Solutions Overview

SAFE® was purpose-built to address speed without sacrificing security. The typical search with SAFE takes between 20 and 40 milliseconds longer per query than a standard unencrypted SQL search. SAFE assures data is always encrypted while any change in speed is unnoticeable to the user.

We did this leveraging patented technology we developed for our data storage solutions. The ultra high entropy inherent in paperclips patented shredded data storage provided a fundamental architectural advantage to speeding up searchable symmetrical encryption.

Every enterprise is a data enterprise. Data is your most important asset and must be protected and optimized no matter where and how it’s used. Paperclip’s trusted document supply chain solves clients’ needs in document management: capturing, storing, sending and accessing data. Paperclip’s SAFE solution transforms the security of that supply chain by protecting data where and when business happens.

With Paperclip SAFE, eliminate the gap in your encryption approach to keep essential functions secure, seamlessly integrated and fast with searchable encryption. Bring stability and trust to the data security pipeline with the only always-encrypted data security platform and a content management partner trusted by customers for more than 30 years. At Paperclip, secure your data like the essential asset it is.

1. SAFE is an encryption-in-use solution with a focus on searchable encryption, which is a different function than securing data at rest and in motion. With other forms of encryption, in order to search that data, it must be unencrypted and vulnerable.
2. SAFE solves this key vulnerability by always encrypting data while allowing it to be searched and used.
   Paperclip SAFE is built around the concept of defending your data even though an attacker may be able to access your systems.
3. Even if somebody gets into your system, gets your codes, gets all your storage, the data remains encrypted and shredded. You don’t have a breach.

We know that you can’t impact the way our end users access data. To combat user adoption challenges, SAFE is a plugin designed to allow businesses to keep operating the way they do today. SAFE is security by default—it operates in the background and automatically improves an organization’s security posture.

• SAFE is a SaaS solution, seamlessly integrated into the backend of a user’s application.
• User adoption is never a barrier because it’s seamless and automatic.

No, users can continue to use their existing database platform while implementing SAFE. Many other searchable encryption solutions built by database companies do require you to migrate all your data to their platform, but that’s not the case with Paperclip SAFE. 

SAFE is only focused on your sensitive data, all other data remains within your existing database structure. As a result, SAFE supports data segmentation and minimization, as required by common compliance frameworks, including GDPR. 

The implementation process for SAFE® is designed to be simple. As a SaaS solution, SAFE is designed to plug into the Client’s existing query applications (business operations applications) via an API. In your business applications there is an API call that is currently used to search the current database. You can simply point that call at Paperclip SAFE instead.  SAFE is fast enough that the users usually won’t even notice the change.

It’s important to note that every Client’s environment and database access/usage is architected uniquely to meet their specific use case. The Paperclip SAFE Team partners with the Client Team to assure that the implementation process meets Client expectations and is as seamless as possible. With our Quick Start, your team can be up and running within a day. 

In short, SAFE immediately addresses the rising rate of data theft and data ransom.

Right now, everything on the other side of your keyboard is in plain text. In order to run a query or search for anything, the search is run on a plaintext dataset. Most companies have encryption at rest (archive data and static data), and encryption in motion (sending encrypted data from one point to another). In order to search any of that data, without Paperclip SAFE, that data must be decrypted and moved to a searchable state (in memory, storage, or processing server) as plaintext to satisfy the search (present results). Anytime data is housed in plaintext, it is openly exposed to risk. This is where the majority of data theft and data ransom takes place.

It’s not likely. One thing to be aware of is that a lot of current generation service providers who claim to secure searchable data only push it behind another password wall or move the process to another server. It is unlikely they are keeping the data encrypted in the mathematical sense.

Experience suggests that attackers WILL eventually get inside any wall. Our approach is not a wall—it keeps the data truly mathematically encrypted and never decrypts anything, except that one record you’re looking for that needs to be decrypted so you can see it on your screen.

Yes, Paperclip offers SAFE to support on-premises implementation, multi-cloud, and hyper-cloud implementations. 

Paperclip SAFE was created for encrypting data in use, but it is also a very reliable encryption-at-rest solution.  

With Paperclip SAFE, your data is always encrypted. By nature, Paperclip SAFE means you don’t have to transition from encryption-at-rest to encryption-in-use. The data is stored in the same format that we store it in memory, so it’s never transformed. 

Encryption-in-use allows users to perform functions, such as search, while the data always remains encrypted. The data is always secure because it is always encrypted. 

Encryption-in-use can come in several forms: searchable encryption and encryption-in-process. SAFE is focused on searchable encryption, which gives users the ability to query data—without speed degradation—while data remains encrypted. 

Searchable encryption is a way of storing data securely so that it can be searched without revealing the contents of the data. This is useful for applications where data needs to be kept private, but also needs to be searchable, such as medical records, financial records, and intellectual property. 

Searchable encryption schemes typically work by encrypting the data using a public-key cryptosystem. The public key is used to encrypt the data, and the private key is used to decrypt it. The data is then indexed using a searchable structure, such as a hash table or a tree. When a user wants to search the data, they submit a query to the server. The server uses the query to look up the corresponding entries in the index, and then returns the encrypted data that matches the query. 

SAFE is not Homomorphic Encryption. Homomorphic Encryption (HE) is inefficient and has limitations in comparison to Searchable Symmetric Encryption. The major drawback to HE is that it is extremely slow and computationally expensive, to the point that it’s not currently practical for real-time searching.

After in-depth research, the Paperclip team chose to build SAFE based upon a foundation of Searchable Symmetric Encryption in combination with our patented shredding technology. We created SAFE in this way to be highly secure, high speed, and crypto-agile.  

Searchable encryption offers a number of benefits, including:

• Data privacy: Searchable encryption ensures that the contents of the data are kept private, even from the server that stores the data. 
• Searchability: Searchable encryption allows users to search for data without having to decrypt it first. 
• Flexibility: Searchable encryption can be used to store and search a variety of different types of data, including text, images, and videos. 

According to the NIST definition, Zero Trust Architecture (ZTA) is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries. The zero trust security model eliminates implicit trust in any one element, component, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access or other system responses. 

We need ZTA today because threat actors have defeated perimeter security and have demonstrated their free will inside the infrastructure. ZTA offers a superior alternative, based on the core tenet of “never trust, always verify.” 

Paperclip SAFE® enables effective implementation of a ZTA through its process-based micro-segmentation secure storage system. With its ability to enforce granular segmentation, SAFE supports the realization of ZTA initiatives. 

Paperclip SAFE leverages a dual Key Vault system, one key for the data owner, and one key for the data holder. Key rotation is also supported to further assure that SAFE meets Zero-Trust Architecture and data security protocols.  

Several states have begun enforcing new GDPR-inspired privacy statutes in 2023, and more are sure to follow. Paperclip SAFE is positioned to support current and future data security requirements related to changing privacy controls. 

It’s well known that you can’t have privacy without security. You can’t effectively secure data without encryption. SAFE enables organizations to meet and exceed current and future privacy requirements as they continue to evolve globally. 

Knowing that organizations like to test new solutions before implementation, Paperclip offers an active sandbox where you can test SAFE with sample data. Beyond the sandbox, Paperclip offers a SAFE proof-of-concept (POC) program.

Paperclip Inc. is a 32-year-old SaaS innovator providing solutions focused on critical content management and security. We have over three decades of consistent innovation serving highly regulated industries. 

We purpose-built SAFE to meet a need we identified within the verticals we service. To better protect our own clients’ data, we required something more than what was currently available. Paperclip developed SAFE over the course of four years, then put SAFE through 2.5 years of critical testing and usage before bringing it to market. 

We know that many companies are planning data consolidation projects. SAFE® resides where all your critical data intersects, eliminating the need for sensitive data to reside in multiple locations. In short, you can configure SAFE to be your operation’s critical “data exchange”. All authorized operational applications pull sensitive data from SAFE, only when that data is needed. This supports consolidation as there is no need for each business application to store sensitive data within many separate databases or unencrypted memory locations. This also supports data secmentation as SAFE is only focused on your sensitive data. All other data remains within your existing database structure. 

SAFE® is not a data discovery or data classification solution. When you complete your data discovery and classification projects, SAFE® can store all your sensitive data within a secure environment. SAFE can seamlessly work alongside your existing data discovery and classification partners. 

SAFE® is not an encryption algorithm. SAFE utilizes NIST approved, off-the-shelf encryption dictionaries. This is a huge advantage for SAFE customers. As encryption algorithms evolve, the SAFE team only has to update the SAFE encryption dictionaries to evolve alongside. This includes algorithms needed to support new quantum computing environments as needed. 

SAFE® is a complete solution, not one single technology. Leveraging privacy-enhancing computation (PEC) and Paperclip’s patented shredding protocols, SAFE combines state of the art cybersecurity with advances in data storage and retrieval, resulting in large scale data protection while enabling faster, searchable access. SAFE encrypts data at the core data layer and ensures data is always encrypted. 

SAFE’s patented data shredding technology means that each piece of data is shredded, stored with no context, and stored only once creating probabilistic encryption. This means if, after everything, your data is still hacked and stolen, it’s worthless. It’s nothing more than a shredded mix of incongruous pieces of data. Paperclip SAFE renders breaches worthless. 

SAFE leverages NIST-approved encryption, such as AES 256, that is backed by strong, trusted cryptographic standards and guidelines. NIST’s validation of strong algorithms and implementations builds confidence in cryptography—increasing its use to protect the privacy and well-being of individuals and businesses.