Support Center

Backup/ Restore Capabilities

Last Updated: Jun 15, 2019 08:50PM PDT
This article describes the value of the Unified Secure Data Management solution delivered by SSProtect and KODiAC with focus on :Recover, the optional data backup/ restore service.

Unified Data Protection
/ KODiAC deliver unmatched protective capability with native workflow integration and a unified set of tools for IT and Security Analysts. This unified data management solution delivers measurable improvement to your security posture with:

  1. Protection for file-based data and Outlook email message content
  2. Isolation from ISP access to plaintext content
  3. Protection from legal subpoena to the ISP
  4. Continuous content protection, even while modifying plaintext w/ native software
  5. Protection from one-sided (host) intruder compromise
  6. Protection against host impersonation attacks (when using hardware 2FA)
  7. Protection from accidental plaintext exposure with sync/ sharing services
  8. Realtime Backup and multi-point Restore w/ secure offline Archive access
  9. Seamless, Zero-Configuration data sharing

SSProtect provides many more capabilities, all utilizing integrated and native application wofklows. This includes the :Expand programmatic interface, used for all :Email Outlook message protection activities. For more information, refer to the articles, Our Technology and :Email Protection Features.

Performance and Scalability
was designed from Day One to split sensitive cryptographic operations between your host computer and, "external" resources today provided by hosted cloud service operators (DefiniSec and others, or self-deployed IT-managed solutions). This approach required us to build our own high-speed secure data communications protocol specialized for realtime, integrated backup/ restore capabilities that provide direct, secured integration with remote access and storage operations (:Recover, see below).

The overall approach requires attackers to compromise both your host computer and the cloud service solution in order to acquire cryptographic keying material sufficient to recover plaintext content. Otherwise, attackers are left to intercepting plaintext content when in-use, which requires them to exploit vulnerabilities in each individual application you use to work with sensitive/ protected data (or of course find deficiencies in our host implementation).

This together with extensive focus on optimizations realizes reduced performance overhead associated with cryptographic operations while minimizing the impact of cloud communication latency - without compromise to the more extensive set of security primitives delivered for seamless infrastructure integration.

Resulting end-user latency is, for many, unnoticeable, and application workflow usage is as close to native as possible, maintaining existing workflows and application compatibility with the benefits of an enhanced security posture...

    ...even on compromised hosts
    ...even while working with plaintext content
    ...even in the face of human error
    ...even with the preponderance of internal malice
    ...even working with software developer tomorrow (without system updates)
    ...even working with unpatched/ vulnerable systems

Optional :Recover Backup/ Restore Service
With the prevalence of Ransomware and internal sabotage, it is no longer sufficient to operate without reliable backup/ restore. With :Recover, an optional SSProtect service component, you maintain access to individual Versions of content you create, edit, share, and manage - without changing any other aspect of how you work with your data.

Unlike other backup/ restore solutions that periodically copy data from your host to another location, 
SSProtect maintains protected content with each change, imposing zero procedural impact to users while ensuring that content is up-to-date. Backup is automatic and configured with Policy, while Restoration can be manually driven by end-users or programmatically integrated for automatic external system integration.

It's worth noting that Restored content remains secured, since SSProtect protects data at the source and maintains protections wherever content travels. As such, data Restore retains the Access Control requirements embedded into Policies that are decoupled from Backup/ Restore configuration and execution (reducing the potential impact to security posture when in-use).

Double/ Hybrid Conversion Flexibility
In all cases, :Recover content is isolated from 
KODiAC Cloud Service operators except when authorized as data sharing peers (:Collaborate Third Party Trusts). However, Double and Hybrid Conversion Modes present two different Threat Models while delivering varying degrees of data restoration flexibility (with regard to sharing peers).

Details are likely only relevant to Forensic Data Scientists/ Investigators, and can be acquired by contacting your DefiniSec Representative to setup a series of low-level technology transfer discussions available to all qualified customers and partners.

IMPORTANT: Due to the complexity and intricate detail involved in related discussion and resulting assessment, our policy is to share this information openly and freely though in a structured setting, limiting the potential for misinterpretation (convenient or otherwise). This better ensures that all parties make clear distinctions between advantages and disadvantages to draw the proper and precise conclusions regarding overall impact and resulting security posture.

Dynamic Mode Switching
To support optimized performance, you can configure a threshold data size that triggers a prompt for dynamically switching from Hybrid- or Double-Encrypted operation to Optimized Offloading (which precludes access to backup data), though often the time it takes to acknowledge the prompt exceeds that required to re-encrypt typical business data files.

This capability is represented for individual files and includes a maximum at which Optimized Offloading is also inhibited, allowing you to control impact based on host computing power/ resources, :Recover Quota limits, and Retention Policy settings.

For configuration insight, refer to the article, Using :Recover. For capability insight, refer to the article, Archives, Quotas, and Retention Policy.

Restoration Reliability
The Restoration process is as close to assured as possible, given Restore/ Replicate closely resembles data access operation - in fact in many cases using an exact subset of the actual data access procedure. Variations are beyond the scope of this article, though Authentication requirements are the same, and managed by Policy associated with your Account (and/ or governing Organization).

Restore/ Replicate Name Conflicts
When you Restore (or Replicate) to a target file that already exists, you will be prompted to Skip the operation or Replace the target (with an option to apply your choice to future similar conflicts). If you choose Replace, the two files are compared before the older of the two is renamed with a 3-digit extension. This way, both files remain for further review, with the latest taking the native filename.

The use of the 3-digit extension is repeated for subsequent conflicts to the same instance, for example if you later perform the same operation or perform a multi-select Restore/ Replicate operation that results in more than one file targeting the same destination. In each iteration, the latest file is retained in the native target's location while alternate instances take the next increasing numbered extension available (i.e. .000, .001, .002, etc). These numbered files remain until you manually remove them, though remember that Restored content remains protected (Encrypted and subject to Access Control based on ownership and dynamic sharing Policy).

Foundation for :xRecovery Disaster Recovery
 content cannot be intentionally removed (see below) except in very limited and rare (exception) conditions that are tightly controlled. As a result, managed instances (Versions) of protected :Recover content are available for :xRecovery Archive re-creation, which provides secure offline access used in Disaster Recovery proceedings. For more information, refer to, Abbreviated Procedures for :xRecovery.

Remote Profile Deployment
supports relocation of a Profile to a new Host computer, as described in the article, Remote Profile Deployment. This operation includes :Recover Replicate operation, providing a mechanism for securely, "moving" your, "Active Workspace" to another computer.

This allows you to quickly respond to host corruption, compromise, sabotage, theft, device loss, destruction, or other circumstances that would otherwise render host computing resources unusable, which minimizes the impact of these common events and maintains ongoing end-user access to managed content.

Limiting Multiple Instances of a Single Item
:Recover offers an optional Retention Policy setting that can be used to maintain the last, "X" (configurable, by default 5 when Creating new Accounts) number of managed instances while making older content available for removal when Quota space is depleted. Of course, so long as there is available Quota space, older content is maintained and available for recall/ :xRecovery.

This option can be enabled/ disabled or changed on the fly, though it requires direct interaction with Support due to its' wide-ranging impact (and non-trivial end-results). For details, refer to the article, Archives, Quotas, and Retention Policy.

Restore vs. Replicate
Restore places managed content in native (last-used) folders, though this of course it not always possible depending on host volume mappings. Dynamic Overflow folders provide a way for you to place managed content in a location that can be dynamically redirected to configurable target locations on different hosts. For more information, refer to, Managing Host Data and of course, Remote Profile Deployment.

Replicate handles cases where mappings are not possible, i.e. a Restore operation does not target an existing folder, and cannot create one that matches the item's path. In this case, content is Replicated inside your Overflow Folder using a scheme that recreates the path structure in a manner suitable for acquiring multiple files then relocating them on the local host computer for ongoing use.

For more information, refer to the article, Restoring and Replicating.

For More Information
For information regarding product features and content, consult the Document Index, or send email with specific questions to


This article was updated w/ v9.3.2 of the :Foundation Client

Contact Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found