Request a Demo

Four products - One platform

Email encryption architecture is accredited and certified by the NCSC under the CPA program

Use separately, or combine all four in the fully secure Galaxkey Business Enterprise Suite

HOW DOES IT WORK?


Each Galaxkey product uses the same identity-based encryption model, where every user must present the correct identity and authorisation to access a piece of your data each time they use it. This may be access to an email, a document or a workspace. By tying access to identity, you can have users on multiple devices, platforms and regions with no loss of security. This frees your organisation to work however it wants to while remaining protected at all times.

Galaxkey’s encryption secures data across all our products with FIPS 140-2 compliant encryption algorithms, a benchmark standard set by the US Government. Combining this with identity-based authentication makes our products among the most powerful data security tools available.

FOR EMAILS
For documents
For workspaces
FOR EMAILS

Galaxkey’s easy to use software integrates with Microsoft Outlook, works as an app on iOS and Android devices, and as a desktop application on the macOS. This provides a simple way for a Galaxkey registered user to send secured emails simply when the “Send” button is pressed. Galaxkey automatically encrypts the email on the device itself. If the recipient is not registered with Galaxkey, they are automatically registered by the platform with a no-cost Galaxkey account. The recipient does not have to do anything other than set their own password, and they can receive and respond securely. Galaxkey’s feature-rich email applications include email notifications, authorisation before opening, time validity, digital sign and geo-fence. These combined features make it very simple for corporates to deploy Galaxkey into their enterprise network. Additionally, Galaxkey also provides a gateway level encryption server for emails, where an enterprise needs to scan content before encryption.

For documents

On Windows and macOS operating systems, users simply right click on their document to encrypt it. This makes securing a document as simple as zipping. Once encrypted, the document has the extension of .gxk. Users can directly double click on a document, edit it, and automatically store it into the encrypted container.

For workspaces

Galaxkey workspace is a web-based platform that allows documents of any size and format to be shared and received securely. Each document on the workspace is encrypted and stored using Galaxkey’s identity-based architecture. The workspace allows setup in-house, in hybrid mode, so that all data remains inside the organisation’s control – even in encrypted form. The platform architecture allows its users to create a workspace giving access rights to people both inside and outside the organisation. Access rights are granular, and people can access data only if they have proper authority. Galaxkey workspace has in-built MS Office file editing that negates the need to load the document in Microsoft’s online platform. This ensures that the integrity and security of the document is completely maintained within the organisation’s control. The secure file transfer platform integrates seamlessly with email clients, enabling users to send large files securely without the limitation of maximum file size restriction imposed by mail servers.

Identity-based encryption


Galaxkey is a pure end-to-end encryption solution – meaning that information is encrypted at source and can be decrypted only at destination.

When a user registers with Galaxkey, they receive a Galaxkey Identity. This Identity is used for email encryption, file encryption and Workspace. Galaxkey secures the Identity of that user with all the information stored inside the encrypted packet.

This Identity is two mathematical keys that are associated with an email address. One key is for encryption, and the other is for decryption. Your encryption key is securely made available to anyone who wants to share information with you using the Galaxkey suite of products. Your decryption key is encrypted using your Galaxkey password and made available only upon successful authentication. Thus, the final control of data shared with you lies only with you. The Identity is associated with your unique email address, which is only accessible by you. Galaxkey does not store any passwords in any form whatsoever.

How is the data secured?

All four of Galaxkey’s products centre on our unique three-layered encryption architecture and each layer must be removed before you can see the one below. Therefore, your data is only accessible after all three layers of protection have gone. We combine the strengths of both AES-256 encryption and RSA 2048 encryption to create a powerful model similar to 3 combination locks where each lock has 2 to the power 256 possibilities to choose from. But there is no key or password to help someone work it out. Because of our unique identity-based model, no user passwords or keys are ever stored. This makes Galaxkey encryption practically impossible to penetrate.

One Identity across all products


When a user registers with Galaxkey, they receive an Identity used for all email encryption, document encryption and Workspace. This Identity enables the user to use any of the Galaxkey products:

  • Send and receive secured emails with enterprise features that allow users to revoke and retrieve emails sent accidentally directly.
  • Secure data on your computer on both Windows and macOS operating systems
  • Perform secure document transfer using the Galaxkey Workspace platform without the need to install any software on the user’s machine
  • Sign documents digitally with no limit on the number of documents. With the hybrid model, all documents are stored inside the enterprise network.
  • Perform Know Your Customer (KYC) operations securely with the Galaxkey and Yoti integration.

Who manages and holds the keys

Hybrid Implementation

Using the hybrid implementation of Galaxkey, enterprises can hold and generate the keys in their own infrastructure. Galaxkey has zero visibility of the keys. Any data secured with these keys cannot be decrypted without access to the keys stored in the enterprise’s internal network.

Cloud Implementation

In cloud implementation, the keys are stored in Galaxkey’s ISO 27001 certified infrastructure, and all are encrypted with the passwords of each user. The keys are not accessible to Galaxkey as Galaxkey does not store the passwords used to encrypt these keys. They are only accessible to the enterprise.

Galaxkey products have been built to allow all enterprises to manage and store encryption keys in their own infrastructure.

Security Features

Enterprise friendly
Unbeatable Encryption Standards
Key Control
Administrator Control
Create policies
Identity integrations
Enterprise friendly

Galaxkey has been architected to consider a primary use case as the enterprise environment, making it simple for any enterprise to adopt a secure way of communication without having associated overheads.

Galaxkey’s enterprise-friendly features include:

  1. Hierarchy of user access rights: corporate administrator, service account and standard user.
  2. Group-based configuration management to allow granular control.
  3. Highly customisable branding options and detailed email templates for notification emails.
  4. Seamless integration with identity providers for Single Sign-On
  5. Active directory-based mass provisioning and de-provisioning
  6. Detailed and granular audits and audit reports.
  7. Configurable policies for encryption and password definition.
  8. Retention policies for data.
Unbeatable Encryption Standards

We adhere to US government standard AES FIPS 140-2, and our email encryption is certified by the NCSC (National Crime Security Council, UK).

The US government standard AES FIPS 140-2 defines a minimum set of requirements for cryptography products. These are primarily for cryptographic modules used to secure sensitive information. The system uses 2048-bit RSA Keys as standard, and the cyphers can be substituted if required. The standard is used across all major platforms – Windows, iOS, Android and MAC OSX.

Key Control

Galaxkey’s unique architecture can let you have complete control of your layer one and two encryption keys. With hybrid (in-house or self-hosted) models, encryption keys are generated in your environment.

For clients using hardware security modules (HSM), Galaxkey supports integration into HSM, offering another level of security. We are partnered with Thales and can provide seamless integration with Thales HSM devices.

Administrator Control

As an administrator, you can manage your keys and control your data. With corporate accounts, you can create encryption policies for your users based on groups. White labelling options are available to brand your platform, and detailed audits produce GDPR reports.

Create policies

Set rules and policies to protect your data and meet specific compliance requirements. These policies can be applied on Outlook and also on Galaxkey Secure Gateway.

Various policies can be set based on user groups. The policies can be applied to various email elements like subject, metadata, body, and attachments. The policy engine supports regular expressions; hence the administrator has complex flexibility to configure the rules on the encryption. Policies are an effective way to implement Data Loss Prevention (DLP) in corporate emails.

 

Identity integrations

Galaxkey supports Active Directory, Azure Active Directory and Okta integrations for single sign-on. The Galaxkey Active Directory Synchronisation makes it easy for corporates to provision and de-provision users on the Galaxkey Platform. And if you need Digital Identity Verification, our platform integrates with Yoti.

You're in safe hands. Here are our certifications and accreditations: