All your data protected under three layers of identity-based encryption
Each Galaxkey product uses the same identity-based encryption model. Every user must present the correct identity and authorisation to access a piece of your data each time they use it. This may be access to an email, a document or a workspace.
By tying access to identity, you can have users on multiple devices, platforms and regions with no loss of security. This frees your organisation to work however it wants to while remaining protected at all times.
Galaxkey’s encryption secures data across all our products with FIPS 140-2 compliant encryption algorithms, a benchmark standard set by the US Government. Combining this with identity-based authentication makes our products among the most powerful data security tools available.
Galaxkey’s easy-to-use software integrates with Microsoft Outlook, works as an app on iOS and Android devices, and as a desktop application on the macOS. Galaxkey automatically encrypts the email on the device itself.
This provides a simple way for a Galaxkey registered user to send secured emails simply when the “Send” button is pressed.
If the person you sent the email to is not registered with Galaxkey, they are automatically registered by the platform with a no-cost Galaxkey account. The recipient does not have to do anything other than set their own password, and then they can receive emails and respond securely.
Galaxkey’s feature-rich email applications include email notifications, authorisation before opening, time validity, digital sign and geo-fence. These combined features make it very simple for corporates to deploy Galaxkey into their enterprise network.
Additionally, Galaxkey also provides a gateway-level encryption server for emails, where an enterprise needs to scan content before encryption.
On Windows and macOS operating systems, users right-click on their document to encrypt it.
This makes securing a document as simple as zipping. Once encrypted, the document has the extension of .gxk. Users can directly double-click on a document, edit it, and automatically store it in the encrypted container.
Galaxkey Secure Workspace is a web-based platform that allows documents of any size and format to be shared and received securely.
Each document on the workspace is encrypted and stored using Galaxkey’s identity-based architecture. The workspace allows setup in-house so that all data remains inside the organisation’s control – even in encrypted form.
The platform architecture allows its users to create a workspace giving access rights to people both inside and outside the organisation. Access rights are granular, and people can access data only if they have proper authority.
Galaxkey workspace has in-built MS Office file editing that negates the need to load the document in Microsoft’s online platform. This ensures that the integrity and security of the document is completely maintained within the organisation’s control.
The secure file transfer platform integrates seamlessly with email clients, enabling users to send large files securely without the limitation of maximum file size restriction imposed by mail servers.
Galaxkey is a pure end-to-end encryption solution – meaning that information is encrypted at source and can be decrypted only at destination.
When a user registers with Galaxkey, they receive a Galaxkey Identity. This Identity is used for email encryption, file encryption and Workspace. Galaxkey secures the Identity of that user with all the information stored inside the encrypted packet.
This Identity is two mathematical keys that are associated with an email address. One key is for encryption, and the other is for decryption. Your encryption key is securely made available to anyone who wants to share information with you using the Galaxkey suite of products. Your decryption key is encrypted using your Galaxkey password and made available only upon successful authentication. Thus, the final control of data shared with you lies only with you. The Identity is associated with your unique email address, which is only accessible by you.
Galaxkey does not store any passwords in any form whatsoever.
All four of Galaxkey’s products centre on our unique three-layered encryption architecture, and each layer must be removed before you can see the one below. Therefore, your data is only accessible after all three layers of protection have gone.
We combine the strengths of both AES-256 encryption and RSA 2048 encryption to create a powerful model similar to 3 combination locks where each lock has 2 to the power 256 possibilities to choose from. But there is no key or password to help someone work it out. Because of our unique identity-based model, no user passwords or keys are ever stored.
This makes Galaxkey encryption practically impossible to penetrate.
When you register with Galaxkey, you receive an Identity used for all email encryption, document encryption and Workspace. This Identity enables you to use any of the Galaxkey products:
Using the hybrid implementation of Galaxkey, enterprises can hold and generate the keys in their own infrastructure. Galaxkey has zero visibility of the keys. Any data secured with these keys cannot be decrypted without access to the keys stored in the enterprise’s internal network.
In cloud implementation, the keys are stored in Galaxkey’s ISO 27001 certified infrastructure, and all are encrypted with the passwords of each user. The keys are not accessible to Galaxkey as Galaxkey does not store the passwords used to encrypt these keys. They are only accessible to the enterprise.
Galaxkey products have been built to allow all enterprises to manage and store encryption keys in their own infrastructure.
Galaxkey has been built for an enterprise environment, making it simple for any enterprise to adopt a secure way of communication without having associated overheads.
Galaxkey’s enterprise-friendly features include:
We adhere to US government standard AES FIPS 140-2, and our email encryption is certified by the NCSC (National Crime Security Council, UK).
The US government standard AES FIPS 140-2 defines a minimum set of requirements for cryptography products. These are primarily for cryptographic modules used to secure sensitive information. The system uses 2048-bit RSA Keys as standard, and the cyphers can be substituted if required. The standard is used across all major platforms – Windows, iOS, Android and MAC OSX.
Galaxkey’s unique architecture can let you have complete control of your layer one and two encryption keys. With hybrid (in-house or self-hosted) models, encryption keys are generated in your environment.
For clients using hardware security modules (HSM), Galaxkey supports integration into HSM, offering another level of security. We are partnered with Thales and can provide seamless integration with Thales HSM devices.
As an administrator, you can manage your keys and control your data. With corporate accounts, you can create encryption policies for your users based on groups. White labelling options are available to brand your platform, and detailed audits produce GDPR reports.
Set rules and policies to protect your data and meet specific compliance requirements. These policies can be applied on Outlook and also on Galaxkey Secure Gateway.
Various policies can be set based on user groups. The policies can be applied to various email elements like subject, metadata, body, and attachments. The policy engine supports regular expressions; hence the administrator has complex flexibility to configure the rules on the encryption. Policies are an effective way to implement Data Loss Prevention (DLP) in corporate emails.
Galaxkey supports Active Directory, Azure Active Directory and Okta integrations for single sign-on. The Galaxkey Active Directory Synchronisation makes it easy for corporates to provision and de-provision users on the Galaxkey Platform. And if you need Digital Identity Verification, our platform integrates with Yoti.
