Proofpoint Enterprise Archive: DoubleBlind Encryption™
Proofpoint developed unique DoubleBlind Encryption to ensure absolute security and privacy of critical business information.
DoubleBlind Encryption is a patented technology that allows organizations to retain exclusive access to data while outsourcing the archiving of email. With this technology, Proofpoint guarantees email security and privacy while still providing full search and discovery capabilities.
With DoubleBlind Encryption, Proofpoint maintains the data, but does not have the encryption keys. The Proofpoint Enterprise Archive appliance has the encryption keys but does not maintain the data (see more in the Proofpoint archiving appliance section). The Proofpoint archiving appliance, which maintains your encryption keys, acts to encrypt information before it is sent to the Proofpoint network. The data remains in encrypted form on the network since Proofpoint does not have the decryption keys.
What makes DoubleBlind Encryption unique is the ability to maintain the data in encrypted form, while still providing fully searchable access to it. The separation of the data and the keys means that information is only accessible when the two components come together. Proofpoint can not see an organization's data as we don't have the keys. Someone that has access to the keys cannot see the data unless they have access to the Proofpoint network. Messages are only decrypted when an authorized user conducts search and discovery using the web-based user interface on the Proofpoint archiving appliance.
The encryption keys are generated by the Proofpoint archiving appliance during the provisioning process within an organization’s corporate network.
While the exact process of DoubleBlind Encryption is proprietary, the core encryption system uses a combination of both 1024-bit asymmetric RSA and 192-bit symmetric TripleDES encryption.
Yes. All data is encrypted on the Proofpoint archiving appliance before it is transmitted, and not even Proofpoint employees cannot see the confidential information contained in messages.
The Proofpoint network is configured to only accept requests from specific IP addresses attributed to specific customers. If someone was to attempt to connect to the Proofpoint network outside of your network, the Proofpoint network would reject the request.
While the Proofpoint network is designed with the highest level of security, in the unlikely event of a breach, no data would be compromised as it is all maintained in encrypted form, with the encryption keys only stored at your location. Furthermore, redundant storage across multiple data centers and integral continuous data validation ensures that any block of data that has been tampered with will be automatically identified and restored to its true state.
Data Sheet: Learn more about Proofpoint Enterprise Archive and why Proofpoint is a leader.