Ransomware attacks have become alarmingly common and, unfortunately, experts predict that they will only become more frequent and more severe in the coming years.
GaraSign provides protection against ransomware with a variety of security controls, including restricted access to sensitive data and decryption keys, granular access controls like MFA and device authentication, and support for digitally signing and timestamping backups.
It is best practice to cryptographically timestamp your data before you encrypt it. This allows you to easily identify if the data has been tampered with at any point in time. GaraSign integrates with all major trusted timestamp authorities (TSA) to seamlessly support cryptographic timestamping.
Encrypt data at rest using a self-managed (i.e. on-premise) Key Management Service (KMS), wherever possible. This is especially important when the third-party is the one storing the data, as is the case with cloud providers. By encrypting the data before it is sent to the storage provider, you benefit from the storage provider’s scale without sacrificing the confidentiality or integrity of your own data.
Keep the private keys for decryption in a disabled state by default. Since they are only needed when restoring backups and are therefore not needed frequently, you should only enable them when there is a need to do so, and immediately disable them one again after they are used. With GaraSign, any cryptographic key can be disabled with a few clicks from the GaraSign interface.
Ensure that only authorized and authenticated end-users can use the decryption keys needed to access backups. GaraSign supports granular access controls, such as MFA, device authentication, and approval workflows, on a per-key or per-user basis.
With GaraSign, all backups are digitally signed, cryptographically timestamped, and encrypted while the decryption keys remain secured in a certified hardware security module (HSM). Security policy can be established on a per-key or per-user basis from a single interface and any cryptographic key can be disabled with a few clicks. Granular controls, such as MFA, device authentication, approval workflows, and more, ensure that only authorized and authenticated end-users can access decryption keys and thus the encrypted data.
Schedule a demo to see how GaraSign can improve the security and performance of cryptographic operations throughout your environment.