The cloud-based document management service NetDocuments today announced the roll-out of an enhanced security architecture with stronger encryption technology and new capabilities for users to manage their own encryption keys.
The new security architecture includes up to three separate encryption keys for each data file and allows firms and corporations that use NetDocuments to hold and control specific encryption keys relating to sensitive documents or content falling under regulatory, compliance or client-mandated data governance policies, the announcement says.
For law firms, that means that they can now assign encryption keys to specific workspaces within NetDocuments, such as matters and cases, which are highly sensitive and require additional security. This allows firms to revoke access to specific sets of data as opposed to the entire document management service.
For even greater security, firms can now implement a private hardware security module (HSM) to store workspace encryption keys under their exclusive control and custody. With this option, all ownership, management, control and monitoring of these keys is directly under the custody of the firm. NetDocuments would have no management access to the private HSM.
The new system uses multi-layered encryption. Each individual file is encrypted using the AES-256 standard and a distinct key. Each individual key is then separately encrypted using a master encoding key (MEK). Optionally, users may apply a second layer of encryption to the individual keys with a workspace encoding key (WEK) that the user controls.