Skip to content
Close
Log in
Log in
Screenshot 2025-09-17 at 09.45.57
DekkoCORE
File Sharing & Collaboration
Learn more
Screenshot 2025-09-17 at 16.17.08
DekkoDEMS
Digital Evidence Management
Learn more
Two products. One secure platform.
DekkoCORE and DekkoDEMS both feature:

  Web-based app with no installs

  End-to-end encrypted security

  No file size or type restrictions

  Easy account creation process

  Comprehensive sharing controls

Law Enforcement
Securely collect and share digital evidence across agencies with full chain-of-custody.
Learn more
law-enforcement
Defence Supply Chain
Protect classified designs and supplier data in a sovereign, fully encrypted workspace.
Learn more
defence
National Security
Enable secure inter-agency intelligence collaboration with controlled encrypted access.
Learn more
national-sec
Judiciary Departments
Exchange case files and evidence securely with clients and prosecutors without risk.
Learn more
legal
Professional Services
Collaborate on client documents and financial data securely on a trusted platform.
Learn more
prof-services
Healthcare
Share medical records and research securely across clinics and partners with compliance.
Learn more
health

Not in this list? DekkoSecure is used anywhere sensitive data needs to be shared and controlled.

Explore our capability
System Security
Explore the encryption, access controls, and platform protections that safeguard sensitive data across all DekkoSecure services.
Service Compliance
Learn how DekkoSecure aligns with security standards and regulatory requirements to support government and high-assurance workloads.
DekkoCORE guides
Find step-by-step guidance on using the DekkoCORE platform to securely share files, collaborate with partners, and manage critical workflows.
DekkoDEMS guides
Access practical instructions for managing digital evidence in DekkoDEMS while maintaining integrity and strict chain-of-custody controls.
DekkoSecure Glossary
Browse clear explanations of key security, compliance, and encryption terms used throughout the DekkoSecure platform and documentation.
DekkoSecure Blog
Explore practical insights on security, compliance and encrypted collaboration from the DekkoSecure team.
Get DekkoSecure
Connect with our team to discuss your requirements and learn how DekkoSecure can support secure collaboration across your organisation.
headway-5QgIuuBxKwM-unsplash
Request Support
Submit a support request to get assistance with your DekkoSecure tenancy, technical issues, user management, or configuration questions.
tim-van-der-kuip-CPs2X8JYmS8-unsplash

DekkoSecure Glossary

Learn the core terms and technologies that power secure collaboration, digital evidence handling, and regulated-industry workflows.

Access Control

Mechanisms that ensure only authorised users can view, share, or interact with content.

DekkoSecure applies role-based and object-level access controls across files, Hubs, workflows, and administrative features.

AES-256 Encryption

Advanced Encryption Standard with 256-bit keys. Recognised globally as a strong, modern encryption standard for high-assurance environments.

DekkoSecure uses AES-256 within its end-to-end encryption model to protect files, messages, and meeting data.

Audit Log

An immutable, time-stamped record of actions such as uploads, downloads, views, invitations, and administrative changes.

DekkoSecure’s audit logs support compliance, investigations, and digital chain of custody without exposing file contents.

Authentication

The process of verifying identity before granting access.

DekkoSecure supports SSO via Microsoft Entra ID, passkeys, and TOTP-based MFA for non-SSO users.

Authorisation

Determines what a verified user can do once inside the system.

DekkoSecure enforces least-privilege by default, ensuring users only access explicitly granted information.

Chain of Custody

The documented and unbroken record showing who accessed, handled, or transferred digital evidence.

DekkoSecure maintains file integrity through IDs, immutable logs, versioning, and zero-knowledge design.

CJIS

The Criminal Justice Information Services (CJIS) Division is a major branch of the Federal Bureau of Investigation (FBI) responsible for managing, securing, and distributing critical law enforcement data across the United States. CJIS oversees systems such as the National Crime Information Center (NCIC), the Integrated Automated Fingerprint Identification System (IAFIS), and national background check services. The CJIS Security Policy, issued by the FBI, defines the cybersecurity, access control, auditing, and data-handling requirements that any organisation must follow when accessing or storing Criminal Justice Information (CJI).

DekkoSecure supports CJIS-aligned deployments to help justice and law enforcement agencies meet the FBI’s security expectations for digital evidence and sensitive data.

Cloud Sovereignty

The principle that data stays within a legally defined jurisdiction and is governed by that country’s laws.

DekkoSecure provides sovereign cloud instances in Australia, Canada, the US, and Switzerland.

Confidentiality

Ensuring information is accessible only to authorised users.

DekkoSecure enforces confidentiality through rigorous encryption and access controls that prevent insider or vendor access.

Data Integrity

The assurance that digital content has not been altered without detection.

DekkoSecure ensures integrity through cryptographic hashing, versioning, strict access pathways, and comprehensive audit logs.

Data Residency

Specifies where an organisation’s data is physically stored.

DekkoSecure deployments guarantee residency within specific national jurisdictions to meet regulatory requirements.

Data Sovereignty

Legal and regulatory requirements tied to the jurisdiction in which data resides. Where residency is where the data is stored, sovereignty is what laws apply to it.

DekkoSecure maintains sovereign-aligned infrastructure per region.

Digital Evidence

Any electronic file used as part of an investigation, prosecution, or legal matter.

DekkoSecure ensures digital evidence remains unaltered, logged, and cryptographically protected from ingestion to disclosure.

Encryption

The conversion of data into ciphertext so it is unreadable without decryption keys.

DekkoSecure encrypts all content at the client side before it enters the cloud.

End-to-End Encryption (E2EE)

A model where the service provider cannot decrypt the content at any stage.

DekkoSecure applies E2EE to files, messages, stored data, and video meetings, including large-file workflows.

ECC-384 (Elliptic Curve Cryptography – 384-bit)

A modern asymmetric cryptographic standard that provides strong security with smaller key sizes and faster performance than traditional RSA. ECC-384 is widely used for secure key exchange, digital signatures, and certificate-based authentication, and is considered suitable for high-assurance and government environments.

DekkoSecure supports ECC-384 in its cryptographic architecture where asymmetric operations are required, complementing AES-256 for symmetric encryption.

FIPS

FIPS 140-2 and FIPS 140-3 are successive versions of the US government standard governing the validation of cryptographic modules. FIPS 140-2 was the long-standing baseline used across government, defence, and regulated industries, while FIPS 140-3 is the current standard aligned with ISO/IEC 19790 and 24759, introducing updated testing methods and modernised assurance requirements. Most new validations occur under FIPS 140-3, and modules previously certified under FIPS 140-2 may require revalidation as vendors transition.

DekkoSecure relies on FIPS 140-validated cryptographic modules provided by its sovereign cloud infrastructure partners.

GO-ITS 25.21

A security and privacy standard that defines requirements for cloud services used by Ontario public-sector organisations. GO-ITS 25.21 is closely aligned with the Canadian federal cyber-security framework ITSG-33, which provides a comprehensive control catalogue for securing government information systems. Because GO-ITS draws its security controls and assessment expectations from ITSG-33, solutions operating in Ontario must meet both the provincial requirements and the underlying federal control intent.

DekkoSecure aligns its Canadian deployments with GO-ITS 25.21 and the relevant ITSG-33 control domains to support justice, law enforcement, and broader public-sector workloads.

Hash Function

A one-way cryptographic function that produces a fixed-length output (e.g., SHA-256).

DekkoSecure uses hashing for integrity checks and version verification without exposing content.

HIPAA

The US Health Insurance Portability and Accountability Act.

DekkoSecure supports HIPAA-aligned controls for clinical, research, and health-sector deployments.

Hub

A secure workspace inside DekkoSecure for sharing files, managing workflows, holding video meetings, and collaborating with partners, external agencies, and clients.

IRAP

Australia’s Information Security Registered Assessors Program.

DekkoSecure is assessed at ISM PROTECTED for its Australian service instance.

ISM (Australian Information Security Manual)

Defines baseline and PROTECTED-level security controls for government systems.

DekkoSecure aligns its Australian infrastructure with ISM PROTECTED requirements.

Malware Scanning

Automated analysis of uploaded files for malicious behaviour.

DekkoSecure integrates with Microsoft Defender using shared, dedicated, or customer-managed scanning infrastructure.

Multi-Tenanted (Multi-Tenant Architecture)

A cloud architecture where multiple organisations share the same underlying infrastructure while maintaining strict logical separation of their data, users, and configurations. In most industry multi-tenant platforms, the service operator can technically access customer content, creating confidentiality and insider-risk concerns.

DekkoSecure challenges this industry norm by combining multi-tenancy with true end-to-end encryption (E2EE), per-tenant cryptographic isolation, and a zero-knowledge design, ensuring that neither DekkoSecure, nor cloud providers, nor other customers can access or derive any tenant’s encrypted content. This architecture delivers the efficiency of multi-tenancy while providing strong, provable confidentiality and complete tenant-to-tenant separation, suitable for high-assurance and regulated environments.

Multi-Factor Authentication (MFA)

A requirement to present two or more verification factors.

DekkoSecure supports passkeys, TOTP, and SSO-linked hardware tokens such as YubiKeys.

Post-Quantum Cryptography (PQC)

Cryptographic algorithms designed to remain secure against large-scale quantum computers capable of breaking traditional public-key systems such as RSA and elliptic-curve cryptography. NIST has selected ML-KEM as the primary post-quantum key-encapsulation standard, with HQC nominated as the designated fallback, and expects finalised standards by 2027. Governments including the Australian Signals Directorate (ASD) have issued guidance for organisations to prepare for PQC transition by 2028–2030.

DekkoSecure is actively planning the integration of post-quantum protections into its end-to-end encryption architecture; organisations seeking detailed information about our PQC roadmap and transition strategy should contact DekkoSecure directly.

Secure by Default

Secure by Default refers to products that are secure to use immediately, with strong protections enabled without extra setup. Core controls such as multi-factor authentication, auditing and event logging are included by default, and users are informed of risks when changing configurations.

DekkoSecure follows Secure by Default principles so organisations can use DekkoCORE and DekkoDEMS securely from first login, without complex configuration or additional modules.

Secure by Design

Secure by Design is a proactive approach to building technology where security, threat mitigation and privacy protections are embedded from the earliest stages of design and carried through development, deployment and maintenance. It reduces vulnerabilities and ensures products are created with security as a core requirement rather than an add-on.

DekkoSecure applies Secure by Design principles across all features of DekkoCORE and DekkoDEMS, ensuring confidentiality, integrity and safety by default for every tenant and stakeholder.

Single Sign-On (SSO)

An authentication method that allows users to access multiple applications and services using a single, centrally managed login. SSO improves security by enforcing consistent identity controls, reducing password reuse, and enabling strong authentication methods such as passkeys and hardware tokens. Most government and enterprise deployments use SSO to integrate with identity providers like Microsoft Entra ID, enabling centralised provisioning, MFA enforcement, conditional access, and compliance oversight.

DekkoSecure supports SSO to ensure organisations can apply their existing identity governance, access policies, and authentication requirements across all users.

Zero Knowledge

A security architecture where the service provider cannot access or decrypt user data.

DekkoSecure enforces zero knowledge across all content types, including files, messages, and video traffic, ensuring no insider or vendor visibility.

Ready to reach out?

If you’d like to learn more about DekkoSecure or discuss your requirements, our team is ready to assist.
Contact DekkoSecure