This article includes answers to frequently asked questions about the Anchor ecosystem.
What problems can Anchor solve?
In many businesses, a substantial amount of sensitive data is created and shared among users. This includes electronic health-care records, social security numbers, Intellectual Property (IP), and data created in real-time via the IoTs deployed on equipment (or Warfighters in the field). The traditional approach to data security is broken. Restricting access to applications and files inside the network boundary is not effective. Anchor changes the traditional paradigm by integrating its ground-breaking “Access Rule-Based” encryption and generates detailed granular audit logs of all data accessed.
Who experiences this problem?
Organizations, administrators, and users have varying levels of responsibility to secure data during its creation, usage, storage, and transfer.
How does the Anchor solve the problem?
The anchor is a high-performance, data-centric security solution that enables access without conceding ownership of the data. Our zero-trust via encryption methodology implants “access rule-based” security that travels with the data. After ‘Anchorization,' data is ciphertext at all times. Anchorization is the process by which data is encrypted and the boundaries are embedded alongside the encryption. Only when users are within access rules are they granted access to the decryption keys thereby allowing them to use the data.
State of the Art in Zero-Trust:
Military-grade encryption is now available and affordable.
Encryption is completely transparent to the end-user experience.
The native solution requires zero plug-ins or downloads.
Governance rules control data access with instant revocation once access rules are broken.
Secure and frictionless data sharing with external third parties and supply chain.
Anchor capabilities innate to its core DNA:
Wide: Anchor’s platform agent, server, SDK, cloud, mobile, and web experiences enable data control across the organization.
Transparent: Anchor is completely invisible to the user when they follow organization policy.
Scalable: Anchor encryption can be applied to unstructured file types of any size, high volume web services payloads, and databases.
Available: Anchor supports network connected, limited bandwidth, and offline controlled data access use cases.
Policy-driven: Anchor supports physical, identity, logical, location, classification access rules designed to instantly enforce policy through automatic revocation.
Derivative: Anchor methodology enforces control and monitoring on all protected file derivatives.
Why Anchor is a unique cumulative solution?
In addition to the capabilities stated above, Anchor’s architecture features the following advantages:
Technical Flexibility: Our technology can be deployed to any file type and scales without significant transaction costs.
Affordable: Anchor offers flexible per-user pricing that makes our solution viable in targeted and scaled deployments.
Agnostic: Anchor does not require changes to existing user behaviors, as our technology works with current technologies.
Performance: Existing as a set of small drivers on the OS, Anchor does not impact machine performance.
Easy to Deploy: Anchor can be applied to an organization's data without significant transition lead time. We complete data control deployments in a matter of hours.
What is a multi-key system and how does Anchor use one?
A multi-key system is when individuals with administrator-level permissions can create/modify the number and nature of the required keys. Granular file control is possible by deploying a 'key per file' architecture. Because this is dynamic and invisible to the administrator, we can provide high-resolution control without added user friction and high administration costs.
How does Anchor offer technical flexibility?
Our technology can be deployed to any file type and scale without significant transaction costs. This allows us to protect frequently created small data files generated by edge IoT to large multi-gig media files and any size in-between.
What makes Anchor simple, affordable, universal, and transparent?
Simplicity: We can be deployed in a matter of hours. Once configured, our control is automated and invisible to users following the access rules.
Affordable: We have flexible per-user pricing that is friendly to small and medium-sized businesses (SMB) without big upfront costs.
Universal: We do not require changes to existing user behaviors. Anchor seamlessly works with current technologies making us synergistic to existing security architectures.
Transparent: Anchor runs in the background and does not require the user to interact with encryption.
How does the pricing work?
We offer tiered pricing based on active users and machines.
Will the Anchor agent impact machine performance?
Existing as a set of lite drivers on the OS, the Anchor agent does not impact machine performance. The anchor is light on the IT infrastructure, requiring minimal space, memory, or operating power.
What Operating Systems are supported by Anchor? Windows 10
Windows Server 2012 and above
macOS (Releasing later Summer 2022)
What Operating systems are supported by the Anchor mobile app? - iOS 13.0 and above - Android 10 and above
Is the Anchor agent easy to deploy?
The Anchor agent can be applied to an organization's data without significant transition lead time. It can encrypt data in the background in real-time without the need for organization or IT downtime (minimal downtime that would coincide with routine maintenance). Data control deployments are typically completed in a matter of hours.
Will I notice the Anchor agent on my computer?
The Anchor agent is transparent to end-users. It runs in the background and does not require the user to interact with encryption. If access rules are met, the anchored files open normally. The Anchor agent becomes visible only when the user is breaking access rules that have been defined in order to consume the data.
How does encryption work? What makes it better than existing encryption?
The features of Anchor’s encryption are how we deploy and enforce:
Embedded per file to provide highly granular control that travels with the data.
Low-level OS driver level efficiently enforces control over the file without user and application level involvement, resulting in zero friction and high performance.
Dynamic protection of file derivatives results in automating governance and minimizing administration time.
These cumulative features allow Anchor to be universal, transparent, and unopinionated about the applications that consume protected files, where those files are stored, and how they are shared in a Windows environment.
What does this mean for data security incidents?
If a breach should occur on anchored data, the exfiltrated files are useless, as they will appear as ciphertext because they are outside the access rules. Because the data lost during the breach is encrypted, the reporting requirements under any compliance regulation no longer apply.
Does Anchor work with Security Information and Event Management (SIEM) systems?
The anchor can be connected to SIEMs through Amazon Kinesis Data Firehose which is integrated with Amazon S3, Amazon Redshift, and Amazon Elasticsearch Service. It can also deliver data to generic HTTP endpoints and directly to service providers like Datadog, New Relic, MongoDB, Splunk, and FireEye.