Authentic8 Enables Full Encryption of User Activity Log Data

img_2014-11-18_Encrypted-Logs

CORPORATE NEWS

MOUNTAIN VIEW, CA--(Marketwired - Nov 18, 2014) - Authentic8, maker of Silo, the cloud-based secure browser for businesses, has extended logging capabilities to enable encryption of all usage and activity data with a customer-supplied key. In today's world of web-based services, customer data is scattered across a variety of third-party providers. And companies in industries where information needs to be closely managed don't have the tools necessary to remain in compliance when using cloud-based apps.

Now, Even the Most Sensitive or Regulated Customers Can Maintain Anonymity and Compliance When Using Silo, Authentic8's Cloud-Based Browser

In financial service markets, audit logs are necessary so that internal compliance staff can review user activity and remediate policy violations. In healthcare, a leak of user data based on a browser exploit or website breach can cost a provider their compliance certifications. People in these sectors and others need access to privileged data, while ensuring that it remains safe.

Authentic8's new extended logging capabilities ensure that customers maintain full control over their data, keeping it out of unauthorized or unwanted hands, including ours.

In its standard configuration, Silo provides simple and intuitive roll-up reports of user activity. Admins get a historical dashboard of session data and overview of web-based activity. All customer log data is automatically deleted on a 90-day rolling window. But given that many customers must adhere to internal compliance controls or external regulatory requirements, the need to capture more detailed user and admin audit data has become more pressing.

In order to provide more detailed activity data without jeopardizing the integrity of customer data, Authentic8 has implemented an encrypted logging feature. From within the Silo Admin Console, a customer can upload an encryption key at the organizational node where they want detailed log data. Once encrypted, Authentic8 then provides customers with a series of authenticated API calls that allow them to extract and delete their log data from the Silo system.

As stated in its privacy policy, Authentic8 treats customer data with the utmost care. "While some customers may wish to have more detailed data of user activity, we do not want to be a repository for broad-based user activity. Balancing customers' desire with company policies required a re-think of what data we collect and how we store it," said Ramesh Rajagopal, co-founder and President of Authentic8. "The solution was to expand our logging capabilities under the condition that the customer encrypt the data with a key that they control. There is no ambiguity about our position -- we cannot access our clients' data."

Once configured with an encryption key, Silo will collect more verbose log data at that node in the organizational hierarchy, including:

  • Session activity data, including user, machine, IP, and duration
  • URL activity data, including the top level URL for every web page rendered in the session
  • HTTP POST data, including web requests and form submit data
  • Admin activity logs providing audit data on admin action

Administrators can configure logging with different keys for different groups in their organization, ensuring that access to the most sensitive data can be restricted to appropriate users even within the company. Customers are provided an auth key and an API for log data extraction, and, if desired, the ability to delete log data prior to the 90-day rolling deletion process.

Silo encrypted logging is being offered from today as an integrated feature of Silo for Teams, which costs $15 per user per month. It is available now at www.authentic8.com.

Scott Petry - Scott is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007.

Topics: Corporate News