Algorithm and Individual File Key
UDS uses the strongest encryption algorithm available, but the true innovation is UDS uses randomly generated key and IV for each and every file, that are never derived from a master seed or a human-readable This means that any attempt to break the encryption would require a brutal attack on every file protected by UDS, one by one. It is technically impossible and economically unfeasible to try to break just one UDS protected file, let alone the hundreds of thousands of files that are often compromised in a cyber attack.
We have done something no one else has: engineered to maintain billions of keys for billions of files
Separation of file keys and encrypted files
UDS protected files (APFX files) are always in a customer’s possession, while the file keys are safely kept on the UDS cloud. Hackers would have to steal both the APFX files from the customer and the file keys from the UDS cloud to be able to steal the content. Even after doing all that, there is still a significant hurdle remaining: the file keys on the UDS cloud are also encrypted!
File key encryption
UDS stores the file keys encrypted with another key that is either protected by KMS or provided by the customer (Bring Your Own Key). This design ensures that even in the very worst case where UDS might be breached, no file keys will be lost.
Interested in learning more about how APF can help your organization’s data protection and cyber privacy needs?