How it Works

Keyavi's encryptionClosed The process of protecting a file and tying access policies to it so that authorized users can access the data securely based on restrictions set by the data owner. and policy-based protectionClosed The process of encrypting a file and tying access policies to it so that authorized users can access the data securely based on restrictions set by the data owner. are infused directly into the data itself. This protection is enabled across all platforms, methods of transit, operating systems, and device types. For example, this means that data stored on any flash drive, uploaded to any cloud service, or emailed through any provider can be protected by Keyavi.

Geolocations and Geofencing

Geolocations and geofencing provide additional security to restrict encryption and decryptionClosed The process of opening a protected, encrypted file and transforming it back into its original, accessible form for authorized users based on policies set for that file. based on a specific location. Establish organization-level geofencing by specifying countries where access is allowed and excluding countries commonly known for threat activities. Users can specify the geolocations at various levels of granularity including country, state, zip code, or latitude and longitude coordinates.

The Keyavi Web Portal dashboard shows a color-coded map with the access location of the file and if violations occurred.

  • Green: File successfully accessed without violations.

  • Yellow: Policy violations occurred.

  • Red: Access violations occurred.

All Authorized Locations

All Authorized locations can be different geographical locations of the corporation. They're set by the Keyavi PolicyClosed Rules associated with a protected payload that designate which users can access the encrypted file, from what locations, and for what time periods. Administrator and identified by country, state, zip code, or street address.

Excluded countries cannot be added as an authorized location.

Office Locations

Office locations are user-defined geographical locations identified by latitude and longitude coordinates. Users can set multiple locations for accessing the data from, for example, the office, home, or a coffee shop. A Location that is no longer used or needed can be removed.

Intelligent Directory™

Intelligent Directory™ is a service that gets configured onto a folder. Then, when a user saves a file directly to the designated folder, it automatically creates a Keyavi-protected IKD fileClosed Short for "Intelligent Keyavi Data" and is the file extension for a Keyavi-protected file. This file has multiple layers of encryption and policy-based rulesets infused into the data itself, making it self-protecting, intelligent, and self-aware.. Intelligent Directory aims to make securing your files as easy and seamless as possible.

If you're a Keyavi Policy Administrator, you can define the directories you want to protect with Intelligent Directory. When you configure Intelligent Directory, you become the owner of the files. You can also allow authorized users to access Keyavi-protected data offline without an internet connection.

Authorized Time Period

An authorized time period, or time embargo, adds another layer of security to the data. It allows the data ownerClosed A user that encrypts the file with Keyavi and maintains control of that data throughout its lifecycle from the Data Management Console. to put a time limit for when access to the data begins and expires, for example, before and after a business meeting.

If a time period isn't provided, access to the protected data doesn't expire. It can be openedClosed The process of decrypting a protected, encrypted file and transforming it back into its original, accessible form for authorized users based on policies set for that file. at any time (unless revoked). However, if an authorized userClosed A recipient with access to the secured data file. The data owner defines the authorized users. attempts to open the protected file outside this time frame, they'll get an error.

Account Types

There are four distinct account types available to use the Keyavi technology. Your account type will determine what functionality of the Keyavi technology is available to you.

  • Administrator Account—Users with a Keyavi Administrator Account, you have full functionality of the Keyavi technology as defined in Full Control Account.

It's up to the organization's system administrator to determine what functionalities and components a Keyavi admin can access. Access to each component and functionality should follow the defined Keyavi Security Groups and have access only to the allowed functionality.

  • Full Control Account—Users with full functionality of Keyavi, including the ability to both open and create IKD files. In addition, users can access the Keyavi Portal to view their dashboard and manage their data and settings.

  • Read-only Account—Users can open IKD files but cannot create them.

  • External Account—Recipients of a Keyavi-protected file or Smart Email who don't have a full Keyavi license within the organization. External users can access IKD files through an external account the sender created for the recipient. The external account has read-only access.

User Authorization Mode

Individual user rights take precedence over rights determined through group membership.

Authorization Mode

Description

Keyavi Application

File Type

Permitted Action
Read-only File opens in a protected view without editing capabilities. All Over 150 file types are supported. Read
Edit File opens in a protected view with limited editing capabilities. Keyavi for Windows
  • Microsoft Word (.docx)
  • Microsoft Excel (.xlsx)
  • Text (.txt)
  • Read
  • Edit (including cut, copy, and paste)
  • Save changes to protected copy
Full Access File opens in its native application.
  • Keyavi apps
  • Keyavi Web
 All file types.
  • Read
  • Edit (including cut, copy, and paste)
  • Save unprotected copy
  • Print
  • Screen share
  • Screen capture