1) SecureAnyBox has 2 parts -
a) Local accounts protection with LDAP users password management (Windows, MacOS X, Linux)
2) Standard user authentication to SecureAnyBox (with username/password or SSO) gives NO ACCESS to any protected information.
Users can be pulled from unlimited number of LDAP sources or defined manually. In case of LDAP source synchronization, we have no control of password security and it's why we don't use password for encryption.
3) SecureAnyBox works with so called Access Code which is used for protection of the user's private RSA key.
We are working with a code policy thus whenever you share with other users you are pretty sure that their AccessCodes are set in accordance to this policy, therefore secure enough.
4) The Access Code is not stored in any form at the server - user has to provide it every time for each protected/controlled operation (encryption, decryption, sharing management, SafeBox/SafeBoxGroup creation or removal).
This behavior we call AUTHORIZATION - any important action taken has to be authorized by entering the AccessCode and of course is also recorded in the AUDIT LOG.
5) SIEM integration and email announcements are also included in addition to the built-in Audit Log.
All the events are reported to your SIEM solution immediately but emails can be aggregated by time (first event starts timer, the report is sent after configured amount of time, e.g. one hour regardless other events occurred or not)
6) For user's convenience and effective work, AccessCode timeout can be used - then user don't need to enter the AccessCode every time if any action is taken within the timeout interval.
This feature is controlled from the server and is limited to one session and SafeBoxes part of the system only. If you leave this safety perimeter, you have to enter the AccessCode always again.
7) The per user audit and per record audited access gives a similar security to any organization like backup - you don't need to wait for data loss, you can backup up in advance. You also don't need to wait for fraudulent actions of your employees or partners, you can store in secret, share, transport and audit in advance.