NetDocuments Announces New Encryption Key Technology with Advanced Customer Key Management

June 7, 2015
Salt Lake City, UT

NetDocuments, a leading cloud-based document and email management service, today announced its next-generation encryption technology with advanced customer key management. The new security architecture includes up to three separate encryption keys for each data file and allows customer firms and corporations to hold and control specific encryption keys relating to sensitive documents or content falling under regulatory, compliance, or client-mandated data governance policies.

Recent high-profile international data privacy and access cases have prompted firms to give increased attention to security, data encryption, and the risks associated with data access if governments, courts, or other regulatory agencies seek access to confidential data. NetDocuments has responded to these security risks by developing next-generation key management and encryption technology.

"The new key management infrastructure not only gives firms control of the keys for sensitive data, but takes the security and encryption of the entire document management platform to a level beyond what a single firm could provide, and beyond what other vendors are currently providing," Alvin Tedjamulia, CTO at NetDocuments, stated.

By leveraging quantum random number generator technology, NetDocuments' encryption keys will be generated using 100% true quantum physics randomization, as opposed to software-based randomization relying on decipherable algorithms. Tedjamulia explains, "The underlying randomization technology is a critical component to our key management infrastructure, setting a new standard for best-of-breed encryption, data custody management, and now customer-controlled keys for each individual document or email."

The new key management and multi-layered encryption technology includes:

  • One Unique Encryption Key per Object – Each and every digital file is encrypted using the AES-256 cryptographic method with a unique and distinct Object Encryption Key (OEK).
  • Multi-Layered Encryption - Each OEK is separately encrypted using a Master Encoding Key (MEK). Customers may apply a second layer of encryption to the OEK with an optional Workspace Encoding Key (WEK) which is controlled by the customer.
  • Robust Key Management Solution – A highly secure key management solution manages all MEKs and WEKs, and includes dedicated Hardware Security Modules (HSM).  Customers may use the NetDocuments HSM to store and manage customer WEKs, or customers may deploy and operate their own HSM.
  • Customer Control for Workspace Encryption – The WEKs are controlled by the NetDocuments customer firm.  Firms may assign cryptographic keys to specific workspaces (matters, cases, projects) that are highly sensitive and which require additional security and encryption layers. Workspace-based encryption key management allows firms to revoke access to specific sets of data instead of the entire document management service.
  • Cypher Strength – A hardware-based 2nd generation Quantum Random Number Generator is used by NetDocuments to ensure that each AES-256 key is created with full randomization to ensure maximum strength of each encryption key.
  • Private HSM – Firms can implement a Private HSM to store Workspace Encryption Keys under their control and custody.  If a private HSM is selected, all the ownership, management, control, and monitoring of workspace or matter keys is directly under the custody of the firm.  NetDocuments would not have any management access to Private HSMs, but can only perform authorized operations such as the ability to submit OEKs for cipher operations.  In this environment, the private HSM is under the full custody of the firm.