What was the best part about using SSProtect?
First off, SSProtect is an extremely well documented product. The product is fairly straightforward but if you get into trouble there's plenty of help to get it installed, administrate and so on. SSProtect is a Windows only solution that supports Windows 7, 8.x, 10, and Windows Server 2008 R2 and 2012 R2 - all 64 bit. There is an add-on to the core installation to protect email which supports Office 2010, 2013 and 2016 via a plug in. One installed, the software is really transparent and seems to integrate well with other utilities like AV software.
SSProtect, on the surface, looks and feels similar to other tools in this category like VeraCrypt(Truecrypt), AxCrypt, BitLocker. However its much closer to PGPs file encryption strategy rather than disk encryption or volume encryption. You encrypt a resource by using the explorer plugin to right click on a resource and then "activate" SSProtect for that resource. The process is similar in email where you can "protect on send" and the plugin encrypts the email and then sends it along.
It is here where the solutions deviate dramatically, and the real value of SSProtect begins to emerge. First off, Two Factor authentication is rigorously integrated into the solution supporting solutions such as YubiKey and OAuth tokens. This can greatly enhance the security of the solution and should appeal to organizations that already embrace security tokens and CAC cards.
Secondly, and most compelling, is the trust model. Many other solutions employ a simple scheme based on public key technology where everyone keeps are part of the key pair secret (private key) and then their is a public component that everyone can access (public key). Encrypting with one allows you to decrypt with the other. With SSProtect there is another layer of encryption that happens to enforce a trust model within the cloud. In this trust model, you establish *who* is permitted to access encrypted content from you and this is further isolated by who you want to specifically access the content. While, at first, this sounds overly complicated what it achieves is really the next step for products like this. Because of how the content is doubly encrypted you now create an ecosystem that provides for detailed access logging. Say for example a breech of some sort occurs and it is presumed that some content has been downloaded. When that content is reviewed it will of course be encrypted. If the attacker attempts to use the software to decrypt, this attempt is logged: you now have a record of what file was accessed, by whom and where. If you were to send a sensitive document to someone who then released the protection on that file, that would also be logged. This offers an amazing amount of auditing for sensitive information and far better protects those assets.
Lastly, because of the way the cloud solution works it opens up the opportunity for cloud back up of these files. The first concern with a statement like that is, "what happens with a court order or if the company's keys are compromised?" The advantage here is that the files are encrypted by the organization first and then encrypted by DefiniSec. Even if DefiniSec allowed access to the content, the client still has control over the content with keys that never leave their environment.
These additions to the normal run-of-the-mill encryption solution make SSProtect a lot more valuable than just an encryption product. Its real value is in the auditing, backup and forensic detail in the case of breech or ransomware situation within an organization. As the trust model matures and additional enterprise features are added, SSProtect has the capability to become a very valued tool in the enterprise.
What would you change about your experience with SSProtect?
All solutions have a beginning and SSProtect is a fairly new product. There are occasional minor issues to contend with that are rigorously corrected by the developer. Additionally, the process of file protection on a modern operating system is a complex process. There are limitations to the Explorer Mode mechanism, which are very well documented and understandable (for example network-mapped files). In time, these limitations will clear up as the solution matures. Lastly, sometimes the trust model is a little difficult to administrate, but only once you start developing more complex trust models.
Overall Feedback
I have used the software off and on now for about a year but recently began using it on a corporate resource to experience the solution within a real workflow. The solution is nearly transparent, which is good - sometimes almost too good. The change in the philosophy that makes auditing, backup and forensics possible really make this something different than a "file encryption tool" and should be closely examined. With intrusions that end up on wikileaks or worse there are no good tools that help you determine what has been compromised once it leaves your organization - and most importantly where it went. This is especially true in marketing and sales where sensitive data, like the performance of a product, often quickly get into a competitor's hands and there is no way to find out who leaked it. Since its important for groups like this to share these details to customers and partners its almost impossible to prevent. SSProtect brings a new idea into the solution set that can help with these problems with little to no interference to the end user.