FINALCODE 5.

11
REVIEW

How To Protect Your Integrity

and Confidentiality Through
Powerful Encryption
by Tom Updegrove
In Real Estate the three most important words are location, location, location. In Information Security
those three are encryption, encryption, encryption. Yes, encryption solves a number of problems and
keeps the CIA triad of confidentiality, integrity and availability in tight formation. FinalCode is an
application that keeps files secure by protecting the integrity and confidentiality through powerful
encryption. Confidential file sharing is essential in today’s information world and even more so when
compliance mandates file encryption both in transit and at rest. FinalCode does just that along with a
number of other file encryption management controls. The application is primarily Windows only and
certified to work with Windows 7, 8, 8.1, 10, Server 2008, Server 2012, Android and iOS. There are plans
for Mac OS early 2017.

TWO VERSIONS
There is a Cloud based web version of the application and an Enterprise Appliance version. I only
reviewed the Web based version but the interfaces are similar with many of the same features and
limitations. The enterprise appliance version allows for high capacity distribution list than the Web
version the licensing is different and of course is designed to run locally on site.

THE INTERFACE
Upon installation you are presented with a simple yet powerful interface. This is where you set up your
profile templates, users, preferences and folder strategy.

1
When you click on the “Manage secure files” button you are taken to the Cloud based GUI. This is where
you mange users, recipients, profiles and network folders. The interface is intuitive and can for the most
part be navigated without referring to the well documented “help PDF”.

PROFILE TEMPLATES
There are no templates at startup and you need to build them. The template structure depends on the
permissions you want
grant to files and users.
The interface is simplistic
and quick with smart
controls that can provide
feedback for mistakes in
setting permissions.

It is possible to send a file that your recipients can read once, can’t print, can’t copy or screen capture
and simply evaporates after use or after a certain time period. Conversely you may send a file that the
recipient may print or even seize full control of and revert back to its original unencrypted form through
the five permission settings (above). You can create many different security templates and layer them
like an ACL (access control list) to send the same file to many different recipients and each with different
permissions. (As below)

2
 TYPES OF USERS dynamic permission setting, and lifecycle
activity tracking – directly invoked within the
FinalCode has its own user database yet it’s
Box interface.”
flexible enough to allow integration with AD
(Active Directory). On the simplest peer to peer
level each file creator/owner encrypts files under The NetApp options allow for future file
their email address. The file owner then management enhancement for large wide area
designates who may open the file based on email file sharing between multiple offices.
addresses and policy template applied. The file
permissions are granular enough to achieve most 256 AES ENCRYPTION
requirements. The FinalCode uses AES 256 bit encryption. The
For enterprise requirements Active Directory can daunting task of key management is handled by
be integrated with FinalCode’s user database. FinalCode’s Cryptoease and for those who need
There is also the option to use SAML or want to manage their own key it’s possible
authentication with the FinalCode API for those through Amazon Web Services KMS (Key
seeking higher Cloud integration. Management Service). FinalCode’s encryption
modules achieved FIPS 140-2 Level 1 certification
BOX AND NETAPP FOLDER and are Suite-B compliant.

SHARING
FILE TRANSFER
FinalCode has a special relationship with
Box.com and NetApp to add even more control to The most flexible aspect of FinalCode is how files

user permissions and file level authorization. are distributed. Once a file has been encrypted

Although I was able to upload files to One Drive, and recipients designated the files may be

GDrive, Dropbox and personal file storage in delivered in all conceivable ways; traditional file

AWS. The developers have created special storage, email, USB storage/sneaker-net, ftp

options meant specifically for Box: www.box.com server, G drive/One drive/other generic cloud
drives, Dropbox, etc. Your recipient will get a

According to FinalCode’s documentation notification with a link to download the

“FinalCode for Box ensures persistent file access, FinalCode client and once installed and

usage control and deletion of files that are registered they can open the file with the

outside the secure Box container in a way that is permissions the sender designated.

seamless to Box collaborators. With FinalCode,

organizations gain strong file encryption,

3
 FILE FOLDER AUTO ENCRYPTION
For the simplest of file encryption methods, drop the file into the FinalCode app screen (or click and
browse) apply the encryption policy, designed a recipient or multiple recipients and deliver. However,
you can designate a local folder and subfolders and once setup you can drop a file in there and they will
be automatically encrypted according to the policy applied in the setup of the secure folder. The
Enterprise version allows a dedicated network folder share using the optional module.

FILE DELETION
As stated before it’s possible to configure file deletion after a certain number of times the file was opened
by an authorized user or deleted after a certain time threshold is reached. Files can also be deleted from
authorized user’s computers at any time by changing the file policy from the application or FinalCode
web GUI.

THUMB DRIVE THEFT

The file deletion only works however when a registered FinalCode user attempts to open a file that isn’t
designed for them, the client is installed on the recipient’s computer and the file deletion option is turned
on in preferences. I was able to copy encrypted file off a designated computer via a thumb drive and open
them with Notepad++ but the content was goblegook and unreadable. My point here is that FinalCode
didn’t delete the file but it was still fully encrypted and unreadable. When trying to open a file
transferred via email by a registered but unintended user running the FinalCode client the file is
automatically deleted on the computer that the user is trying to open the file with. The file still stays in
the email or in the case of a file server the file persists in its folder. This give me a clue as to the role the
client plays in encrypting and decrypting the file.

SOME ISSUES ENCOUNTERED WHEN USING FINALCODE

While setting up FinalCode for this review I encountered a few installation and operational problems.
Support was quick to reply and comment on the issues.

WOULD I USE THE PRODUCT?

In today’s world of leaked emails and ex-filtrated data from outsiders this application can serve an
important role. We all know what over securing data results in, namely the loss in productivity due to

4
unruly controls that slow down transmission, reading and writing of data. The developers of FinalCode
know what the problems are and have put together a message transmission tool that allows for
reasonable and fast authentication, authorization and accounting. Not only would I use this, I would
recommend it to my clients as well.

About the Reviewer:

With FinalCode, your employees can share Tom Updegrove is a security

confidential files internally and externally with researcher, teacher, and runs a full
confidence, knowing that unauthorized time computer consultancy, as well.
recipients will not have access. Better yet, your
company can rapidly implement strong file
encryption, usage control and auditing capability
in a way that preserves user experience and your
investment. An easy, flexible and rapidly
deployable approach to file security that
leverages your existing file share, enterprise
content management, cloud storage and
collaboration platforms.
http://www.finalcode.com