Company launches end-to-end encryption service for the federal government

Padlock over lines of binary code

For federal agencies and the millions of employees and contractors who work for them, information security and encryption are huge priorities. But the use of Personal Identity Verification (PIV) credentials can be time-consuming and confusing.

Now, an IT company called Zeva is launching a new product designed to streamline all that. It’s unveiling an encryption platform it calls ZevaCrypt, that's billed as a solution to simplify the use of end-to-end encryption across the sprawling US federal government.

ZevaCrypt is specifically designed to help agencies comply with federal directives that advise the use of PIV encryption to protect sensitive information, following guidelines spelt out by the Office of Management and Budget and the Department of Homeland Security.

PIV credentials involve unique identifiers such as certificates, key pairs, pin numbers, pictures and biometrics, like fingerprints. They provide the capability to implement multi-factor authentication for access to federally controlled networks, applications and buildings.

The intent of ZevaCrypt is to help federal agencies more easily use their existing PIV encryption infrastructure with emails and documents exchanged between agencies and with contractors.

“Finding the right PIV identity and assurance credentials are major problems when working across agencies or with contractors,” said Sam Andoni, Zeva’s founder and president. “ZevaCrypt automates the discovery of trusted, federated PIV credentials and selects the correct certificate for the highest assurance level available.”

Zeva describes itself as a leader in public key enablement, IT modernization and encryption solutions.

To make the PIV encryption process more seamless and intuitive, ZevaCrypt incorporates the following features:

  • An email client plugin simplifies the entire user experience and makes sending PIV-encrypted emails easy and intuitive.
  • Emails flow directly from senders to recipients, and never pass through ZevaCrypt servers
  • There’s no sidestepping end-to-end PIV encryption and identity security.
  • There’s no fallback to username/password or text messages to access encrypted documents. (This is a vulnerability of cloud-gateway-type solutions.)
  • A global encryption directory, integrated with the federal government and others, manages identity discovery and credential distribution between federal agencies and with contractors
  • Smart validation of PKI certificates automatically ensures use of the highest assurance credentials possible.
  • Cloud-based services and administration portals simplify the implementation and management of the credential processing.