Your data is your most valuable company asset, which is why it’s business critical to ensure it’s well protected. Many companies do this nowadays by using virtual datarooms. These solutions enable you to work on and share strictly confidential documents – both within and outside the firewall. But that’s not all: they also include strong encryption that protects your data from internal and external thieves.
But what about cloud providers and IT administrators? You need to ensure they can’t access your sensitive documents either.
This is where Brainloop’s provider shielding comes into play – by strictly separating your data from application and system admin functions, as well as by securing processes on the platform. Even Brainloop itself can’t access confidential information stored in a dataroom. As a result, your data is always secure.
There are different shielding methods, so you’ll need to check what your provider offers. Many of them encrypt the entire database automatically, which protects it well from external attacks but still enables the customer’s own IT admins to access all company data with no problem. We prevent that by providing administrator shielding – a function that’s used by many of our customers, and their customers too.
The combination of provider and administrator shielding gives you a sealed dataroom in which the files can only be accessed by authorised users.
In addition, Brainloop provides multiple additional technical and organisational protection methods for datarooms.
In Brainloop datarooms, all security-related data – whether documents, messages or security questions – is protected with 256-bit encryption. And the security keys are stored separately too.
Secret sharing for critical operations
Running the application involves critical operations that are so sensitive that platform administrators shouldn’t be able to execute them alone. Although they can’t access any keys, files and metadata within the solution, they still need to be able to carry out server and software maintenance. This is where Brainloop’s secret sharing comes in. Each person in a group of your company managers receives one part – also known as a share – of the master key. These shares are then uploaded. The system assembles them and generates an authentication token that allows it to carry out a critical operation. Among the administrators and managers, no single person has complete knowledge or control of the master key.
Brainloop also supports hardware security modules (HSM) that enable the keys to the master key to be stored on separate hardware that accesses the server using a high-speed connection. As a result, the master key itself is encrypted again separately.
Another security function available with Brainloop solutions is the tamper-proof audit trail. That enables you to check at any time which user or administrator has viewed, edited or downloaded a document and when they did so. In this way, the automatic logging improves protection in a psychological as well as a technical way.
Combined technical and organisational measures
Brainloop provides additional protection for your company data by combining technical and organisational measures. For example, Brainloop ensures a strict separation of its operations and engineering teams so that engineering staff cannot access the server. The same goes for the hosting provider’s employees – they have no access whatsoever to the application, database or storage. Brainloop is also audited regularly by external, independent specialists as well as by customers and other interested parties.
Brainloop’s high-security solution operations have been certified multiple times and include compliance with ISO 27001, ISAE 3402 and the Trusted Cloud Label.
The combination of all these technical and organisational measures ensures your data assets are well and truly secured – and that you always benefit from Brainloop’s leading-edge security.