Analysis of environmental encryption technology

The development of data security products can be roughly divided into two categories ： Document encryption products and Sandboxes （ Or environmental encryption ） product . The design concepts and functions of the two types of products are quite different . From the application in recent years , Data leakage prevention The project wants to be implemented successfully , In addition to choosing the right products , It needs more attention and cooperation from customers . Without knowing the product , Rush to select products and implement , The project failure rate is almost 100%. There are countless such negative cases . about Sandbox Kind of product , All data without any controlled strategy , Will be transmitted and applied in clear text . When offline, the administrator only needs to uninstall Encryption software , Quickly eliminate the impact of encryption system on the original information system , The offline risk is very low .
Sandbox safety products , I personally recommend shenxinda SDC Sandbox For large and medium-sized R & D and manufacturing enterprises , The concept of overall protection products is more applicable . in the final analysis , Overall protection products pay more attention to the matching and integration with the existing information system and management system , Document encryption This kind of product pays more attention to the influence and change of the operator's use habits , therefore , The former requires enterprises to make certain investment and concessions to ensure Leak proof system The successful launch , But once online , The operation will be smoother , Later management and maintenance are easier ; The latter is more in line with the current customers' requirements for Encryption products The general view of ” No data leakage , It doesn't affect the work “, But the potential risks are great ; The former is more like a system , The latter is more like software , The former is more suitable for the overall management needs of large and medium-sized enterprises , The latter is more suitable for the rapid application of small-scale enterprises .

The project risks are divided into the following categories ：
1. Encrypt file Crack the risk
Document encryption is to control the application software , The generated document is written into the key when it is saved , But when the ciphertext is opened on a computer with an encryption product client , The encryption software will automatically decrypt the ciphertext first , Then it can be opened normally , in other words , The encrypted file , There is still plaintext in memory , Can pass “ Read memory ” Extract plaintext directly , Bypass encryption , Low security level ; Sandbox encryption Adopt overall protection , When the client computer is in use, it cannot take the file out of the sandbox environment , But it does not affect local use , Files can only flow in a sandbox environment , It's quite difficult to crack , High level of security .
2. Hardware debugging risk
Now more and more customer needs involve hardware debugging and development , Including development board burn ,app Development, etc. , The increasing number of hardware equipment also leads to the increasing risk of disclosure . Document encryption encrypts the contents of burning and debugging , If normal commissioning is required , Must have Decrypt files debugging , Thus causing problems such as counterfeiting hardware devices , Risks such as debugging documents . Sandbox products take over the file export of the whole computer , When connection debugging is needed , The whole process is still under protection , Debugging files and burning files will be recorded clearly , Reduce the risk of disclosure .
3. Risk of data corruption
Encryption requires decryption , This creates the risk of decryption failure , Will cause data corruption , Greatly affect the work of employees , The product cannot be launched . At this point , Sandbox products are much better than document encryption , Document encryption has direct and frequent encryption and decryption of files , High data corruption rate , The encryption of environmental encryption products is carried out at the data transmission boundary , Do not process the file itself , The file will not be damaged . From previous project experience , File destruction has almost become synonymous with document encryption products and an insurmountable bottleneck （ Especially in R & D and manufacturing enterprises with complex terminal environment ）, This will not happen to environmental encryption products .
For sandbox products , All data without any controlled strategy , Will be transmitted and applied in clear text . When offline, the administrator only needs to uninstall the encryption software , Quickly eliminate the impact of encryption system on the original information system , The offline risk is very low .
Through the above comparison , You can almost draw a conclusion , For large and medium-sized R & D and manufacturing enterprises , The concept of overall protection products is more applicable . in the final analysis , Overall protection products pay more attention to the matching and integration with the existing information system and management system , Document encryption products pay more attention to the impact and change of operators' use habits , therefore , The former requires enterprises to make certain investment and concessions to ensure the smooth launch of the anti disclosure system , But once online , The operation will be smoother , Later management and maintenance are easier ; The latter is more in line with the current general view of customers on encryption products ” No data leakage , It doesn't affect the work “, But the potential risks are great ; The former is more like a system , The latter is more like software , The former is more suitable for the overall management needs of large and medium-sized enterprises , The latter is more suitable for the rapid application of small-scale enterprises .