Security

It's in our DNA: DekkoSecure's offerings are secure-by-design and built to satisfy the most stringent security requirements for government, enterprise and small business.

On this page you'll learn about our security philosophy and how we deliver military-grade protection across the broad DekkoSecure platform feature set. DekkoSecure has pioneered easy to use and easy to manage end-to-end encryption across multiple collaboration mediums, delivering the world's only true secure workflow suite.

Compliance

Our commitment to security goes beyond encryption; IRAP, penetration testing, claims testing and hosting compliance are built in to the DekkoSecure platform.

LEARN MORE
Privacy

DekkoSecure maintains a comprehensive privacy policy and has opted-in to the OAIC privacy register.

LEARN MORE
End-to-end encryption

Every document and message is protected by multi-layered encryption and zero knowledge is maintained in every interaction, surpassing every competitor.

Verified integrity

All documents and messages are signed using private keys to guarantee the identity of the sender and authenticity of the content.

No user error

DekkoSecure's encryption mechanisms are completely transparent to end-users, removing the risks of manual key/certificate management.

Secure web app

The DekkoSecure platform is delivered as fully-featured web app that doesn't require any special installs or manual updates - just a modern web browser.

Private notifications

DekkoSecure does not expose any sensitive information in its notifications to users, and does not rely on email systems for sharing.

Strong permissions

Configurable to an individualised level, access and permissions for content sharing are powerful and intuitive, even for large groups.

Powerful authentication

Enforceable TOTP 2FA and support for Azure Active Directory authentication to leverage your Conditional Access controls.

Certified hosting

The DekkoSecure platform is hosted on highly compliant Microsoft Azure cloud infrastructure with localised data residency.

Security enabled by DekkoHubs:

Misaddressing prevention

Documents and messages sent in DekkoHubs can be restricted to members-only, meaning it is impossible to send content to the wrong person.

Visibility control

Every member of DekkoHubs has a visibility which means they can - or can't - see other users, protecting identity, even when files are shared.

Process mapping

DekkoHubs are a perfect proxy for business processes; separate teams, projects, engagements and workflows can be easily facilitated.

Military-grade security across every medium:

  • File sharing

  • eSignatures

  • Messaging

  • Meetings

File content and file names are protected by a multi-layered approach; documents are encrypted using the uploader's private key and an additional key that is unique to the file. As well as this, the file is signed using the uploader's private key when it is shared. Elliptic curve cryptography is used for asymmetric key management and AES256 is used for symmetric key management.

Transparent key management eliminates the need for manual encryption exchanges, fingerprint checks or file-level passwords.

Built on top of DekkoSecure's file sharing capability, the document approval feature lets users request approval from one or many users without the file itself being processed in an unencrypted form by DekkoSecure’s infrastructure. Approvers can add a signature, text, images and notes to documents, all of which are cryptographically secured and verified on-client. Approved documents can be checked externally using DekkoSecure's document validator, which is done by a hash-check which does not expose any content from the Document to the DekkoSecure system.

Transparent key management eliminates the need for manual encryption exchanges, fingerprint checks or file-level passwords.

Similarly to file sharing, mail and chat messages are protected by a multi-layered approach. Message subject, contents and attachments are encrypted using the sender's private key and an additional key that is unique to the message. As well as this, the message is signed using the uploader's private key. Elliptic curve cryptography is used for asymmetric key management and AES256 is used for symmetric key management.

Transparent key management eliminates the need for manual encryption exchanges, fingerprint checks or message passwords.

DekkoSecure's meetings feature uses symmetric key encryption, based on a unique key that is generated when a user schedules a video conference. This key is passed to invitees via public key infrastructure, and is persistent until the meeting ends, or, rotated if an invitee is removed. This means that it is impossible for anyone who is not invited to join a meeting. DekkoSecure Meetings is proudly the only video conferencing tool to feature both end-to-end encryption and with recording capability. Recording is performed on the host's device and saved in their file management for later review or sharing.

Transparent key management eliminates the need for manual encryption exchanges, fingerprint checks or meeting passwords.

Start collaborating with military-grade encryption

Schedule a discovery call

A secure file sharing journey on DekkoSecure:

Below is a look in to how the DekkoSecure platform secures a file sharing interaction on DekkoSecure for Government and Law Enforcement.

All DekkoSecure communication mediums are secured using end-to-end encryption which is completely transparent to end-users.

Rego

Registration

When a DekkoSecure user creates their account, an encryption key pair (public and private key) is generated on the client (the web app). The public key and a secured version of private key (encrypted using the user's password) are stored on DekkoSecure's sovereign cloud.

2fa

Authentication

DekkoSecure users are identified uniquely by their registered email address. Successful authentication requires a registered email, the correct password and (optionally) two-factor authentication. A correct password will retrieve and decrypt the user's private key which is kept in the user's browser storage until they log out. Support for Azure AD Single Sign-On is also available.

upload-1

File upload

Files uploaded to DekkoSecure are signed and encrypted using the uploader's private key (AES-256). An additional encryption layer is also added using a unique key that is generated at the time of upload (ECC-384). TLS1.3 secures all traffic on top of file encryption.

encryption

File storage

Shared files in the platform are stored with zero knowledge, meaning only authorised and authenticated parties can access the data - not even DekkoSecure can access the data even if we wanted to (we do not have access to the private key(s) which are used to encrypt the data).

Even if a hard drive was removed from our data centre, user’s files would not be able to be read!

sharing

File sharing

Files shared with existing DekkoSecure users are secured using end-to-end encryption by way of an asymmetric key exchange. File sharing with existing users is enforced by default, but customers are able to disable this policy. If files are shared with an unregistered address, the file key is stored securely and then passed to the user when they complete registration - after this point, all future interactions are end-to-end encrypted.

download-2

File receipt

File sharing recipients are notified via email and must log in to their DekkoSecure account to view or download anything that is shared with them. The recipient's private key is used to access file and the sender's public key is used to verify the file's integrity.

deletion

File deletion

When data (or accounts) are deleted, the keys for all data subject to deletion are erased. Following this, the encrypted data is overwritten with garbage data which is then deleted again.

When data security is critical, DekkoSecure is trusted by governments, enterprises and security experts across the globe:

DekkoSecure has a very strong encryption focus, a user friendly gateway and we can send large files securely without breaching IT security rules. It replaced a very manual and time consuming process using PTP encryption and keys.

Law Enforcement NSW State Govt. Dept.

There are many solutions enabling quick data transfers, but they lack transparency and auditability. And they don’t have a security-first design. For us, auditability is the key feature with DekkoSecure eSignatures, that others don’t allow for.

Partner - Financial Services Cyber Practice Firm

DekkoSecure file sharing is a great asset for us - a must-have. Providing my clients with end to end security and audit trails is a key identifier. Within our organisation, we do have workarounds, but DekkoSecure file sharing is push button easy to deploy & use.

CEO Top Legal Services Firm

DekkoSecure has taken a global lead by perfecting their products through a comprehensive, independent testing program demonstrates clear confidence and commitment to delivering the best practice security products to the market.

Matt Tett, Managing Director Enex TestLab