Brand new Hybrid Server range in the offing

Featured

carbonite-hybrid-server-for-business2The SigniFlow team has once again gone all out to ensure all our customers’ needs are met in every way, with our latest range of Hybrid Server licences.

Following an overwhelmingly positive response to our hybrid server solution, SigniFlow has pulled out all the stops to create a product that covers all bases, serves every one of our customers according to their specific needs and – above all – is first-class and failsafe.

A native cloud application utilising cloud computing frameworks and network-attached Hardware Security Modules (HSMs) to perform cryptographic signature operations, the SigniFlow solution was born out of the need for enterprise-level businesses to have maximum control over their data.

“For most small-to-medium businesses, accessing applications in the cloud was no problem, in fact it was in many cases preferred, but at an enterprise level, where highly sensitive documents and international legislation were involved, the need for more control was imminent,” explains Leon van der Merwe, Digital Director at SigniFlow.

In response to this need, SigniFlow launched its first open-enterprise on-premise SigniFlow Hybrid Server in 2017.

The term ‘Hybrid’, which we’ve used to name our server offering, refers to the combination of technology it employs – a dedicated hosted server, virtualisation technology and cloud-based cryptography.

Although often referred to as an on-premise solution, the SigniFlow Hybrid server is at home in a private server room or data centre, as well as in any hosted environment (private or public-cloud) and in a secure cloud services platform, like the popular Amazon Web Services (AWS) or Microsoft Azure.

The SigniFlow Hybrid brought about the ultimate in customisation, rebranding, enterprise information control, and an unrivalled bespoke integration landscape.

Highly successful among the big businesses the solution was intended for at the time, the technology drew such interest in the market at large during 2018, that suddenly businesses from across the spectrum wanted it.

“By listening to our customers, we realised that the solution, originally built for the enterprise, needed to be more flexible and scalable, to cater to medium – and even smaller – businesses,” says Van der Merwe.

“The SigniFlow team has once again gone full tilt in the idea factory, and we are very excited about our brand new Hybrid Server offerings for 2019.”

How the new licences work

The new SigniFlow Hybrid Server range consist of five new licences, the NANO-50, MEGA-250, TERA-500, PETA-1000 and the exciting new document-based open-enterprise license, the EXA-OPEN.

As its name suggests, the NANO-50 is a single tenant Hybrid that caters for up to 50 users, unlimited documents and unlimited signatures.

Similarly, the MEGA-250, TERA-500 and PETA-1000 cater for up to 250, 500 and 1 000 users respectively, all with document limits removed, and fully scalable and upgradeable licence plans.

From the MEGA-250 onwards, the servers can be duplicated to cater for more than 1 000 users and farmed for high-volume load balancing. Each comes with a second licence that can be used for disaster recovery (DR), or user acceptance testing (UAT or pre-prod). These models are also multi-tenant and can feature multiple business profiles per server.

The EXA-OPEN introduces a new approach to enterprise licensing. Documents, which may contain any amount of signatories, are bought in packs, ranging from 1 000 to 400 000 documents per pack, at incredibly low rates per document.

The real benefit of the EXA-OPEN kicks in for customers with document volumes above 400 000 per year, as the licence has a ceiling-charge equal to the 400 000 pack’s price. This means that after 400 000 documents, a flat annual rate is charged – no matter how many documents are involved or how many users are utilising the system.

The new Hybrid Server Licence Models are available in South Africa, South America, the United States, Europe, the Nordics and the United Kingdom.

 

For more information on how our Hybrid Server range can benefit your company, contact the team via support@signiflow.com  or phone:

South Africa : (+27) 10 300 4898

Americas: (+1) 603 717 4248

Europe: (+32) 494 102 095

Local digital signature company cements global alliance

itologo

Posted by IT Online on 19 November 2018.

 

South African-born digital signature and workflow solution, SigniFlow, offering socially responsible product for business process automation, has landed on American shores.

A woman-owned small business based in New Hampshire, SigniFlow Americas is a member of the New Hampshire Tech Alliance, an affiliation committed to nurturing a technology ecosystem by building partnerships, enhancing knowledge, and shaping public policy.

The woman behind the new digital signature solution is Laila Robak, a Brazil-born entrepreneur with a passion for information technology and the power it has to transform and improve lives.

“We are very excited about the launch of SigniFlow Americas, and with Laila at the helm, this business is destined for greatness. We are proud to welcome all our Americas customers and partners to the global SigniFlow family,” says Leon van der Merwe, director of digital technologies at SigniFlow.

SigniFlow delivers enterprise-grade on-premise, private cloud and cloud solutions with a high level of integration, allowing companies to customise the solution to suit both their specific needs and their budgets. The solution provides legally valid digital signatures (cryptographic e-signing) and accepts digital certificates from almost any e-identity provider, publicly trusted certificate authorities (CAs) and privately signed public key infrastructures (PKIs).

Robak comments: “SigniFlow is a solution that can revolutionise business processes. It has various APIs that give us flexibility to create and integrate with existing systems and platforms, allowing organisations to choose from a range of options, from cloud to local deployments and hosted environments, and to use a mix of digital and electronic signatures – all while guaranteeing the legal validity of documents.”

Data protection: SA companies need to take a global stance

Featured

how-to-comply-with-the-data-protection-act-457501399With the implementation of the EU’s data protection laws just around the corner, local entities need to study up on how it could affect them.

D-day for implementation of the European Union’s (EU) General Data Protection Regulation (GDPR) is just three months away – and South African organisations are by no means off the hook.

If you are a South African entity that handles individuals’ personal data, you will be acutely aware of our country’s data protection law – the Protection of Personal Information (POPI) Act – but have you considered how the looming GDPR affects the way you manage clients’ personal information?

The fact of the matter is, if you are a locally-based business that offers goods or services to EU customers, you also deal with personal information or data relating to EU citizens’ – and you are just as responsible for complying with the GDPR as any EU business.

Leon van der Merwe, head of digital at customer communication firm PBSA, points out that any entity controlling or processing data relating to EU citizens is affected by the GDPR. “Controlling refers to any organisation that states why and how data is processed, while a processor is any party doing the actual processing of the data, whether based in the EU, or not.”

GDPR vs POPI

Van der Merwe says it is crucially important for local companies with dealings abroad to do their homework and familiarise themselves with the GDPR’s ground rules. “Companies could be fined heavily under GDPR regulations if they fail to provide evidentiary and auditable processes, as well as adequate IT security, to protect personal data.”

The GDPR is a regulation borne out of the European Parliament, Council of the European Union and European Commission’s joint intent to strengthen and unify data protection EU citizens.

Non-compliance with the GDPR comes with a hefty fine of up to €20 million (about R290 million) – or 4% of annual sales.

Similar to SA’s POPI Act, the GDPR is all about data protection. Data includes things like a person’s name, email address and phone number, as well as information collected by website cookies like internet browsing habits.

Breaching rules laid out in the POPI Act comes with a R10 million fine and/or a jail sentence.

Van der Merwe summarises the parallels between the two data-protection directives: “POPI and GDPR are similar, in that they both aim to strengthen the protection of personal information. They differ in their approach, in that the GDPR takes a wider, more global perspective that includes anyone, anywhere either controlling or processing – or both – data relating to EU citizens.”

Auditable business processes

A big part of compliance, when it comes to both the POPI Act and the GDPR, specifically involves audit trails – something PBSA’s digital signature and workflow product, SignFlow, is heavily centred on.

For evidentiary purposes and in order for any company to assert GDPR compliance, the automated management of an audit trail is imperative.

Van der Merwe says SignFlow is can assist customers in their strategy to automate and digitise processes in a responsible and compliant manner. “Business Process Automation is at the forefront of our technology development at SignFlow, including tools like DocFlow, CaseFlow and our digital customer on-boarding tools.”

At the core of SignFlow, he says, is Public Key Infrastructure (PKI). “PKI manages users’ private keys, and signs and secures documents using Public Key Cryptography. Not only does this make documents tamper-evident after they’ve been signed, but the entire operation is conducted in a secure network over encrypted secure socket layers between the public, personal devices and private servers.”

Unlike paper files and systems managing email attachments, this portal fully controls and audits the workflow and communication channels between interacting parties. “This greatly reduces the risk of data leaks,” says van der Merwe.

“The system enhances non-repudiation, creating a digital trail of undeniable events that prove intent and identity.”

With GDPR set to come into effect on 25 May 2018, and the high stakes attached to non-compliance, South African companies simply cannot afford not to take a global view on data protection. “The protection of personal information goes far beyond just the POPI Act for local companies dealing with international customers,” says van der Merwe.

 

[REFERENCES]

  1. Digiday – For the GDPR-curious: WTF is the Article 29 Working Party?
  2. The Digiday Guide to GDPR (PDF)
  3. The Sun – What is GDPR, what does it stand for, when is the deadline in 2018 and how can you check if a business is compliant?
  4. Michalsons – What does the GDPR mean for the POPI Act?
    POPI commencement date or POPI effective date starts the clock
  5. Wikipedia – General Data Protection Regulation
  6. IOL – Protection of Personal Information Act soon to become a reality
  7. ITWeb – Unpacking the POPI Act: The ins and outs of protecting personal information

ACS partnership bolsters digital certificate security

Featured

SignFlow has teamed up with Altech Card Solutions to offer Thales hardware security modules to its digital signature customers.

In a move that will see users’ private keys and personal digital certificates receiving a serious security boost, SignFlow has partnered with Altech Card Solutions (ACS), a division of Altron TMT, to offer Thales HSMs (hardware security modules) to digital signature customers.

Using SignFlow’s PKCS#11 cryptographic interface, SignFlow uses Thales NShield Connect HSMs to perform highly specialised cryptographic operations, and to fully manage and secure private keys and personal digital certificates.

Head of digital at SignFlow’s parent company PBSA, Leon can der Merwe, says the partnership with ACS sees SignFlow extending its integration reach to include the Thales NShield range of network attached, FIPS 140-2 Level 3 HSMs.

“Apart from deploying the NShield devices in the highly-secure SignFlow Cloud, we now also offer the NShield range to corporate customers who would like to localise and manage their SignFlow private keys in private data centres.”

The SignFlow HSMs are directly integrated with multiple local and global CA’s (Certificate Authorities) to offer stringent, legally compliant Advanced Electronic Signatures (AES), Qualified Electronic Signatures (QES) and Adobe Approved Trust List (AATL) certificates, which are applied to documents through its digital signature application.

A division of Altron TMT (Pty) Ltd, ACS was formed in 1993 and is today firmly established as a leading player in the secure electronic transactions market.

It is Thales’ established track record in the payments security space and global footprint in hardware and software encryption solutions that makes this partnership so advantageous, says ACS.

SignFlow, an enterprise-class digital signature and document workflow application, was born in a digital era that has seen new business opportunities emerging as paper-based systems are replaced by digital platforms.

SignFlow digital signatures are powered by robust public-key infrastructure (PKI) technology, which is recognised as best practice for ensuring digital accountability. SignFlow digital signatures offer an effective, secure and legally compliant method of providing accountability during electronic transactions.

“Our partnership with ACS will benefit customers across the spectrum – including consumers using SignFlow’s SignFREE to sign documents, businesses using the SignFlow Cloud to distribute documents and government and corporate institutions using SignFlow’s Enterprise Hybrid Servers and Private Network Servers to digitally sign and workflow documents for sign-offs,” says Van der Merwe.

Digital signature technology breakthrough for face-to-face signing

face to faceThe SignFlow team has made a technological breakthrough that gives users the ability to carry out face-to-face document signing and turn a simple electronic signature into a certifiable digital signature with a full audit trail, on the fly.

Ideal for face-to-face contractual signing, the new SignFlow feature allows users to have documents signed in a face-to-face environment, with a graphical signature that is linked to the signer’s identity, cellphone number and email address. This provides the SignFlow user the opportunity to witness the signature, which – backed by a digital certificate – is 100% legal.

While the use of electronic signatures obtained via mechanisms such as handheld signature pads is commonplace, SignFlow has taken the practice to the next level and is the only solution on the market that takes an e-signature and turns it into a digital signature, with the signer’s information embedded into a digital certificate.

SignFlow Face-to-Face is not just the scribble of a signature with a mouse – it is a fully-fledged, legally certifiable digital signature with all the security and non-repudiation benefits that come with it.

On top of this, the Face-to-Face signature from SignFlow has all the auditing advantages of a digital signature – another area in which it trumps electronic signatures. This means that, after the document has been signed and the PDF downloaded, the audit trail of the person that signed can be seen in the PDF document – allowing the user to validate the person’s signature using Adobe Acrobat.

A digital signature differs fundamentally from an electronic signature. An electronic signature has no active verification capability built into it – nor does it come with a traceable audit trail – leaving it wide open to fraud and repudiation.

A digital signature, on the other hand, is created using a cryptographic operation that creates a hash-code unique to both the signer and the content, so that it cannot be copied, forged or tampered with. In this case there is strong proof of the signer’s identity, and the data integrity of the document is totally protected.

ee publishers – Digital signatures with one click

August 6th, 2014, Published in Articles: EngineerIT

by Hans van de Groenendaal, features editor, EngineerIT

New, ground-breaking technology – called “CoSign Click” – is set to revolutionise how companies “on-board’” new customers. No cumbersome and time-consuming manual process of printing out forms, signing in pen, scanning and uploading or emailing the document.

Leon van der Merwe – Business Development Manager

Co-Sign Click is a digital signature solution which enables a company’s customers to sign on-line documents and forms electronically without them requiring a digital signature or any hardware signing device “Until now, signing electronically with a digital signature was only available to licensed subscribers of digital signature applications,” said Leon van der Merwe, business development manager of Pitney Bowes, the first company to introduce CoSign Click to South Africa.  “This new technology will be a boon for companies requiring customers to provide a once-off signature on a document or form.”

In South African law there are certain statutes that require a signature before a document can be considered valid. If this signature is to be applied electronically, the Electronic Communications and Transaction (ECT) Act of 2002 refers to an “advanced” electronic signature (AeS) and is the only type of electronic signature that is recognised as legally acceptable.

“We have partnered with ARX, a leading provider of digital signatures, to offer a legally compliant solution for digitally signing documents which can then be seamlessly integrated with an electronic document management system.”

There are three areas in which the technology ensures compliance: three “I”s: intent (to sign), identity (of the signer) and integrity (of the document).  After a person electronically signs a document the content of the document is protected. If changes are made to the signed document, the signature will no longer be valid. Digital signatures have become increasingly necessary in today’s international and local business world, as companies strive to automate and streamline their systems. CoSign Click provides a slick alternative to what has historically been a paper-intensive and inefficient process. “No printing or scanning, just a digital process”, said van der Merwe .

CoSign is said to be the most widely used digital signature solution. In 2013 it was recognised as “the strongest digital signature solution” in the Forrester Wave: E-Signatures report. Millions of people at large enterprises, SMBs, governments and cloud services around the world use CoSign every day on their computers and mobile devices to easily add secure digital signatures to documents in Word, Excel, PDF, SharePoint, OpenText, Oracle, Alfresco, Nintex, K2, and many other applications and file formats.

CoSign Click is an add-on component to collect digital signatures from partners, customers and other external parties. Documents that need to be signed are exported directly from existing workflows and securely sent to any external party from the CoSign Click interface. A web-based mobile-ready application is used to sign the document and back directly into the sender’s document management system.

View original article – ee publishers:

http://www.ee.co.za/article/digital-signatures-with-one-click.html

EngineerIT