Compliance and Best Practices require Better Security
Information and storage security are very important topics - privacy and data theft are at the forefront of today's customer concerns. In addition, many regulations such as Sarbanes-Oxley, Privacy Acts, and HIPAA, spell out specific requirements for secure information access and data storage.  Assureon offers powerful answers to these important requirements through the integrated technologies it is built upon - security, file disposition, the individual destruction of offline files, WORM protection and file authentication.
 
Encryption
Assureon can encrypt any file, using the Advanced Encryption Standard (AES256). There have been no successful attacks against AES, and it has been approved by the National Security Agency (NSA) for top secret documents. Multiple Privacy Acts, HIPAA, California 's SB 1386 and the FDA's CFR part 11 recommend or require encryption of information for security purposes. When Assureon encryption is enabled, files cannot be viewed even if a hacker manages to compromise security.
 
Secure Accessibility
Assureon's Access Control has three components.
  1. Authentication verifies that a client is who they say they are
    • Assureon optionally uses security certificates (Smart Cards)
  2. Authorization determines that the client has the appropriate permissions to access the resources they are requesting. Authorization is given to an authenticated client by policies established within Assureon and then published into Active Directory.
  3. Audit logs that can be used to account for any and all access to managed information.
 
Assured Individual Key Destruction
At the end of an information asset's retention period, Assureon destroys the file's encryption key and all access to that file.  Assureon is unique in its key management capabilities in that it can identify and dispose of individual files  - not only on its integrated disk storage, but also on offline media such as tape or optical.
 
Authentication of Information
When a file is placed under Assureon management, it is processed by dual cryptographic hash functions (MD5 and SHA-1) to create a unique identifier sometimes called hash value, digital fingerprint, CAS (Content Addressable Storage) address or UFID. This unique identifier allows the system to verify that the file has not been altered or inadvertently corrupted.

When a file is authenticated, Assureon retrieves the file, creates a cryptographic hash value for the document, and then compares it to the original cryptographic hash value that was generated when the file was placed under management. If any changes were made to the document, even down to the bit level, the hash values will not be the same and the file is not authenticated; if the hash values are identical, the file is authenticated as an original. This procees ensures the authenticity and integrity of all files stored by the Assureon system.