top of page

How Secure is Trokt?

If You Know It Needs a Security Disclaimer, You Know Its Not Secure.

Private email example w shadow.png
Communication solution, transparent NEW.

Trokt protects legally sensitive communications across independent teams - which are now often occurring over email, text, or shared documents - by bringing everyone into one simple, secure, cloud-based platform.

Below are answers to questions on how Trokt protects user communication by focusing on both:

  • Industry Standard IT Security, and

  • World Leading Operational Security

IT Security

IT Security covers all of the features intended to only let the right people into Trokt, and keep the wrong people out.

AWS Logo.png

All Trokt data is stored and applications deployed using industry leading Amazon Web Services. AWS supports “virtually any workload for over a million active customers in 190 countries” from start-ups, established companies, to public sector organizations. Using AWS means Trokt infrastructure benefits from:

  • Encryption in transit with TLS

  • Encrypted message queues for the transmission of sensitive data using server-side encryption (SSE)

  • Dedicated, hardware-based cryptographic key storage

  • Deep visibility AWS CloudTrail

  • Alert notifications through Amazon CloudWatch

FISMA Logo.png

All Trokt systems benefit from the FISMA compliant design and operation used to support its Federal customers. These design features include:

  • Category based information protection

  • Minimum baseline control selection

  • Risk-based procedural controls and refinement

  • Ongoing security controls and effectiveness monitoring
     

Fail Safe Logo.gif

Trokt applications are built using Fail Safe strategies that require active authentication to enable any data or permission modification. These design features include:

  • SSL using RSA 2048 verification

  • Secure user identification verification

  • User password hashing

  • Databased misalignment rejection

  • Local/document-level permission control
     

Operational Security

Operational Security covers all the features intended to prevent an authorized user from accidentally releasing sensitive data.

Trokt requires two positive actions in order to change the visibility or status of any piece of data outside of a user's team. This design methodology means:

  • Encryption in transit with TLS

  • Encrypted message queues for the transmission of sensitive data using server-side encryption (SSE)

  • Dedicated, hardware-based cryptographic key storage

  • Deep visibility AWS CloudTrail

  • Alert notifications through Amazon CloudWatch

Picture Logo Image.png

Where is the Risk

Security is about reducing risk. Communication security requires the user to look at every point where privileged, private, or confidential information could be transferred, and reduce the opportunity that it is sent to the wrong place. 

Trokt knows, when it comes to communication security:

  • Mistakes are more common than theft,

  • We cannot eliminate data releases, yet

  • We must take economically reasonable steps that reduce errors.

To read more about what communication security means in a digital world, you can check out the latest paper by Trokt's Managing Director Chris Draper by clicking here.

Communication mess, transparent NEW.png

In large teams, every email, text, or shared file poses a communication risk.

Most complex, multi-party collaborations create so many messages that it was often assumed the loss of any single message was no big deal. However, digital data is not the same as on old Post It note. Where old data would degrade, digital data replicates infinitely without degradation. And where an old number on its own meant nothing, digital data can be contextualized so efficiently that a random number can now be the final piece of a years long identity theft.

degredation.png
contextualization.png

The increasing value of data fragments is becoming more broadly understood, yet most focus security solutions are still focusing on security layer or data access restrictions. The more significant threat, often by a factor of nearly 10:1, is the intended user making a well-intentioned mistake by pulling the wrong data and accidentally handing it to the wrong person. Trokt protects your teams from both break-ins and accidents, covering the full range of operational threats.

Aspects of security.png

The Real Standard is Risk

Assessing the appropriateness of a communication tool comes down to the risks posed by its use. It is impossible to prevent a data breach. Yet some communication tools are almost certain to cause a breach, where Trokt will not.

email-doc location on ethic chart.png
bottom of page