FAQ

Please click on the topic that you would like more information about.

What is FinalCode?

FinalCode is a file security software platform that manages strong encryption and granular usage permissions applied to files, either on demand or by corporate policy, and provides the means to enforce access and controls for each authorized recipient – including the ability to change policy or delete files on the recipient’s device even after the file has been distributed. As a result, companies can share sensitive files in confidence and reduce file data leakage risks.

What is new in FinalCode 5.11?

FinalCode 5 has more advanced usability, security and interoperability capabilities to accelerate return on investment. Highlights include GUI enhancements, use of FinalCode FIPS crypto module, auto-provisioning through Windows AD and SAML 2.0, hierarchical policy management dynamically synchronized with Windows AD, extended template management, SaaS customer key protection through AWS KMS, VmWare ESX and MS Hyper-V virtual appliance support, client single sign-on with Windows AD and multi-factor authentication using SAML 2.0, and extended database support for Microsoft SQL and Oracle.

What makes FinalCode file security persistent?

Once a file has been secured by FinalCode, the security metadata which includes encryption keys, recipients and permissions, is stored in the FinalCode server. The secured file can be sent by any means to any recipient, but the protection remains active. Only an authorized, authenticated FinalCode user can open and use the file according to the most current policy held in the FinalCode server.

Does FinalCode store, manage or distribute files?

FinalCode does not store and manage files. Files are secured locally with the FinalCode Client and the resulting secured file remains stored on the host or in the network or cloud repository. FinalCode only stores the file security metadata (encryption keys, as well as most current recipients and permission) as well as the secure file activity log data in the FinalCode server component which can operate on premise or hosted in the cloud via the FinalCode SaaS. By separating file management from file storage, distribution and content management, FinalCode can with popular applications, platforms and devices.

Does FinalCode work with existing file storage, cloud file sharing and content management platforms?

FinalCode secures files locally. The resulting .FCL file can only be opened by the FinalCode Client according to policy. The .FCL file will be encrypted but can be stored and shared in existing file storage, distribution and collaboration infrastructure. In addition, FinalCode offers an integration option into the Box cloud-based enterprise file sync and share platform.

How does FinalCode integrate with Box?

FinalCode integrated with Box in two ways.  The first approach is the standard method that we apply security to files that are destined to be shared internally and externally using Box and other cloud-based file sharing applications. A lightweight client on the file owner’s system can encrypt the file and send the security meta data associated with file protection to the FinalCode server.  The resulting FinalCode protected file can then be placed into cloud-based sharing applications such as Box.  In this  example, the file security settings are invoked in our Client GUI or by other means (see FAQ Answer to:  How can FinalCode apply security to files?). Another integration that we have with Box uses available Box development APIs to be able to have encryption and usage control polices be invoked through the box GUI rather than the standard FinalCode Client GUI. This is the approach we employed in FinalCode for Box. The advantage of this approach is more rapid deployment, faster adoption for Box users, policy inheritance aligned to Box folder structure, centralized logging and preservation of Box metadata used by Box for indexing.

What is FinalCode for Box?

FinalCode for Box is a standalone SaaS file security application specifically designed for Box.  FinalCode used available Box development APIs to perform encryption and set usage control polices that are invoked through the Box GUI.  Files uploaded to Box will be identified by the FinalCode Encryption Service (see FAQ Answer to: What are the components of FinalCode for Box?), which will then apply unique encryption to the file as well as apply security policies, such as read only and print with watermark, based on Box collaborator settings associated with the file or folder.  The advantage of this approach is more rapid deployment, faster adoption for Box users, policy inheritance aligned to Box folder structure, centralized logging and preservation of Box metadata used by Box for indexing. FinalCode for Box is available to Box Business Edition and Box Enterprise Edition licensed users. The entire system is designed for easy and immediate use by Box collaborators with automated Client/Viewer on boarding for for internal and external recipients – there is no charge for collaborators outside an organization.

How is FinalCode for Box different than FinalCode?

FinalCode for Box is a standalone SaaS file security application specifically designed for Box. It allows for encryption and security policies to be set to file and folders already in the Box repository, and for the policies to dynamically change based on changes to files, folders, folder hierarchy and collaborator type within Box. So a FinalCode protected file deleted within a folder in Box can be set to automatically delete the same file that has been shared with respective Box collaborators even if the file has been removed from the secure Box container.  FinalCode is a file collaboration security platform that allows for encryption and security policies to be set to files, local folders and network share folders regardless of file storage, distribution and collaboration resources. Therefore, file security is set locally on the file owner system via FinalCode before the resulting protected file can be stored, sent or shared with others. FinalCode option for Box allows licensed FinalCode users to also have the means to invoke FinalCode security directly within the Box GUI.  FinalCode and FinalCode for Box does not have a fee for collaborators outside an organization.

Does FinalCode have access to customer encryption keys?

FinalCode offers an on premise virtual appliance, which is solely operated by the customer and therefore does not expose encryption keys to FinalCode. FinalCode also provides an option for the customer to integrate with AWS KMS. Once a user licenses Amazon Key Management Services, a master encryption key generated by AWS KMS will be used to wrap file encryption keys generated by FinalCode – as such, file encryption keys will not be exposed to FinalCode SaaS operations.

What encryption does FinalCode employ and is it FIPS certified?

FinalCode uses TLS and Open SSL AES-256 encryption. Session-layer use TLS over SSL applying 2048 bit keys. Strong AES-256 file encryption applies a unique key per file. FinalCode’s encryption modules are FIPS 140-2 Level 1 certified and Suite-B algorithm compliant. NIST certification notices can be found respectively at:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2725
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2717

What is CryptoEase™ technology?

FinalCode CryptoEase is our proprietary and patented technology that allows for the secure and abstracted management of cryptographic keys and file entitlements including user/device authentication, the automation of a variety of administrative security tasks, and the means to apply application-level and OS-level file security controls persistently including remote file deletion.

What is the FinalCode Client?

The FinalCode Client allows users to set multiple file security policies to a file. Each file is locally encrypted with a unique key. The file can only be opened by an authenticated and authorized recipient with the FinalCode Client. Administrators designate FinalCode Client users within their organization as those file owners that can apply security policy to files or those users that can operate the FinalCode Client as recipients in view-only mode. Users outside the organization operate the FinalCode Client Viewer / Reader (at no cost) which enforces the current file security permissions but does not allow the user to create policy.

What are the components of the FinalCode persistent file security platform?

The FinalCode persistent file security platform is comprised of three components; the FinalCode Client, the Server, and the Viewer. The FinalCode Client resides on file owner’s system and is activated once a sensitive file is designated by the file owner to be protected. The user is presented with an intuitive interface to allow for manual or template-based application of file recipient access and usage permissions. Once the FinalCode Client has secured the file locally, only the security metadata are securely sent to the FinalCode Server. Only authenticated recipients can open the protected file using either the FinalCode Client / Viewer application. The FinalCode Client / Viewer requests access from the Server and policy will be enforced at the operating system and application level. The controls can also be enforced for offline file usage. Policies can be dynamically modified, and provides for the ability of remote file unlocking and deletion. All file access and usage, both authorized and unauthorized, is logged and available to the file owner and enterprise. The entire system is designed for automated onboarding for file owners and for both internal and external recipients.

What are the components of FinalCode for Box?

FinalCode for Box is comprised of three components; the FinalCode Encryption Service, the FinalCode SaaS Server, and the Client / Viewer. The FinalCode Encryption Service resides on FinalCode’s secure SaaS running in Amazon cloud. Once activated through the Box web user interface, file owners simply apply security, in terms of encryption and usage control, based on Box collaborator type. Each collaborator type is mapped to specific FinalCode usage permissions. The FinalCode Encryption Service dynamically takes files from the Box repository, applies security while preserving Box indexing metadata, and replaces the file back into the Box repository – no sensitive content persists in the FinalCode Encryption service. The FinalCode Encryption Service then deletes the original file stored in the Box repository with a new secured file – negating the means for users to revert to prior unprotected versions (Box versioning capability).

Once the file has been protected, only the security metadata (keys and entitlement) are securely sent to the FinalCode Server. The resulting FinalCode protected file can only be opened by authenticated recipients who have installed the lightweight FinalCode Client or Viewer application. The FinalCode Client or Viewer will request access from the Server and policy will be enforced at the operating system and application level. Policies can be dynamically modified as files and folders are modified within Box, such as the ability to remotely unlock a file by changing the Box collaborator type associated with the file and recipient, and to remotely delete a recipients file even after it has been taken outside the box container by merely removing it from Box. File access and usage actives, authorized and unauthorized, are logged and available to the file owner, Box administrator and organization via the FinalCode SaaS Server.

Is FinalCode software, hardware or a service?

FinalCode is a software-based persistent file security platform. The FinalCode Client component resides on a file owner’s system. A FinalCode file server software application can also be applied on a file server by an administrator to automatically secure files placed in network share folders.  The FinalCode Server is used to manage users, communications, encryption, permissions, control enforcement, and logging. Depending on how FinalCode is purchased, the Server component can operate on premise as a virtual appliance or hosted as part of  FinalCode’s SaaS offering.

Is FinalCode for Box only offered as a SaaS?

FinalCode for Box is only offered as a SaaS. The FinalCode for Box hosted components are deployed in Amazon AWS US and are managed by FinalCode. They are comprised of the FinalCode SaaS Server and the FinalCode Encryption Service (see FAQ Answer to: What are the components of FinalCode for Box?).

How is FinalCode licensed?

FinalCode software is licensed as either SaaS or an on premise virtual appliance  on an annual or multi-term term. For users external to the licensed organization, a FinalCode view only Client / Reader can be licensed and operated without cost to view FinalCode secured files.

What are FinalCode options and how are they licensed?

FinalCode offers different options that extend the value of our persistent file security platform.  While FinalCode Enterprise edition includes Network Folder Security Management, this is an additional cost option for FinalCode Business Edition users. It allows for encryption and usage policy templates to be automatically applied to files as they are placed in specified network share folders. When the add-on option is purchased, it’s price is applied to all licensed FinalCode users within the licensed organization.  CAD File Security, an option for both FinalCode Business Edition and Enterprise Edition users, allows for FinalCode usage controls to be applied to FinalCode supported CAD files such as those from Autodesk and Dessault. When the add-on option is purchased, its price is applied to all licensed FinalCode users within the licensed organization.  FinalCode Box Integration option is available to both FinalCode Business Edition and Enterprise Edition customers to allow licensed FinalCode users to also have the means to invoke FinalCode security directly within the Box GUI. Like the other options, when the add-on option for FinalCode Box Integration is purchased, it’s price is applied to all licensed FinalCode users within the licensed organization. Note that FinalCode readily works with Box and other cloud-based file collaboration platforms, the add-on option for FinalCode Box Integration provide the advantage of file security being applied from within the Box repository (see FAQ answer: “How does FinalCode integrate with Box?”).

How is FinalCode for Box licensed?

FinalCode for Box is available as a SaaS security service that extends the file security and governance features of Box. It is only offered to Box Business Edition users and Box Enterprise Edition users.  FinalCode for Box can be purchased for one or more users of Box, there is no minimum purchase. Your organization will need to purchase a number of licenses equivalent to the number of the organization’s Box users who will be applying FinalCode security to files and folders, as well as the number of recipients (Box collaborators) who will need to access and use FinalCode protected files within the organization. Internal and external users who want access to FinalCode protected files will require the FinalCode Client / Viewer application, a lightweight client that does not require administrative rights to install. There is no license fee for recipients (Box collaborators) to access and use FinalCode protected files outside the organization.

What virtual platforms does FinalCode work on?

FinalCode Server component software has been tested to operate in VMware Vsphere as well as Microsoft Windows Server Hyper-V.

What databases does FinalCode work with?

FinalCode virtual appliance requires an SQL database to work. Installation for database use is simple; once an administrator has configured the database type, location and access credentials, the FinalCode application will automatically configure all the database settings. FinalCode integrates with the following databases: Microsoft SQL, Oracle Database, MySQL and PostgreSQL.

How does FinalCode enforce files security policies?

When a recipient who has installed the FinalCode Client attempts to open up a FinalCode secured file, the FinalCode Client securely requests control information from the FinalCode Server. The FinalCode Server determines if the recipient is authorized to access the file. If authorized, the Server will then send the control information to the Client which will enforce those controls at the operating system and application level. The recipient simply will open the file, see the permissions granted and use the file in the application they are accustomed to.

What applications does FinalCode support?

FinalCode can encrypt any file which is destined to be shared and, through the FinalCode Client, enforce that only authorized recipients can unlock the file. For specific applications that FinalCode supports, FinalCode can enforce broader file IRM controls. Refer to the FinalCode datasheet for a list of supported applications.

Does FinalCode just do file encryption?

FinalCode can encrypt any file which is destined to be shared and, through the FinalCode Client, enforce that only authorized recipients can unlock the file. For specific applications that FinalCode supports, FinalCode can enforce broader file IRM controls which includes: recipient-only access, number of file opens, time period for access, edit, copy, paste, screenshot, saving edits only within the encrypted file, unlocking the file and deleted the file (either on demand or on unauthorized file access attempts via the FinalCode Client). Refer to the FinalCode datasheet for a list of supported applications.

How can FinalCode file security be invoked?

FinalCode file security can be invoked using five methods.

  1. An authorized file owner using the FinalCode Client can apply one or more custom security policies ad hoc or via a personal template to a file.
  2. An authorized file owner using FinalCode Client can apply one or more security policies to a file with administrator generated system templates. These templates have permission sets with or without recipients pre-defined.
  3. An authorized file owner using the FinalCode Client can drag multiple files to a local folder being monitored by FinalCode, whereby FinalCode will apply policy based on the template associated with the local folder being monitored by the FinalCode Client.
  4. Administrators can employ FinalCode network folder monitoring function which will apply a template to any files placed into specific network share folders.
  5. Through FinalCode’s API, an external application can trigger FinalCode to apply a file security policy to files.
How many files security policies can FinalCode apply?

FinalCode can apply multiple security policy sets to a given file.  Business Edition users can apply 2 policy sets to a file. In addition, these users can apply 2 templates, each template can contain 2 policy sets. Therefore, the effective number of security policy sets that can be applied to a file is 4. Enterprise Edition users can apply 5 policy sets to a file. In addition, these users can apply 5 templates, each template can contain 5 policy sets. Therefore, the effective number of security policy sets that can be applied to a file is 25.

How does FinalCode apply security controls to files placed on local and network shared folders?

A file owner can designate local folders to be monitored by the FinalCode Client where by the FinalCode client will automatically secure files placed in the local folders. The file owner specifies a template (containing recipients and permissions) to apply to specific folders, and can have FinalCode automatically move the original unprotected and original FinalCode secured file to other folders for subsequent use. FinalCode offers identical functionality for network share folders, except these controls can only be activated by Administrators.

How does FinalCode for Box apply security controls to files placed in Box?

The Box Business or Enterprise Edition administrator activates FinalCode security, and end users from the same organization need to install the FinalCode for Box application. Once, installed, the end user simply selects files or folders to apply FinalCode security. FinalCode will then obtain the specified clear file or files within a folder that have been uploaded to / exist within the Box repository, automatically apply FinalCode security to the file(s), and make a new version of the respective file(s) to be replaced in the Box repository. The resulting secured file preserves the original file’s Box indexing meta data. FinalCode deletes the original file version that had been uploaded to the Box repository so as to avoid users reverting to previous clear, unprotected version of the file(s).

FinalCode applies unique AES 256 encryption to each file secured by FinalCode. In additional, FinalCode can apply and enforce a variety of file usage controls that remain persistent as files are sent outside the Box repository, removed from the secure Box container and possibly shared with others. To make applying file usage controls to files and folders within the Box repository easy, FinalCode has mapped different FinalCode permission sets to the different Box collaborator types. In this way, Box users do not need to determine unique settings, rather they invoke predefined settings by merely associating the Box collaborator type to the file or folder. Files can also inherit the Box collaborator type and respective FinalCode permission sets as files and folders move within the Box folder hierarchy.

The following are the FinalCode permission sets mapped to Box collaborators.
Owner and Co-owner: No Limitations and print with watermark
Editor: Can only save changes into the protected file and print with watermark
Viewer and Previewer: Can only view the file
Uploaded: Can not view the file

What happens when a FinalCode protected file is placed in a box folder protected by FinalCode for Box?

When a  FinalCode protected file is placed in a box folder protected by FinalCode for box, the FinalCode Encryption Service will recognize that the file placed in the Box repository has prior been secured by FinalCode, and will not apply additional encryption or usage controls to the file.  The encryption and usage controls associated with a FinalCode protected file will not be overwritten by FinalCode for Box and such actions are recorded in the FinalCode activity log.

Can FinalCode secure multiple files?

Through FinalCode’s folder file security monitoring feature, users can place multiple files into a local or network folder and FinalCode can apply file security settings based on a template to any file within the folder.

Can I change permissions after I secure a file?

FinalCode file owners and administrators can change permissions to a file even after it has been secured by FinalCode. Through the FinalCode Client, the user securely goes to the FinalCode web management console to review and change file permission sets and templates containing file permission sets. Once a change is made, it will become the current active permission the next time the recipient’s FinalCode Client / Reader connects to the FinalCode Server to access the file.

Can recipients request additional access and usage permissions for FinalCode secured files?

Depending on the permissions applied to the FinalCode to “file, recipients who have installed FinalCode but either do not have access rights to the secured file or require current permissions changed to the secured file will be able to simply make a permission request within the FinalCode Client / Reader GUI. An email will be sent to the file owner containing a link that will allow them to quickly take action on requests.

Does FinalCode work like a secure data room?

FinalCode can complement or replace a secure data room, but is different then a secure data room. A secure data room manages users to access a hosted file repository. Controls for file access and usage, including permissions and logging, can be controlled in the file repository, but once files are downloaded or removed from the repository, enforcement controls are diminished or lost. FinalCode allows participants to be designated as authorized recipients either adhoc or through the use of templates. As files are secured, each file is uniquely encrypted and can have specific usage controls which are applied to each shared file. The file owner simply sets the permissions and FinalCode manages all of the security meta data. These secured files can be placed in a secure data room or shared in any other manner such as email, FTP, cloud application, etc. File access and usage information is recorded in the FinalCode audit log. At any point, the file owner can change permissions, unlock files or set files for deletion. Only authorized users can access and modify the FinalCode secured files, so file data leakage and confidentiality risks are removed.

How can FinalCode be provisioned to end users?

There are multiple ways for FinalCode to be provisioned. FinalCode administrators can pre-define internal and external users based on the user’s email address, and these users can be associated to groups and organizational structures within FinalCode. FinalCode also supports dynamic provisioning using Windows Active Directory or SAML 2.0 in order to automatically synchronize FinalCode organizational roles, functions and template controls with directory service users and organizational units. FinalCode also supports the generation of an MSI file to be used for Windows infrastructure distribution.

If I send a FinalCode secured file, how can I inform the recipient how to open it?

When a FinalCode user specifies recipients in the FinalCode Client GUI (which can include obtaining recipients within the organization’s LDAP Directory Services) and secures a file, the FinalCode Server will check to see if any designated recipient has not prior installed and authenticated with the FinalCode Server. The FinalCode Server can be set to automatically send an email to such recipients in order to facilitate their installation and on boarding process.

Does the FinalCode Client / Reader need administrative rights for installation?

The FinalCode Client / Reader does not require administrative rights to be installed.

Does FinalCode work with IOS and Android smartphones?

Yes, FinalCode offers the FinalCode Reader app native to IOS and Android smartphones. The FinalCode Reader app can request access, request additional usage permission, enforce current usage controls and send back usage activity via communications with the FinalCode Server.  It can not be used to set file security policy. The FinalCode Reader app for Android supporting FinalCode v5 is currently available on Google Play. The FinalCode Reader app for Apple IOS supporting FinalCode v5 is available in the Apple App Store.

Does FinalCode compete with Mobile Device Management (MDM) platforms?

FinalCode does not compete with Mobile Device Management platforms, but is complementary to MDM systems. FinalCode manages file security and can persistently enforce security controls of files removed from a device container.  While some MDM systems offer containers to manage files sent to a MDM-managed device, others can not limit the means to stop files from leaving an MDM-managed device including files sent via email. Additionally, MDM-managed devices do not have application-specific IRM controls. Lastly, MDM systems by nature are managed by an organization on an employees’ smartphone… they are not meant to enable file controls on phones outside the organization.  FinalCode addresses these limitations with regards to file security management, not mobile device management.

How does FinalCode support BYOD?

FinalCode supports BYOD by enabling organizations to securely share sensitive files to mobile devices (notebooks and smartphones) that are corporate- or employee owned, and even to those users outside an organization. FinalCode manages file security and can persistently enforce security controls of files without requiring a device container.

Does FinalCode track file access and usage?

Yes. Through the FinalCode Client, FinalCode tracks all permission sets (recipients and usage controls) applied to a file, changes to those permission sets, recipient file activity such as open, print, saved to original, and unauthorized attempts to open a FinalCode secured file. This audit log information is stored in the FinalCode Server which can be securely accessed by the File Owner and administrator for search, reporting and forensics.

Can and how does FinalCode delete / wipe files remotely?

On demand or on unauthorized file access attempts, the FinalCode Client can be send a command to the operating system to overwrite the file on the devices’ storage medium. The File Owner or administrator, if authorized, can search and select FinalCode secured files to be designated for deletion. When the FinalCode Client attempts to open the file, it will receive instructions from the FinalCode Server to delete the file.

What happens if an unauthorized user attempts to open a FinalCode secured file?

FinalCode protected files (which have a .fcl extension) can only be opened up by a FinalCode Client / Reader. Depending on the permission established when the file was secured by FinalCode, when FinalCode Client attempts to open the file, it will request access permission from the FinalCode Server. The FinalCode Server will send instructions to the FinalCode Client to deny access and delete the file. Another permission option is to allow the recipient to request access to the file.

Can I access a FinalCode file while offline?

FinalCode has the option to allow users the right to access and use a FinalCode secured file while offline. The recipient must first open the FinalCode secured file with the FinalCode Client / Reader in order to receive authorized file usage instructions. Once obtained, if the user is permitted to access secured files while offline, the FinalCode Client will locally enforce policy. Once the FinalCode Client is back online, it will send file activity information to the FinalCode Server and receive a more current set of permissions if they have been updated.

What multi-factor method does FinalCode use for authentication?

FinalCode uses a combination of factors to enable the FinalCode Client to authenticate a user and device to the FinalCode Server and thus be able to set or receive file access and usage permissions. These factors include user name, password, a one-time passcode, and different device attributes. Should a user install a FinalCode Client or Reader on a new device, the user will need to complete a new authentication process which will add an additional device to the user account. In addition, FinalCode administrators can apply Windows Active Directory authentication for all or groups of users. FinalCode also supports multi-factor authentication through SAML 2.0 support.

Does FinalCode support Microsoft Office files?

Yes, FinalCode supports Word, Excel, PowerPoint, Access and Visio. FinalCode also support different OpenOffice application file types.  See the FinalCode datasheet for a more complete list.

Does FinalCode support Adobe Acrobat files?

Yes, FinalCode supports Adobe Acrobat files. See the FinalCode datasheet for a more complete list.

Does FinalCode support Computer Aided Design (CAD) files?

Yes, FinalCode offers broad support for CAD application files. Currently, FinalCode supports files from AutoDesk AutoCAD, AutoCAD LT and AutoCAD DWG TrueView, as well as well as Dassault SolidWorks. See the FinalCode datasheet for a more complete list.

Where can I find a list of application file types that FinalCode supports?

FinalCode can apply encryption and track when a file is opened and converted to original. More extensive FinalCode file IRM controls can be applied to FinalCode supported applications.  See the FinalCode datasheet for a more complete list.

Can FinalCode be used to enforce digital rights management (DRM) for media files?

FinalCode can apply encryption and track when a file is opened and converted to original.  FinalCode supports a variety of media files including Windows Picture and FAC Viewer, .JPG, MP3, MP4 and other popular media formats. While more extensive FinalCode file IRM controls can be applied to FinalCode supported file types, it has not been designed to replace media DRM solutions as commonly used for commercial movies and other media.  See the FinalCode datasheet for a more complete list.

What support does FinalCode offer?

FinalCode strives to provide timely and effective support to our customers and partners. FinalCode online support is available to all users is available to all users.  FinalCode email and phone technical support is available to licensed users who are administrators of the FinalCode platform. To determine what support you and your organization is entitled to, see www.finalcode.com/en/available-support/.