An Enterprise Encryption Cloud Service (EECS) is a cloud hosted Software as a Service (SaaS service that manages the access control on behalf of an enterprise by serving as a key arbitration facility between users, their devices and encrypted business data. In particular, such data consist of files, (e.g., documents, presentations, reach-media), that need be shared among employees and business partners, using multiple mobile devices (e.g., iPHONE, iPAD, MS Windows laptop, Mac), through email (e.g. Gmail, Outlook, Hotmail), cloud file sharing (e.g., Dropbox, Box, Google Drive), vertical enterprise applications (e.g., Salesforce, Workday) or social media (e.g. Facebook, Chatter, Jive).
Examples of EECS vendors are Sookassa and the enterprise offerings of NcryptedCloud and SafeMonk.
The EECS role is to secure by encryption files stored on cloud services and mobile devices, while also permitting managed sharing of these files with other employees and external business partners as well as maintaining enterprise ownership of these files and the ability to decrypt each and every file when required.
An enterprise needs centralized decryption ability to all its encrypted files regardless of the identity or accessibility of the users or devices that originally encrypted the data. The enterprise must be able to gain access to its business data even in cases where users have left the enterprise or devices are lost or stolen.
Enterprises also need centralized emergency decryption ability for all their encrypted files, in case the EECS fails or go out of business. Enterprises need to be able to selectively block access (e.g, decryption privileges) to files at any point based on user identity and file characteristics. It also need to observe and record access attempts, especially those related to subpoena and court orders. In particular, it needs to make files' encryption keys invisible to the organization who operates the EECS, so no EECS employee or a third party intruder can get the keys to decrypt enterprise files.