Automatic Encryption for Windows Servers

Secure Sensitive Data on Windows Servers

Many organizations deploy Windows servers for Internet file exchange with customers, vendors, and employees. The server might be an FTP server, .NET web server, Secure Shell (SSH) server, WebDAV server, shared folder server, or other server used to transfer files. Files are often secured during transfer using SSL encryption, but may not be sure once received on the server. If the files contain sensitive information such as credit card numbers, social security numbers, or personally identifiable information (PII), the data should be secured using strong encryption to prevent unauthorized access. Alliance File Encryption Manager (FEM) provides the automatic encryption of these files.

 

Automatic Encryption of Files

Alliance FEM can automatically encrypt files that you receive on a Windows Server. You can define one or more folders for Alliance FEM to monitor, and once monitoring starts Alliance FEM will automatically detect and encrypt any new files that arrive in the directory. Alliance FEM will wait until a file transfer is complete before beginning encryption to avoid a collision with the file transfer utility. Alliance FEM uses AES encryption to secure files and assigns a unique suffix to the file name to insure that files are not overwritten. Alliance FEM can monitor multiple directories at the same time, and can perform multiple simultaneous encryptions.

 

Monitoring Folders for New Files

Configuration of Alliance FEM involves registering folders on the Windows server to Alliance FEM for monitoring. When you register a new folder Alliance FEM starts a new process to monitor the folder. The new process registers to receive a notification whenever a new file is created in the folder. There can be multiple folders being monitored at the same time. When new files arrive the folder monitoring process starts the file encryption process.

 

NIST Certified AES Encryption for Strong Protection

Alliance FEM uses the Advanced Encryption Standard (AES) for file encryption. AES is the federal standard for encryption as defined by the National Institute of Standards and Technology (NIST). Alliance FEM uses the Alliance AES encryption solution that has achieved NIST certification through the independent AES validation process. NIST certification provides assurance that you are using a solution that meets the demanding standards of the NIST.

 

Windows Service Implementation

Alliance FEM is implemented as a Windows service. This means that Alliance FEM will automatically start when you reboot your Windows server. You can manage the service using the standard systems management tools that you use for managing any Windows service.

Alliance FEM is a threaded application. It conserves server processing resources by only becoming active when there are files to process. Once a file is encrypted Alliance FEM will not use processor resources until the next file is ready to process.

 

Compliance Logging

To meet regulatory compliance requirements for audit trails, Alliance FEM writes activity records to the Windows event logs. You can use the standard Windows event viewer to create reports of file encryption activity. Windows event viewer lets you specify date ranges, application sources, and message types to create reports of file encryption activity.

 

Encryption

Advanced Encryption Standard (AES) in Electronic Code Book (ECB) mode

Key Sizes

128, 192, and 256-bit key support

Architecture and Operation

• Monitor an unlimited number of folders.
• Drag and drop configuration of monitored folders
• Detects new file events and automatically encrypts to unique name
• Threaded application handles multiple folders and files simultaneously
• Runs as a Windows service with automatic start
• Logs file encryption events to the Windows Event Manager
• Standard Windows MSI install and un-install

Certifications

Uses NIST certified Alliance AES Encryption for Windows

Compliance

• Meets PCI DSS Section 3 requirement for encryption
• Meets PCI DSS Section 10 for system logging when used with Windows syslog Agent
• Meets HIPAA ePHI requirement for securing sensitive data with encryption
• Meets SOX data security requirements for sensitive data
• Meets Privacy Notification requirements for encryption of personally identifiable information
• Meets GLBA requirements to secure sensitive consumer information with encryption

Platforms

Windows XP/2000/2003/2008