Q: How does Keyavi support deployment throughout my enterprise?
Keyavi’s 2.0 release provides support for scripted deployments of the Keyavi platform and plug-ins for Microsoft Office. This allows IT admins to deploy Keyavi technology seamlessly, throughout the enterprise, without requiring any other user action.
The Keyavi platform is available for deployment on premise or in the cloud, facilitated by the YAML configuration file provided that may be executed using one of a set of commonly available tools. YAML is a data serialization language that is often used for writing configuration files. It’s a popular programming language because it human-readable, easy to understand and can be used in conjunction with other programming languages.
Q: Do you only support Microsoft Enterprise accounts?
Keyavi’s technology can protect ANY file, but our platform currently supports Microsoft Windows, Google Android and Apple iOS. Based on future customer need and demand, we will look into extending our capabilities to other platforms.
Q: How does your product integrate with my existing user authentication?
Keyavi supports OpenID Connect (OIDC), a standard defined by the OpenID Foundation. The current release has been verified with Microsoft Azure Active Directory and OKTA, but several other identity providers support OIDC and could be utilized. This integration enables simple provisioning via Azure Active Directory, and provides a seamless single sign-on experience for end users.
Q: What would you say is the most significant improvement in this release over the previous version?
The #1 top item would be deploying and managing our product for enterprises –scaling the product to enable IT admins to support thousands of users.
Also important in this release is enabling mobile applications for devices running iOS and Android. We’ve improved our mobile apps so users can easily manage, read and access Keyavi-protected documents on those platforms.
Q: So, if my mobile app is enabled with 2.0, does that mean I no longer have to sign in with a different password, it will immediately know who I am and automatically open?
That depends on how the mobile application was configured on your device. If it has enterprise management capability, and you’re using either the Microsoft or Google authenticators
to authenticate your enterprise account on the device, then yes, we will integrate with it . Admins always have the option of requiring separate authentication when accessing the mobile app.)
Q: What are other new features?
In addition to OIDC/Active Azure Directory & OKTA across our product/applications, we’ve also added to this release:
- Ability to protect documents for groups, as well as users
- Bulk user/group management in the Keyavi web portal
- Increased number of roles that groups and users can be assigned to
- MSI support for the Keyavi platform and plug-ins, enabling scripted mass deployment
- Comprehensive YAML based support for Keyavi node based deployments
- Keyavi Lite, a Windows based application that provides support for external users needing limited access to Keyavi protected files
Q: Are there other product improvements Keyavi’s customers wanted that are in this release?
Yes. Based on our customers’ needs, we knew they would require interaction with other Keyavi entities.
For example, if supply chain Company A wants to share data with Company B, but they each have their own base of Keyavi-licensed users, how do you create distinct profiles within the Keyavi platform and apps so end users can easily switch between each of their identities?
So allowing both companies to have multiple profiles, and enabling easy user switching between them, is something we added into 2.0. It’s a more forward-looking feature, but based on real-world scenarios our customers are facing, we think this is a very real scenario for them and a feature they’ll want to deploy.
Q: Our external customers and vendors who don’t have a Keyavi license often ask us to share our Keyavi-protected documents with them. Can they do that securely with 2.0?
This was already possible in version 1.0, but it required a recipient outside the organization to jump through many hoops to successfully get set up. We’ve streamed that process significantly in the 2.0 release. That’s just one example of many other improvements we’ve made in 2.0
Q: What identity management systems integrate seamlessly with Keyavi?
Keyavi 2.0 seamlessly integrates with Microsoft’s Azure Active Directory and OKTA identity and access management systems.
We also support OIDC – an open standard and decentralized authentication protocol. Promoted by the non-profit OpenID Foundation, it allows users to be authenticated by cooperating sites (known as relying parties, or RP) using a third-party service, eliminating the need for webmasters to provide their own ad hoc login systems, and allows users to log into multiple unrelated websites without having to have a separate identity and password for each.
Some examples include Google, Gakunin (Japanese Universities Network), Microsoft, Ping Identity, Nikkei Newspaper, Tokyu Corporation, mixi, Yahoo! Japan and Softbank.
Q: Do I still need to do backups if I am using Keyavi?
A robust backup strategy remains a vital component in your company’s anti-malware operations. While malware is unable to access the encrypted Keyavi protected data, ransomware can still encrypt that data without understanding what it contains. For that reason, endpoint security solutions are still a valid aspect of your data security model.
Q: How else can Keyavi help me respond to a ransomware attack?
Since Keyavi tracks near real-time data decryption requests and gathers information about the host environment with every such attempt, any attempt by the Keyavi platform to access Keyavi data that does not meet the policy requirements will fail, and a rich data record will be created containing forensic information useful in identifying the attacker.
If the access attempt does not make use of the Keyavi platform, but the host is configured to monitor all access to Keyavi files, then an event will be generated and reported once access to the file has been detected.
Q: If malware infected my application – a Word file, for example — wouldn’t it be able to exfiltrate the decrypted data in any document I open?
If your Word file was not encrypted with full editing, copy and print permissions, the data would only be available in read-only mode. That means any application, such as Word, would not be able to exfiltrate the content, even after that content has been accessed by a criminal.
Q: Let’s say a hacktivist steals my Outlook address book by spoofing or phishing my Keyavi email account. What’s to prevent this criminal from sending compromised emails using my Keyavi account, from registering their own location and IP address to replace mine?
Remember that Keyavi registration requires a two-step process. A thief would need to authenticate their identity first (and we would know their Microsoft ID or Google ID before they activated a new user account). That thief would also still have to sign into Keyavi’s portal with their own ID.
As a best practice to prevent fraud, we advise our customers never to send Keyavi-protected documents to unsecured email accounts (e.g., Yahoo, gmail, etc). If they’re going to allow it, they need to check a box to allow an “exception” rather than a routine event.