone who is not a Keyavi-licensed user?  

Yes, first time recipients of an “.IKD” (Intelligent Keyavi Data) file can use the web viewer or click to install the free, quick, read-only viewer to access the information being shared. All subsequent data sharing will automatically open in the same viewer.  

Is it possible to mimic or spoof a geo-location to gain access? 

No, Keyavi takes multiple data points into account from several sources, including software, hardware and cloud resources, to determine geo-location of data and its permitted access – it’s not just based on IP address and/or GPS data. Other factors and parameters are considered, validating the true geo-location and other policies, to prevent the access of data in unauthorized locations by unauthorized users.  

Does Keyavi store or transmit my data? 

Keyavi never accesses, stores, indexes, or intercepts your data. Our hands-off approach is fundamental to the mission of our company. Our technology works on your device, allowing your data to stay on your end, or wherever you choose to send and store it, while staying protected and only accessible by you and those you authorize.  

Do I have to be connected to the internet to use Keyavi?  

No, Keyavi technology defaults to “safe and closed” to keep your files protected, even when offline. Customers can use Keyavi’s default setting or can edit and adapt their own policies to allow for varying levels of flexibility and risk mitigation for online and off-line access.  

Does Keyavi protect against print-screen capture in conference call sharing (e.g., Zoom, Teams, WebEx)? 

Yes, this is a standard function of the “Read Only” mode for Keyavi-protected data. In this mode, files can be set to disallow any screen captures (e.g., print screen, snipping tool) and prevent screensharing through platforms such as Zoom and Microsoft® Teams®. While the rest of your screen may be visible, the protected file will be blacked out to viewers.  

Can I apply policy at a group or role level? 

Yes, organizations can tailor their policies by active directory groups, such as departments, senior leadership, managers, site-specific and other group or role classifications. 

Can I share data at an organizational level with unlicensed users? 

Yes, organizations can share data across the following user types: 

  1. NON-LICENSED EXTERNAL: These users will have Read Only access to files sent to them. 
  1. LICENSED EXTERNAL: These users have access through an external client, either Keyavi Web Client or Web Reader in Read Only mode. 
  1. USER: These users have full functionality of the product. 
  1. ADMIN: These admin users have full functionality of the product and administrative privileges, at the licensed entity/organization level. 

When an Admin assigns one of these roles to the GPO (group policy object) in active directory, the role function will be inherited. Additional roles can be requested through our support team.  

Can I restrict email forwarding to specific domains? (e.g., Gmail, Yahoo) 

Yes, permissions control is managed at the entity level, so by adding restricted domains, it will be set for all users under that entity.  

Can I restrict data from being forwarded to personal emails or  outside the company in general?  

Yes, you can restrict your “authorized users” to internal-only personnel, and additionally, you can restrict the data/email/message from being accessible outside the geo-specific rule set. You can also restrict it to company-only devices using UUID (unique user identification) fingerprinting if a higher-level of security is required. 

Do I need to download a client to create a Keyavi-protected file?  

Like any file type, Intelligent Keyavi Data (.IKD) files require some service or software to interact with it. And since Keyavi never accesses, stores or otherwise intercepts your data, the lightweight smart Keyavi service enables the highest level of protection. Its minimalist impression on your system can be up and running within minutes, requiring very little memory that runs seamlessly in the background, allowing you to keep your data within your control at all times.  Plug-ins for Microsoft® Outlook® and other applications are available for seamless integration into daily workflows.  

What file size storage overhead should I expect Keyavi to add? 

Keyavi’s encryption and policy-based protection extends the file size to 1.1-1.3 times (10-30 percent) the original file size. 

How long does it take to encrypt a file? 

In most cases it takes approximately one second to protect your files and in more complex cases, it may take slightly longer depending on the file size, your computer power and network connection. 

Is my own location data secured?  

Yes, all location data is kept encrypted and protected under intense regulatory-grade controls maintained by your organization.   

What does “platform- and transport-agnostic” mean?  

Keyavi’s encryption and policy-based protection is infused directly into the data itself. This protection is enabled across any and all platforms, methods of transit, operating systems and device types. For example, this means that data stored on any flash drive, uploaded to any cloud service, or emailed through any provider can be protected by Keyavi.  

Does Keyavi integrate with Microsoft® Office®? 

Keyavi has full integration with Microsoft Office, providing users a seamless experience when working with Microsoft applications, including Outlook, Word, PowerPoint, Excel and Visio.  

Does Keyavi integrate with Google® products? 

Keyavi-protected files of all types can be stored on Google Drive and because the protection is embedded at the data level, Keyavi files can be shared using any web mail, including Gmail.  

What is an .IKD file?  

An .IKD (Intelligent Keyavi Data) file refers to the file extension appended to your data once you enable Keyavi protection.  

Administrators and Technical Teams 

Can the Keyavi technology be installed on premise? 

Yes, for those companies that require it, we offer the ability to localize the service to their environment. Please contact Sales for more information. 

How does Keyavi handle data tagging and classification?  

In the online Keyavi portal, Admin users can select which compliance regulations are applicable to their operations. When a user shares a document containing a data item that is protected under Keyavi’s compliance modules, that appropriate obfuscation or redaction is applied to that data item. Keyavi’s robust compliance regulations include PCI, HIPAA, CJIS, GLBA, SDPA, FERPA, PIPEDA and others.  

How does Keyavi complement my DRM?  

DRM (Digital Rights Management) provides no inherit protection for the data itself.  If you are already using a DRM solution, Keyavi complements and works collaboratively with existing solutions. Keyavi’s additional policy sets and access controls can be added on top of your DRM’s protections. We work seamlessly with application-level DRM by enhancing a DRM-enabled file with all the Keyavi capabilities. When the Keyavi-protected data determines it is allowed to be accessed under current conditions, that data is still a DRM-enabled file.  Keyavi infuses protection into the data for all file types no matter where it goes or how it is shared.  

Are network- or device-based DLP solutions needed if I have Keyavi?  

No, DLP (Data Loss Prevention) solutions are not necessary when data can protect itself wherever it goes. While Keyavi Data can work in parallel with your existing DLP solution, it also provides you the opportunity to cut costs and replace your DLP solution with technology that empowers data to flow where intended, while always remaining protected and in your control.  

Do I need VPN if I have Keyavi?  

Not necessarily. VPNs (Virtual Private Networks) do not provide data protection – they solely provide transport protection. VPNs set up an authenticated and encrypted tunnel from one point to another, but the data on the devices on either end are not protected by the VPN. The data will arrive at either end of the tunnel, exposed and vulnerable to loss or compromise. 

Keyavi provides protection at the data level, keeping data safe everywhere, so there is no need to overload your organization’s resources with unnecessary remote connections. However, there may be particular roles in your organization that require a VPN connection into your network, and in these cases, Keyavi complements and works in parallel with your VPN to protect your data.  

How does Keyavi help with ransomware?  

The latest ransomware campaigns have not only been holding the victim’s data availability for ransom (“your data is locked unless you pay”), but also its confidentiality (“we’re going to expose your sensitive data unless you pay”).  This is much more costly situation, as simply restoring your data from backup does not protect your exposed data. 

Keyavi-protected files, like other files, may still be subject to being locked by ransomware wrapped around the .IKD files, Keyavi protects the contents of your files from being exposed, even if exfiltrated by ransomware. If the attackers are attempting to access and expose your sensitive data using your compromised credentials, your data is still protected by Keyavi’s multi-layer encryption. Additionally, your data can report back to you, providing critical information for further investigation, including where your data has gone and who is trying to access it.