1) Client-side encryption
When the corporate network is attacked, all data moving through it is affected. Even those that are transported from a workstation to a server-side encryption service. They can be intercepted in plain text. Only if the encryption happens directly on the client is the maximum protection provided.
2) Encryption based on roles
Encryption provides the best possible protection when it makes data accessible on a need-to-know basis. If each employee is given access only to the data they need to work, the damage is minimized even if that employee’s computer is hacked. It may serve as a gateway into the corporate network, but it can only reveal a fraction of the data in plain text due to a lack of cryptographic keys.
3) Integration into enterprise structures
For example, through hierarchical roles for security officers or the dual control principle when assigning access rights, the integration of directory services such as Active Directory or multi-factor authentication.
4) Runs on all platforms and end devices
An encryption solution that does not take effect on all end devices and platforms used is not a suitable protection. Otherwise, an attacker can simply look for an unprotected attack site to tap all the data there.
5) Is invisible to the user
It is an old mantra of IT security that protection only works if it does not hinder. Employees will otherwise look for ways to actively circumvent the obstruction – and thus the protection. The ideal encryption solution therefore works imperceptibly for the user in the background.
6) Integrates with the backup process
As mentioned, backups are a key protection against ransomware. An encryption solution that hinders or complicates this process is an inappropriate tool: it strengthens protection in one place, but weakens it in another.
Function overview – Boxcryptor vs conpal LAN Crypt
How does Boxcryptor compare to our conpal LAN Crypt? A short feature comparison covers the main points. You can also download a more detailed comparison on our page “The Alternative to Boxcryptor – Encryption with conpal LAN Crypt“.