Home » Security

While information and data have always been valuable commodities, they have never been as available and distributed as they are in our digital world today. With digital information being so readily generated and shared, data security rises in importance. Learning about data security and how it may impact your business, government, and personal life is a necessity. So let’s dive in to what data security means and its importance in today’s technologically driven world!

What is Data Security

“Data security is the process of safeguarding digital information throughout its entire life cycle to protect it from corruption, theft, or unauthorized access,” defines Fortinet, a computer, data, and network security company. “It covers everything—hardware, software, storage devices, and user devices; access and administrative controls; and organizations’ policies and procedures.”

“When properly implemented, robust data security strategies will protect an organization’s information assets against cybercriminal activities, but they also guard against insider threats and human error, which remains among the leading causes of data breaches today,” adds IBM. “Data security involves deploying tools and technologies that enhance the organization’s visibility into where its critical data resides and how it is used. Ideally, these tools should be able to apply protections like encryption, data masking, and redaction of sensitive files, and should automate reporting to streamline audits and adhering to regulatory requirements.”

The Importance of Data Security

In today’s digital world, protecting proprietary information—including client data, financial transactions, knowledge archives, infrastructure and databases—must be a top priority for companies and organizations. If they fail via data breaches, hacking, or theft, companies may lose customers and lose trust.

“All businesses have data that’s valuable and that has to be protected,” said Candy Alexander, international president at Information Systems Security Association, a nonprofit organization for information security professionals and practitioners.

Individuals and organizations rely on the companies they do business with to safeguard their data. If a trusted company fails at this task, the company will have more than just the legal fallout to contend with.

According to UpGuard, the combined cost of global data breaches in 2021—including customer repayments, auditing services, legal fees, and fines, among other costs—was approximately $6 trillion. But a failure to protect private information negatively impacts more than just a business’s bottom line, it endangers their reputation and future success. As such, companies employ skilled professionals to prevent or mitigate such risks.

“The cloud, mobility, and the powerful devices most of us have in our pockets enable a culture of convenience, and the ability to collaborate and be more productive. While this convenience arguably makes our lives easier, it also makes it easier for cybercriminals to gain access to our sensitive personal information wherever it lives or wherever it is traveling across the network,” explains SimpliLearn. “New security threats pop up all the time, and IT security professionals need to stay up to date with the latest tactics hackers are employing in the field.” Data security teams must include strategists, communicators, and lifelong learners to ensure IT security is consistently a top priority.

ZorroSign is a Data Security Platform Build on Blockchain

Advancing data security is critical for any technology managing data, and ZorroSign delivers data security in several ways.

The first way ZorroSign supports data security is by using distributed ledger technologies—originally built on Hyperledger Fabric, now expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.

Blockchains provide structural layers of protection from cybercrime like ransomware, malware, or phishing attacks by decentralizing the data set itself (preventing any one breach to access the entire data set), and then by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed. Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set. This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign has further elevated our data security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent)
  • Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)

Plus ZorroSign supports computer security with passwordless authentication capabilities, leveraging the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans.  Such biometric login facilitates user authentication at the device-level without passwords (which can be hacked or stolen) for elevated security of digital signatures and your digital documents.


Contact us
 to learn more about data security and put us to the test:  Start your free trial of ZorroSign’s data security platform built on blockchain today!

https://nationaltoday.com/national-computer-security-day/

Every November 30th, the United States observes National Computer Security Day. This year, we’d like to share some details on the history of this security awareness, how ZorroSign’s data security platform built on blockchain contributes to computer security, and how you can observe National Computer Security Day to improve your hardware and data security.

HISTORY OF NATIONAL COMPUTER SECURITY DAY

“It seems like every day we hear about breaches in cyber security. Keeping people and companies safe online is a top priority all over the world. It’s something that stays uppermost in our minds on National Computer Security Day. The story of National Computer Security Day is an interesting one.

“On November 2, 1988, Cornell University researchers uncovered an unknown virus lurking in their computer systems. Within four hours of discovery, the Morris worm virus invaded several other university systems as well as the ARPANET, an early version of today’s internet.

“Six days later,  two computer experts with the U.S. Defense Advanced Research Projects Agency (DARPA) recommended assembling  a National Computer Infection Action Team (NCAT) to respond 24/7, 365 to these kinds of attacks. On November 14, the Software Engineering Institute (SEI), a research center connected with Carnegie Mellon University, set up the Computer Emergency Response Team (CERT). 

“In 1988, the National Computer Security Day sprang out of the Washington, D.C., chapter of the Association for Computing Machinery’s (ACM) Special Interest Group on Security, Audit, and Control as a way to raise awareness about cybercrimes and viruses.  According to a 2004 Networld article, ‘November 30 was chosen for CSD so that attention on computer security would remain high during the holiday season – when people are typically more focused on the busy shopping season than thwarting security threats.’ By 2003, CERT and the U.S. Department of Homeland Security joined forces to create the National Cyber Awareness System. 

“Whether we’re talking about National Computer Security Day or  National Cybersecurity Awareness Month also in October, the goals are essentially the same. Each person must be proactive to protect their online security. Use this month to find out all you can about common-sense ways to stay safe in cyberspace.”

HOW ZORROSIGN’S PLATFORM SUPPORTS COMPUTER SECURITY

ZorroSign is the first company that offers a multi-blockchain data security platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and now expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.

Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.  Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes.  By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set. This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent)
  • Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)

Plus ZorroSign supports computer security with passwordless authentication capabilities, leveraging the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans.  Such biometric login facilitates user authentication at the device-level without passwords (which can be hacked or stolen) for elevated security of digital signatures and your digital documents.

HOW TO OBSERVE NATIONAL COMPUTER SECURITY DAY

  • “Create a strong password
    In computer security, length matters. Passwords that are six characters are easier to hack, especially if they’re only made up of lowercase letters. To beef up your password, weave a nine-character combination of uppercase letters, symbols and numbers. Lastly, avoid using the same password for every account.
  • “Update spyware and malware protection software
    First, check to see if your operating system is up-to-date. If that’s set, update your protection software. Run a scan and don’t forget to invite your other devices to the party. Phones and tablets are also major security risks, so be diligent.
  • “Encrypt and backup your data
    Encrypt your data to create the brainiest of all brainteasers. But keep this in mind: even the best brain teaser can be cracked. That’s why it’s still important to back up your info on either the cloud or an external hard drive. (Just make sure that everything stays encrypted.)”
  • Use ZorroSign’s data security platform built on blockchain
    Tap the cybersecurity of blockchain with ZorroSign’s platform uniting digital signatures (Z-Sign), automated compliance (Z-Flow), intelligent forms (Z-Fill), document storage (Z-Vault), patented fraud prevention (Z-Forensics), user authentication and document verification (Z-Verify), identity-as-a-service (IDaaS), and so much more. Plus elevate computer security with our passwordless login capabilities, and patented Z-Forensics token for fraud detection.  When the risk is personal and everything is on the line, Block It Down!

Contact us to learn more or put us to the test:  Start your free trial of ZorroSign’s data security platform built on blockchain today!

https://www.linkedin.com/pulse/why-zorrosign-moved-microservices-you-should-too-shamsh-hadi/

At ZorroSign we recently made a major change to our platform architecture!

We have always been built on blockchain—and have always delivered the most private, most secure digital signatures—but we wanted to scale our platform much more aggressively, and that vison required a big change in how we develop and deploy our technology. Specifically, we moved from a centralized, monolithic approach to using microservices and containers.

Let me explain why we choose this new engineering approach and how your company might benefit from a similar move.

What Are Microservices? What Are Containers?

“A microservices architecture splits your application into multiple services that perform fine-grained functions and are part of your application as a whole,” explains IBM. “Each of your microservices will have a different logical function for your application.”

Explained another way, “a microservices framework creates a massively scalable and distributed system, which avoids the bottlenecks of a central database,” says Avi Networks (now part of VMware). “Microservices break an application into independent, loosely-coupled, individually deployable services… allowing for each service to scale or update using the deployment of service proxies without disrupting other services in the application and enabling the rapid, frequent and reliable delivery of large, complex applications.”

There are two types of microservices:  Stateless (which do not save data, so any data is lost when the microservice’s container restarts), and Stateful (which do save data and so write to a database).

And where do you put those microservices? In containers.

“Containers are packages of your software that include everything that it needs to run, including code, dependencies, libraries, binaries, and more,” continues IBM. “Docker and Kubernetes are the most popular frameworks to orchestrate multiple containers in enterprise environments”

“Containers are a lightweight alternative to VMs for providing isolated operating environments for your workloads,” says Edward Kisller for JFrog. “Containers avoid the infrastructure overhead of a full-blown OS and provide only those resources (i.e., installations, dependencies, and code) that your applications actually need.” In other words, containers do not use all the CPU or RAM but instead share the operating system kernel for faster boots and less memory consumption.

“A container is a useful resource allocation and sharing technology. It’s something dev-ops people get excited about,” writes Ev Kontsevoy for Teleport. “A microservice is a software design pattern. It’s something developers get excited about.”

Why Develop with Microservices? What Are the Benefits?

“Microservices architectures make applications easier to scale and faster to develop,” notes Amazon Web Services. “Enabling innovation and accelerating time-to-market for new features.”

Such were ZorroSign’s high-level goals:  To improve scalability, resilience, and productivity.

“Moving to microservices enabled a polyglot tech stack,” said Priyal Walpita, chief technology officer at ZorroSign. “Which means our engineers could contribute to our development efforts using the technology stacks that they know best, plus we boosted performance and facilitated a continuous delivery pipeline for easier and faster deployments.”

“Applications were traditionally built as monolithic pieces of software,” continues Avi Networks. “Monolithic applications have long life cycles, are updated infrequently and changes usually affect the entire application. Adding new features requires reconfiguring and updating the entire stack — from communications to security. This costly and cumbersome process delays time-to-market and updates in application development.”

In contrast to monolithic apps, microservices/container architectures bring benefits such as greater:

  • Agility — Microservices foster the organization of small, independent teams that take ownership of their services. “Best examples of microservices agility are sites like Amazon, eBay, Uber and Netflix, which are active 24×7,” notes AnAr Solutions. “The performance of these sites is a benchmark for other sites and applications. The response time, ability to handle multiple requests and process in minimum time is commendable.”
  • Productivity — “The microservice architecture tackles the speed issue of applications and its productivity by dividing it into small parts. In this way, these applications are developed and maintained at a very fast speed,” writes Terralogic. “Different teams work independently without waiting for the other team to finish their chunks of work. In this way, separate microservices are easier to locate and modify. Quality assurance of this microservice architecture is very fast as the programs which are developed early are tested instead of waiting for all the programs to be completed.”
  • Resilience — With microservices, an application will still function if part of it goes down because microservices allow for spinning up a replacement, granting the entire system higher resilience. “Three well-known microservices resiliency techniques improve fault tolerance and allow applications to smoothly handle failures,” explains Dr. Alan F. Castillo for Cloud Computing Technologies: Retry patterns, circuit breaker patterns, and timeout design patterns. “Employing these patterns is a very effective resiliency strategy for microservices applications. It doesn’t matter how you apply these patterns; what matters is that you have systems that can properly deal with failures.”
  • Continuous integration/continuous delivery (CI/CD) — Microservice facilitate CI/CD for applications and modernize the technology stack. “There are some goals of a strong CI/CD progression to serve in the microservices design, for example, every team of coders independently develop and install their changes or edits owned by them individualistically so that it did not affect or disrupt the work of other teams,” reports DevOps Enabler. “CI/CD best practices include the goal of automating the building process, testing the products, and then releasing the software. Developers must be able to track the performance metrics of DevOps throughout the software delivery lifecycle and warn people so that they can quickly recover if something goes wrong during deployment or release cycle.”
  • Scalability — Meeting demand is easier when microservices only have to scale the necessary components, which requires fewer resources. “Since an application is composed of multiple micro services which share no external dependencies, scaling a particular micro service instance in the flow is greatly simplified,” writes Atul Saini for Fiorano Software. “If a particular microservice in a flow becomes a bottleneck due to slow execution, that microservice can be run on more powerful hardware for increased performance if required, or one can run multiple instances of the microservice on different machines to process data elements in parallel.”
  • Security — “Migrating to microservices creates an opportunity for a much better security model,” explains Kontsevo. “As every microservice is a specialized process, it is a good idea to only allow it to access resources it needs. This way a vulnerability in just one microservice will not expose the rest of your system to an attacker.”

Not everything is easier with microservices, of course. Three commonly acknowledged challenges of deploying microservices typically include: First, the “complexity from managing microservices written in different languages,” as we’ve done at ZorroSign. Second, the “cost implications of network resource usage from remote calls across multiple services” and third, “investigating root causes or auditing systems becomes challenging when dealing with log management across distributed services, as log aggregators would be required,” suggests BMC.

But complexity, costs, and support all increase when any application grows, so facing those challenges with a microservices architecture is little different than facing the complexity, costs, and support challenges of a larger monolithic app.

Why ZorroSign Choose Microservices—and Why You Should, Too

Our CTO and I have been assessing microservices for several years, and committed to an overhaul of our DevOps a year ago. We spent the first half of 2022 building the next iteration of ZorroSign’s blockchain platform with microservices and containers.

“Beyond the development advantages, microservices allow us to more easily manage complex ZorroSign back-end services and improve our entire system’s resiliency,” said Walpita. “It’s far easier finding and fixing bugs, allowing our development team to focus on single, isolated functionality, and then deploying asynchronously to other development efforts, whenever new functionality is tested and ready.”

From my perspective, I was intrigued to learn how microservices improved our defense-in-depth capabilities, as security can be configured much more granularly and configured at each microservice level. With ZorroSign’s commitment to privacy and security, microservices were another important upgrade to keep our platform ahead of the competition.

“Our team develops in C#, Go, Java, and Python,” adds Walpita. “Being able to deploy all those program languages in a single application, united across AWS cloud tools, Docker, and Kubernetes, gives ZorroSign the flexibility our engineers desire and the scalability our customers demand.”

Finally, I asked Priyal what advice he might give other organizations thinking of deploying microservices. He said: “Make sure your product and development team are mature enough to adopt the complexity of a microservice architecture. At some point, a growing app’s need for scalability, higher resilience, and improved performance may make microservices the best path forward. But ensuring your DevOps are ready to integrate and manage all the pieces of a polyglot tech stack is the key to success.”

I encourage you to consider microservices for your apps, and welcome the chance to talk more about this exciting architecture for new technologies!

Blockchain-based digital signatures for greater privacy and security

With more and more businesses, governments, and individuals employing blockchain technology for commerce and operations, ZorroSign stands as key addition to your technology stack. 

Whether you’re decentralizing data with web3, securing cloud or software-as-a-service (SaaS) architectures, committing to digital transformation, or elevating sustainability, our multi-chain blockchain solution is the perfect addition to your IT offerings—learn how!

If You’re Decentralizing with Web3

The idea of escaping a centralized authority managing protocols, transactions, and access was built into the World Wide Web from its earliest days

  • Web 1.0 was the initial iteration of the World Wide Web in the late 1980’s and early 1990’s.  “Web 1.0 is the term used for the earliest version of the Internet as it emerged from its origins with Defense Advanced Research Projects Agency (DARPA),” writes Kuntal Chakraborty for Techopedia. “Experts refer to it as the ‘read-only’ web—a web that was not interactive in any significant sense.”
  • From those early static web pages, a platform model of computing soon evolved that would become Web 2.0 or the ‘social web.’  Here, interaction with growing web applications and platforms drove e-commerce and the expansion of the Internet, allowing large providers to aggregate and control much of the shared data.  This is the Internet we know today.
  • The dream of Web 3.0, however, is to break the centralization of information and democratize the Internet more to the vision of its earliest founders.  “Web3, ” claims Chris Dixon from Andreesen Horowitz in a recent article in The Economist, “combines the decentralized, community-governed ethos of web1 with the advanced, modern functionality of web2.”

“The rise of technologies such as distributed ledgers and storage on blockchain will allow for data decentralization and create a transparent and secure environment, overtaking Web 2.0’s centralization, surveillance and exploitative advertising,” writes Charles Silver in a recent Forbes article.  “Indeed, one of the most significant implications of decentralization and blockchain technology is in the area of data ownership and compensation… Web 3.0 will bring us a fairer internet by enabling the individual to be a sovereign.”

Blockchains are distributed ledger technology (DLT) leveraging cryptography—user authentication, data encryption and verification—to secure information records (blocks) distributed across peer-to-peer (P2P) networks. DLTs replicate, share, and synchronize digital data geographically spread across multiple sites (nodes), with no central data storage or administrator. They can run publicly (open) or privately (permissioned).

Perhaps most importantly, blockchains can support smart contracts—where terms, conditions, and permissions written into the digital code that require an exact sequence of events to take place to trigger the agreement of the terms mentioned in the blockchain contract. This hardwiring of contract details greatly increases speed (via automation), trust (where accuracy and backup are built into the transaction), and autonomy (as no third parties are required to mediate or control the exchange) of transactions.

As such, centralized solutions such as blockchains have immense potential to transform business contracts, real estate deals, digital rights, supply chain security and provenance, estate planning, and many other legal transactions.

And here is where ZorroSign shines! 

User Experience

We have built our digital platform from the ground up using blockchain technology.  Launched with Hyperledger Fabric, our multi-chain platform now supports the public Provenance Blockchain as well, giving our users an entirely new world of decentralized digital transactions.

Our web3 technology platform also provides identity-as-a-service (IDaaS) capabilities through a patented Z-Forensics token plus fraud prevention, user authentication, and document verification.  Web3 features such as artificial intelligence (AI) and machine learning (ML) allow us to automate form completion for digital documents, and can improve regulatory compliance across global standards for legally enforceable digital signatures.

Paired with Provenance Blockchain—which reduces the need for third-party intermediation, drastically reducing costs and freeing up capital in financial transactions—ZorroSign’s platform promotes greater transparency and liquidity for organizations, and allows for new kinds of financial engineering and business opportunities.

If You’re Securing SaaS or Cloud Solutions

More than 90% of all cyber attacks begin with phishing but blockchain architecture, originally built for zero-trust environments, can deliver a compelling alternative to centralized databases and a strong protection against cyber attacks. How?

  • In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.
  • In cyber attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
  • Recovery is quicker with blockchain, too. With blockchain, each endpoint node has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This speedy recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.

ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities—for example, PC and mobile device fingerprint scans, iris scans, and face recognition to ensure users are who they claim to be.

ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors.

And ZorroSign multi-factor authentication (MFA) provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based upon your transaction security needs: What you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token, our unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification); 
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent); and, 
  • Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

Unlike any other digital signature solution, ZorroSign seals all your documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

And like your SaaS solutions, ZorroSign’s SaaS model can be deployed in various cloud configurations, making it seamless to integrate into your existing platform as a public, private, hybrid, or on-premise cloud:

  • Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
  • In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
  • In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
  • On-premise deployments require your department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

If You’re Committed to Digital Transformation

For years, organizations have steadily moved more and more of their operations to digital data and delivery. Such advances save time and effort, automate key processes, and drive greater efficiency and effectiveness. With digital transformation, customers or constituents can receive services faster and gain self-service options, and employees get more time to work on the most important projects.

“Digital transformation is no longer an option, but an imperative,” notes the Harvard Business Review. “Recent research from Accenture has found that in the three years prior to 2018, firms who led their industry in enterprise technology adoption grew two times faster than laggards. Today, they are growing five times faster. The risk is no longer merely getting left behind, but being eliminated altogether.”

For organizations leveraging digital data, apps and SaaS, IoT, or any of the multitude of other digital solutions, adding ZorroSign can be an important consideration.

To transact business, commerce, government, or individual trade in such a digital ecosystem also requires legally enforceable digital signatures to prove agreement and intent. Our multi-chain blockchain platform delivers such digital signatures and ensures the digital chain-of-custody necessary to successfully defend digital signatures in a court of law.

And by digitizing paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity across digital operations . . . a massive benefit for any organization committed to digital transformation!

If You’re Focused on Sustainable Business

Digital operations also eliminate paper so “going green” with paperless operations may readily align to your IT organization’s corporate social responsibility goals or vision. 

At ZorroSign, we help IT organizations deliver paperless operations. We all understand that switching from doing business using paper to digital records is not only a smart business decision, but it is also good for the environment. Each time you use ZorroSign to digitally transact agreements, contracts, and other documents—instead of printing, faxing, scanning, shipping documents overnight to collect signatures—you save trees and water, plus reduce carbon emissions.

Further, ZorroSign is dedicated to advancing sustainability while advancing new technologies, promoting a paperless life and leading sustainability programs that support environmental conservation. The company’s Save-a-Tree, Plant-a-Tree program, for example, plants a tree on behalf of customers every time they save 8,000 pages of copy paper. As one tree produces roughly 8,000 pages of copy paper, this amounts to a double incentive: Reducing the destruction of trees via reduced paper use, plus increasing the number of trees as a reward for reducing paper use.

For all these reasons and more, if you are using blockchain technologies—or planning to in 2023—consider ZorroSign as a strong complement to your technology stack!  You can start with a free 14-day trial to see what we can deliver or contact us to learn more!

ZorroSign for Real Estate
ZorroSign Brings the Elevated Security and Compliance Standards that Your Real Estate Business Needs

Many in the real estate industry have made the jump into digital operations and this has allowed them to conduct business on the go while elevating their client’s security and compliance needs.

Only ZorroSign pairs a web3 transaction platform with mobile technology—delivering 21st century security to the age-old ceremony of signing and storing purchase agreements, and giving your customers peace of mind needed when conducting real estate transactions digitally and remotely.

Here are three reasons that you need to make the switch to digital operations with ZorroSign . . .  

Give Your Client Peace of Mind

By using ZorroSign, all the parties involved in a real estate transaction can Z-Sign documents anywhere, anytime and from their preferred device. That’s a win for everyone—especially the client! You no longer have to patiently wait through the frustratingly slow process that is paper operations. And they can keep up with their busy schedule and buy that house all while saving time and money. ZorroSign relieves you from being tied to the office or one particular place and lets you and your clients sign, send, and track documents while on-the-go.

Ensure Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, offering peace of mind for your real estate digital transactions, while preventing fraud and ensuring regulatory compliance.

How does this blockchain architecture contribute to ZorroSign being the best platform for your real estate needs?

Blockchain provides structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: First, by decentralizing the data set itself (preventing any one breach to access the entire data set); and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases which can be breached at unsecure endpoints (users and devices)—or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign intentionally used blockchain as the framework of our business to ensure that our customers were able to experience elevated security and peace of mind.

Stay Compliant

With ZorroSign, you can easily complete and sign multiple mandatory documents and ensure compliance at every stage—we are proud to make the security and privacy of our customers’ data our top focus!

Our unique combination of security architecture and data privacy functionality grants ZorroSign compliance across international standards for privacy and security, including but not limited to:

  • Canada:  The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada:  The Uniform Electronic Commerce Act (UECA)
  • EU:  Data Protection Regulation (GDPR) for data privacy and security
  • EU:  The electronic IDentification, Authentication and trust Services (eIDAS) regulation
  • India:  The Information Technology Act 2000 (IT Act of India)
  • International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
  • International Organization for Standardization (ISO) 27001 certified
  • PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
  • UAE:  Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
  • USA:  American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
  • USA:  California Consumer Privacy Act (CCPA)
  • USA:  Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
  • USA:  The Digital Millennium Copyright Act (DMCA)
  • USA:  The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
  • USA:  FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
  • USA:  The Health Insurance Portability and Accountability Act (HIPAA)
  • USA:  The Uniform Electronic Transactions Act (UETA)

To learn more about how ZorroSign serves the Real Estate industry, please contact us or start your 14-day free trial subscription today!

questions and answers

We are proud of our multi-chain blockchain platform at ZorroSign—delivering digital signatures paired with identity-as-a-service (IDaaS) technologies, a patented fraud prevention solution, AI/ML-driven form completion, and customizable workflows to ensure the highest privacy, security, and compliance for your digital transactions!

But while we live-and-breathe digital signatures, you might still be learning how digital signatures work and what benefits they might bring to your organization.  We can help! 

Below find some common questions we hear about digital signatures and short answers to get you started . . .

  1. 1. Are digital signatures legally accepted/enforceable like paper-based signatures?

Yes!  Back in 2000, the U.S. passed the Electronic Signatures in Global and National Commerce (ESIGN) Act along with the Uniform Electronic Transactions Act (UETA) granting electronic signatures the full strength and legality of paper-based “wet” signatures.  As such, digital signatures are valid in all 50 U.S. states, plus most countries around the world.

Beyond the United States, Australia’s Electronic Transactions Act, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), China’s 2004 Electronic Signature Law, the European Union’s Directive 199/93/EC, India’s Information Technology (IT) Act 2000, Japan’s Law Concerning Electronic Signatures and Certification Services, New Zealand’s Electronic Transactions Act, the UAE’s Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce, the United Kingdom’s Electronic Communications Act and subsequent Electronic Signatures Regulation 2002, all regulate and support the legal enforceability of digital signatures around the world.

  1. 2. Why do companies, governments, or other organizations typically switch from paper-based to digital signatures?

Public and private organizations move to digital signatures for many different reasons, for example:

  • Some switch to save the costs of paper-based document printing, copying, couriering, and storage
  • Some switch to speed transaction workflows, document signing ceremonies, and execution of legal agreements
  • Some seek to improve regulatory/quality compliance with the digital management of transaction and personal information
  • Some want to improve the privacy and security of documents and transactions through digital encryption and security protocols
  • Some aspire to improve customer/constituent experiences with digital and mobile operations
  • Some are looking for the competitive advantage digital operations bring with all these benefits

Why are you considering the move to digital signatures?

  1. 3. With digital signatures, how do we know the person signing is really who they say/are supposed to be?

While some digital signature platforms grant access via simple username and password, the industry standard is two-factor authentication and rapidly evolving to MFA with password-less logins.

With ZorroSign, we’ve integrated identity-as-a-service (IDaaS) technologies to verify users, for example:

  • ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities.
  • ZorroSign is the first to adopt password-less login amongst our digital signature competitors.
  • ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs, such as:
    • What you know (i.e., your ZorroSign login password),
    • What you have (e.g., your laptop or mobile device),
    • Who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.
    • Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature—provided by LexisNexis—which requires the knowledge of confidential information of the individual to prove that the person providing identity information is the actual person.

These technologies secure the endpoints of our private, permissioned Hyperledger Fabric blockchain architecture where only approved nodes (endpoints) are allowed to access our distributed ledger system.

  1. 4. How Does ZorroSign Use Blockchain and Web3 Technologies for Digital Signatures?

ZorroSign is the first company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation!

Since 2000, several technologies have come to market to deliver digital signatures, but when a distributed ledger technology—or DLT, such as blockchain—is used for digital signatures, signers gain the unique advantages of:

  • Privacy — with a private blockchain, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
  • Immutability — all records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
  • Security — all records are individually encrypted and distributed for better protection from phishing and ransomware attacks

ZorroSign was built from the ground up on Hyperledger Fabric to deliver digital signatures with the superior privacy and security of blockchain.

And we recently announced a partnership with Provence Blockchain to add their DLT to our architecture as well, effectively becoming a multi-chain blockchain platform.

Assuming contracts are critical to your business or organization, then a secure, reliable solution for contract lifecycle management (CLM) is imperative and blockchain supports CLM in amazing ways.

Strong CLM solutions must include visibility (a dashboard or overview of where individual contracts are in the life cycle), integration with communications and storage systems, automation (as few contracts start from scratch—most are iterations of previously created agreements), and of course change tracking to readily see how contracts changed during negotiations and what final version was executed by all parties.

With our blockchain architecture, ZorroSign’s platform unites and uniquely delivers:

  • Digital signatures via Z-Sign to quickly execute legally binding contracts
  • Patented Z-Forensics token to prevent fraud and tampering
  • Z-Flow workflow automation to quickly build templates and approval chains
  • Z-Fill leveraging ZorroSign’s artificially intelligent, machine-learning engine
  • Z-Verify to know exactly who signed what and when, with full validation of every document’s authenticity and immutability
  • Z-Vault to securely store contract and transaction records immutably on blockchain

ZorroSign’s platform can be accessed via PCs and mobile devices, allowing your legal department, operations and procurement teams, and sales teams to efficiently generate, negotiate, communicate, and sign agreements. And with our Z-Vault, contracts reside on an immutable document management system (DMS) where they can be saved, searched for, and managed easily from a single, intuitive user interface.

  1. 5. How Do Digital Signatures Meet International Privacy and Security Compliance?

At ZorroSign, we are proud to make the security and privacy of our customers’ data our top focus. 

Our unique combination of security architecture and data privacy functionality grants ZorroSign compliance across international standards for privacy and security, including but not limited to:

  • Canada:  The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada:  The Uniform Electronic Commerce Act (UECA)
  • EU:  Data Protection Regulation (GDPR) for data privacy and security
  • EU:  The electronic IDentification, Authentication and trust Services (eIDAS) regulation
  • India:  The Information Technology Act 2000 (IT Act of India)
  • International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
  • International Organization for Standardization (ISO) 27001 certified
  • PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
  • UAE:  Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
  • USA:  American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
  • USA:  California Consumer Privacy Act (CCPA)
  • USA:  Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
  • USA:  The Digital Millennium Copyright Act (DMCA)
  • USA:  The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
  • USA:  FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
  • USA:  The Health Insurance Portability and Accountability Act (HIPAA)
  • USA:  The Uniform Electronic Transactions Act (UETA)

We invite you to request a copy of our ZorroSign Security Brief for details on our private blockchain architecture, document storage and protection, and platform security measures.

  1. 6. How much does it cost to try digital signature software and learn if it’s right for me?

ZorroSign offers a free 14-day trial license to test out our features, securely sign digital documents, build templates and approval workflows, and store your transaction data on blockchain. 

No credit card required, visit our Free Trial page to get started!

ZorroSign’s YouTube Channel

In today’s global economy, there are lots of bad actors and threats to your digital information. Whether you work for a government agency, a business, an IT department, a law firm, a financial service provider, or just about any other organization generating and storing digital data, your information—and your customers’ or constituents’ information—must be protected.

“You need a trusted friend,” says Kevin Youngblood from Youngblood Works. “ZorroSign is built on blockchain and is the most secure platform available.”  See Kevin’s endorsement video at https://www.youtube.com/watch?v=YcM3KoA_qI4

Kevin Youngblood

ZorroSign’s U.S. headquarters in Phoenix, Arizona brings blockchain technology to U.S. companies, organizations, and individuals signing digital documents and executing transactions digitally.

“If you’re looking for a secure way to transact with third parties or multi-parties,” says Robert Vera from GCU‘s Canyon Ventures Center for Innovation and Entrepreneurship, “ZorroSign is that technology that you need to have confidence that your transactions are secure in today’s environment.”

See Robert’s endorsement video at https://www.youtube.com/watch?v=6vcTlYnRfiY

Robert Vera

If you’re ready to try ZorroSign’s multi-chain blockchain platform for yourself—for superior privacy and security for all your digital signatures and transactions—start a Free Trial today!

(Originally published in Tech Channel News)

Our CEO and co-founder, Shamsh Hadi, was recently interviewed by two technology news outlets—Tech Channel News and TahawulTech.com.

Tech Channel News helps C-level executives in India and Gulf identify technologies and strategies to empower and streamline business processes. Their portal at techchannel.news informs leaders of what’s new in tech and why it matters.

TahawulTech.com, published by CPI Media Group, is the definitive platform in the Middle East for IT content. Covering stories across enterprise technology, cybersecurity and the region’s IT channel industry, TahawulTech.com brings business leaders and technology decision makers together to share their stories of transformation.

Here are short summaries of those interviews and links to read the original pieces!

ZorroSign Making Waves in Digital Signature Space Using Blockchain Technology

In April 2022, Tech Channel News’ Naushad K. Cherrayil interviewed Mr. Hadi on how ZorroSign safeguards the privacy and security of digital documents, and provides an immutable chain of custody for digital transactions, for governments and organizations in the Gulf Co-operation Council (GCC) countries.

The article notes that there are “huge players in the digital signature space, but none of them have figured out how to cost-effectively map their legacy software in technologies and evolve it into Web 3.0 and blockchain solutions today.”

“We have solved all these problems,” said Hadi. “Successfully bringing blockchain to digital signatures—unlike other competitors, big and small, who simply tried to add blockchain onto their legacy software.”

The article explores ZorroSign’s roots in Dubai with development in Sri Lanka, moving the company’s global headquarters to Phoenix, and standing out from the crowd in a competitive eSignature space.

“Our platform was invented to move documentation, digital transactions from a relationship built on trust to a relationship built on truth, providing customers the ability to positively impact the environment with sustainable practices and securely transform their paper-based workloads to digital in a bid to remove errors and increase productivity,” Hadi added.

Tech Channel News uncovers how ZorroSign leverages blockchain’s zero-trust environment to support governments in the Gulf who are looking specifically for blockchain solutions, noting “two countries that are pushing forward are the UAE and Saudi Arabia.”

You can read Mr. Cherrayil’s full piece in Tech Channel News at https://www.techchannel.news/18/04/2022/zorrosign-making-waves-in-digital-signature-space-using-blockchain-technology/

Tackling Identity Theft

In May 2022, TahawulTech.com’s Anita Joseph interviewed Mr. Hadi on how ZorroSign not only provides digital signatures built on a blockchain architecture, but also integrates identity-as-a-service (IDaaS), biometrics, KBAs, and patented Z-Forensics token to prevent fraud and address identity theft risks.

Ms. Joseph also starts with ZorroSign’s founding in Dubai and how HH Sheikh Mohammed bin Rashid Al Maktoum’s Digital City Vision for Smart Dubai has been a guiding principle for ZorroSign—including his goal of a paperless life in the UAE by 2030.

The article then talks of identity theft and how ZorroSign technologies confront the issue: “Not only does our web3 platform leverage the cryptographic security capabilities of blockchain,” said Hadi. “But it also integrates Identity-as-a-Service technologies into our solution set to combat fraud, identity theft, and cyber-attacks.”

Security trends, cybercrime, and various cyber-attacks are discussed, as well as how distributed ledger technologies such as blockchain can help defend and/or recover from such attack vectors.  The article ends with ZorroSign’s plans for 2022 and early verticals benefitting from blockchain-based digital signatures.

You can read Ms. Joseph’s full piece in TahawulTech.com at https://www.tahawultech.com/industry/technology/interview-tackling-identity-theft/amp/

Learn more about how ZorroSign helps governments, companies, and individuals around the world with digital signatures and maintaining privacy and security with their digital transactions:  Contact us today or start your Free Trial.

ZorroSign team members, Cassidy Alexander, Kristen Harder, and Michael Jones were pleased to attend the ninth annual Cybersecurity Summit in Scottsdale on May 12, 2022, hosted by the Arizona Technology Council, Arizona Commerce Authority, and Arizona Cyber Threat Response Alliance (ACTRA).

The educational event provided an opportunity for government and business leaders to learn about the threats, vulnerabilities and consequences related to data security and privacy matters via panel discussions, keynote speakers—Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona, and John Davis (Major General, US Army, Retired), VP Public Sector at Palo Alto Networks—sponsors and other cybersecurity presentations.

Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona

Key Themes of the Summit

CISO Panelists

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.

https://www.zorrosign.com/media-press-room/zorrosign-announces-strategic-partnership-with-provenance-blockchain/

How does this blockchain architecture contribute to cybersecurity?

Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to any organization’s security stack, and brings the cybersecurity capabilities of blockchain to digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent)
  • Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)

Unlike any other digital signature solution, ZorroSign seals all our clients’ documents with the Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

To learn more about how ZorroSign helps companies and IT departments elevate data privacy and security, please contact us or start a Free Trial today!

Since 2013, the security world recognizes the first Thursday of May as World Password Day—promoting better password habits such as changing passwords, moving to more complex passwords, and turning on multi-factor authentication (MFA) to improve digital security.

In advance of this year’s World Password Day, ZorroSign is proud to remind our users that ZorroSign’s platform not only accommodates complex passwords and MFA, but also supports “password-less” logins!

How?

First, ZorroSign leverages the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans. Such biometric login facilitates password-less user authentication at the device-level for subsequent ZorroSign digital signatures and document management.

Further, our multi-chain blockchain platform can validate multiple dimensions of authentication based on the transaction security needs:

  • What you know — your ZorroSign login password or knowledge-based authentication
  • What you have — your PC or mobile device
  • Who you are — biometrics such as finger prints, eye iris on the device securing who can access it

ZorroSign’s dynamic knowledge-based authentication (KBA) feature—provided by LexisNexis—requires the knowledge of private information of the individual to prove that the person providing their identity information is the actual person.

With ZorroSign’s user authentication options, it is almost impossible for an imposter to sign a document on the ZorroSign platform, ensuring:

  • Legal Enforceability — Using digital signatures with real digital information
  • Signature Attribution — Incorporating high-level security provisions and multifactor authentication (including biometrics) to ensure signatory attribution to a specific user

To learn more about our password-less login capabilities and how ZorroSign provides superior privacy and data security with our blockchain platform, contact us today or sign up for a Free 14-Day Trial to see for yourself!

https://www.zorrosign.com/z-vault/

Block it down!  Now, you can count on regulatory compliance and the immutability of your signed documents within your stored data and workflow records on ZorroSign’s blockchain.

Z-Vault enables ZorroSign platform users to store, structure, organize and search documents in folders and subfolders natively, with the peace of mind that comes from superior privacy and security.

Digital Signatures on Blockchain

Since 2000, several technologies have come to market to deliver digital signatures, but when a distributed ledger technology—or DLT, such as blockchain—is used for digital signatures, signers gain the unique advantages of:

  • Privacy — with a private blockchain, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
  • Immutability — all records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
  • Security — all records are individually encrypted and distributed for better protection from phishing and ransomware attacks

ZorroSign was built from the ground up on Hyperledger Fabric to deliver digital signatures with the superior privacy and security of blockchain. And we recently announced a partnership with Provence Blockchain to add their DLT to our architecture as well, effectively becoming a multi-chain blockchain platform.

Z-Vault for Better Contract Lifecycle Management

Contract lifecycle management, or CLM, spans the entire process of generating contracts, the workflows of approving and negotiating changes to contracts, the signing (or executing) of the contracts, storing and archiving the executed contracts, plus tracking and audit trails to retrieve contracts and review their lifecycle of approvals, iterations, and signatures.

If contracts are critical to your business or organization, then a secure, reliable solution for managing the contract life cycle is imperative.

Key functionality to look for when assessing CLM solutions include visibility (a dashboard or overview of where individual contracts are in the life cycle), integration with communications and storage systems, automation (as few contracts start from scratch—most are iterations of previously created agreements), and of course change tracking to readily see how contracts changed during negotiations and what final version was executed by all parties.

ZorroSign’s platform unites and uniquely delivers:

  • Digital signatures via Z-Sign to quickly execute legally binding contracts
  • Patented Z-Forensics token to prevent fraud and tampering
  • Z-Flow workflow automation to quickly build templates and approval chains
  • Z-Fill leveraging ZorroSign’s artificially intelligent, machine-learning engine
  • Z-Verify to know exactly who signed what and when, with full validation of every document’s authenticity and immutability
  • Z-Vault to securely store contract and transaction records immutably on blockchain

ZorroSign’s platform can be accessed via PCs and mobile devices, allowing your legal department, operations and procurement teams, and sales teams to efficiently generate, negotiate, communicate, and sign agreements. And with our Z-Vault, contracts reside on an immutable DMS where they can be saved, searched for, and managed easily from a single, intuitive user interface.

Z-Vault Benefits

  • Superior privacy and security to PKI-based solutions using a centralized database
  • The latest privacy and security technologies, delivering powerful encryption safeguards
  • Secure, yet intuitively navigable and easily accessible (for authorized users) platform
  • Ability to share and review eSign and architectural drawings, adding your own comments
  • Time savings with access to specific folders and documents in seconds, no loss of records

ZorroSign Privacy & Security Compliance

Our combination of security architecture and data privacy functionality ensure your compliance across many international standards for privacy and security, including:

  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada: The Uniform Electronic Commerce Act (UECA)
  • EU: Data Protection Regulation (GDPR) for data privacy and security
  • EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
  • India: The Information Technology Act 2000 (IT Act of India)
  • International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
  • International Organization for Standardization (ISO) 27001 certified
  • PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
  • UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
  • USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
  • USA: California Consumer Privacy Act (CCPA)
  • USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
  • USA: The Digital Millennium Copyright Act (DMCA)
  • USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
  • USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
  • USA: The Health Insurance Portability and Accountability Act (HIPAA)
  • USA: The Uniform Electronic Transactions Act (UETA)

To learn more about Z-Vault and how ZorroSign can help you securely store contracts, data, and documents on blockchain, contact us today or start your 14-day Free Trial subscription!

It is no secret that cybercrime has skyrocketed within the last few years, in fact, cybercrime in the U.S. jumped by 55%. This increased risk drives a greater need for privacy and security, especially within IT companies and departments responsible for digital data and cybersecurity.

ZorroSign can help your IT company or department combat the elevated security risks with our digital transaction platform, built on blockchain architecture, and calibrate your company and customers for success!

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, offering peace of mind for your company’s and customers’ digital transactions, while preventing fraud and ensuring regulatory compliance.

How does this blockchain architecture contribute to ZorroSign being the best platform for IT companies?


Blockchain provides structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: First, by decentralizing the data set itself (preventing any one breach to access the entire data set); and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to your security stack, and brings the cybersecurity capabilities of blockchain to your company’s and customers’ digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token.

This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification); 
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent); and, 
  • Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

Unlike any other digital signature solution, ZorroSign seals all your documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

Your IT company or department gains peace of mind when you Z-Sign!

Cloud Configuration

On top of providing the security that your company and customers need, ZorroSign’s software-as-a-service (SaaS) model can be deployed in various cloud configurations, making it seamless to integrate into your existing platform.

Our multi-chain blockchain platform can be deployed in a public, private, hybrid, or on-premise cloud:

  • Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
  • In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
  • In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
  • On-premise deployments require your department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

Your IT company or department can scale and deliver data privacy and security aligned to your existing deployment architecture—as public, private, or hybrid as it may be!

To learn more about how ZorroSign helps IT companies and departments elevate your data privacy and security, please contact us or start your 14-day Free Trial today!

In a digital environment, transactions take place between people and organizations who may not know each other, and likely cannot verify each other’s identities using traditional, physical means.

Yet as the world moves more and more to digital transactions—exchanging real-world assets such as automobiles, financial instruments, goods and services, even real estate, to exchanging digital assets such as cryptocurrencies, in-game purchases, metaverse assets, NFTs, and even more in the years ahead—it becomes critical to verify exactly who signed what and when, with full validation of every transactional document’s authenticity and immutability, to prevent forgery, fraud, or tampering.

CNBC reports that “Sales of real estate in the metaverse topped $500 million last year and could double this year, according to investors and analytics firms.” And transactions in the metaverse were expected to cross $6 billion in 2021, according to India’s Business Standard.

To facilitate commerce in digital realms, ZorroSign is pleased to include the Z-Verify feature in our multichain blockchain platform to protect privacy, secure transactions, and prevent fraud.

Digital Signatures for Digital Transactions

To transact business, commerce, government operations, or individual trade in a digital environment requires legally enforceable digital signatures to prove agreement and intent. There are several technologies supporting digital signatures, but how do such solutions provide legal enforceability? 

  • They must ensure WHO is signing the legal documents via user authentication; plus,
  • They must ensure WHAT was signed (agreed upon) via immutable document control with full audit trail of changes for document verification; and
  • They must ensure WHERE, WHEN, and HOW digital signatures were executed in signing ceremonies via metadata captured on digital devices and digital network.

On June 30, 2000, then President Bill Clinton signed the Electronic Signatures in Global and National Commerce Act (E-Sign Act), establishing that electronic signatures have the same legality as traditional signatures on paper, and defined the criteria for legality. The legislation opened the door for digital transactions and digital commerce has boomed in its wake.

Digital Signatures on Blockchain

Since 2000, many technologies have come to market to deliver digital signatures, but when a distributed ledger technology—such as blockchain—is used for digital signatures, transaction parties gain the unique advantages of:

  • Privacy — with a private, permissioned blockchain such as Hyperledger Fabric, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
  • Immutability — all blockchain records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
  • Security — all records are individually encrypted and distributed for better protected from phishing and ransomware attacks

Perhaps most importantly, digital signature platforms that incorporate Identity-as-a-Service (IDaaS) can authenticate users across multiple dimensions, such as what you know (your login password), what you have (your laptop or mobile device), and who you are (biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Digital Signatures with Z-Verify

ZorroSign’s Z-Verify unites multi-factor authentication, the biometric capabilities of your hardware devices, the opportunity for password-less logins, and even knowledge-based authentication (KBA) features—requiring the knowledge of private information of the individual to prove that the person providing identity information is the actual person—to ensure each party to the digital transaction is who they claim to be.

Further, Z-Verify features allow ZorroSign users to maintain and review a chronological, immutable, real-time record of transactions: Ensuring the security and privacy of users’ information and that of the data itself!

Z-Verify Benefits:

  • Immutable attribution of the signatory of any document secured in ZorroSign
  • Globally accepted security certificates that never expire – unlike any competitive solution certificates
  • Secured by private, permission-based blockchain technology built on Hyperledger Fabric
  • Authentication, verification and validation of digital and paper versions of documents using our patented Z-Forensics token
  • Verification applies to internal (registered) and external (not registered) users alike!

To learn more about Z-Verify and how ZorroSign can ensure you know exactly who signs your digital documents, when they signed, how they signed, and what they signed has not changed—contact us today or start your Free 14-Day Trial subscription to test us yourself!

The way that the legal industry conducts business has changed drastically over the last few years, foremost due to the shift during the COVID-19 pandemic to a remote lifestyle. A recent survey by the American Bar Association shows that more than half of all attorneys are now working from home almost exclusively. This switch to remote work has caused the legal industry to look towards technology to move the bulk of their processes and workflows online.

With that industry shift in mind, here are three ways that ZorroSign helps to law firms, legal departments, and attorneys worldwide to thrive in an online environment!

Automation

Lawyers are often swamped with paperwork and the hassle of printing, signing, and scanning documents. While much of this work is important to the successful operation of legal services, future-thinking law firms and legal departments are identifying repetitive, manual processes and incorporating automation to drastically improve their workflows. This allows attorneys to spend more time on client development and for staff to become more productive.

Incorporating technology into your legal service workflows can expedite operations, accelerate growth, and increase the value of the services delivered to clients. When used strategically, technology can also free up your teams from mundane tasks and enable them to apply their expertise to higher-value work. As a result, law firms and legal departments become more efficient, innovative, competitive, and profitable.

ZorroSign’s blockchain platform allows firms to build and automate templates and approval workflows, ensuring compliance with business regulations while streamlining processes from a single dashboard. Our contract lifecycle management (CLM) capabilities support automation and help move attorneys to digital record-keeping, digital communications, and digital chains-of-custody.

Expanding Privacy Regulations

Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population. It is also expected that more state legislatures will enact privacy laws similar to the California Consumer Privacy Act (CCPA) which gives consumers more control over the personal information that businesses collect about them. Eventually the United States can expect a law that mirrors the EU’s General Data Protection Regulation (GDPR)—one of the toughest privacy and security laws in the world.

The increased demand for privacy has been driven by individuals’ demands for improved protection of their personally identifying information (PII), healthcare records, autonomy, and digital data privacy. Expanding regulations have pushed organizations to take the necessary steps to support data sharing, while preserving the privacy of those that they are working with and who are within their organization. All in all, organizations that choose to prioritize privacy have an opportunity to win greater loyalty and more business from their customers.

So how can ZorroSign help?

ZorroSign was created with the privacy of users in mind. Built from the ground up on blockchain technology for a zero-trust digital ecosystem, we deliver top notch security that has evolved to meet the legal enforceability needed in a court of law. ZorroSign is already compliant with CCPA and the EU’s GDPR policy—plus many Canadian, Indian, UAE, and United States data protection and privacy standards, ISO 27001 certification, American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit, and International Standard on Assurance Engagements (ISAE) No. 3402 Type II audited.

For the growing list of ZorroSign privacy and security standards, visit our recent blog on global compliance.

Transfer to the Cloud

While storing information on a hosted cloud server is not a new concept, the legal industry has been slow to migrate its data because of the security concerns that this presented. Telecommute work, however, has pushed legal organizations towards cloud solutions to better connect remote workers. The cloud’s cost-effective delivery of near-unlimited storage, paired with technology like blockchains, bridges the gap between the risk of remote connections and the need for elevated data security.

ZorroSign’s multi-chain blockchain platform can be deployed in a public, private, hybrid, or on-premise cloud, while ensuring your data and privacy and security needs are met:

  • Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
  • In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
  • In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
  • On-premise deployments require your law firm or department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

To learn more about how ZorroSign serves the Legal Industry, please contact us or start your 14-day free trial subscription today!

The Move to Digital

Since the invention of microchips and semiconductor transistors in the 1950’s, the world has moved steadily to more and more digital information. Computers for government, then computers for business, then home computers brought vast amounts of data into digital formats, and with the birth of the World Wide Web digital information has exploded in volume.

Today, we rely on digital documents for our business operations, our finances, our government, our healthcare, our legal system, and vast amounts of news and information—both personal and public. Trusting such digital documents is critical to ascertaining truth and accurately conveying facts.

“Documents comprise evidence, and are generally assumed to amount to evidence upon which the parties and the court can rely,” explains Helen Brander for Counsel magazine. “For every point that is made, one hopes there is a document to support that point.”

The Risk of Fraud

Throughout history, there have been various techniques to authenticate documents. In the pre-industrial age, it was common in Europe for someone to sign a document in ink and to then press a wax seal on the document to indicate the authenticity of that document. It was always possible, of course, that someone could tamper with the document and forge signatures, information, or the wax seal itself.

In the modern age, the United States has notary publics who can witness a person signing a document and endeavor to authenticate the signer’s identity by inspecting a driver’s license, passport, or other form of identification for that person. Again, the risk remains that it is possible to forge such identity materials, or alter the actual documents or signatures after signing.

More recently, with the popularity of electronic or digital documents, the digitization of business processes is taking place. In other words, from the creation of documents, to the signing of documents, to the storage and subsequent retrieval of documents, one or more steps may be conducted digitally.

For example, a document may be created on a computer and subsequently printed, signed with wet ink or electronically, then faxed, delivered via courier, or scanned into the computer and finally shared electronically via email or by using other file transfer mechanisms. Despite the technology advances, such documents can still be tampered with and signatures can be forged within this process as well.

“Detecting fraud within documents that have been digitally altered with graphics editors or ‘print-manipulate-scan’ evasion techniques requires more sophistication,” notes Martin Rehak in a Help Net Security article. “Often undetectable to human fraud specialists, building an automated solution requires specialist knowledge of the metadata and digital footprints left by scanning and printing devices.”

As such, modern digital documents require a level of security as evolved and nuanced as the technologies producing, storing, and sharing the digital documents themselves.

The Security of ZorroSign

Facing this historical need, ZorroSign has developed a unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
  • Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

ZorroSign’s patented Z-Forensics token is a tamper and fraud-detection seal for your digital documents, creating an unprecedented, immutable audit trail and complete chain-of-custody validation.

This revolutionary security system allows a validated user to create an electronic document, then allow one or more other users to complete and sign that document in a particular sequence—”the workflow”—all the while capturing the chain of custody and an audit trail of the changes made to the document by the parties in the workflow, such as recording key authentication, security and validation information when an action took place.

Unlike any other digital signature solution, ZorroSign seals all documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments. 

Only the Z-Forensics token:

  • Allows ZorroSign customers to manage permissions as to who gets to see what level of information about the transaction and the contract
  • Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
  • Can verify, validate and authenticate both digital and printed (paper) version of electronically signed contracts

Our Z-Forensics feature enables ZorroSign users to create a virtual seal for every uploaded document:  initiating a verifiable trail, tracking every step of a document’s journey through users, so that any attempts at tampering, fraud, revision or other alterations are immediately captured.

To learn more about Z-Forensics and how ZorroSign can help you prevent fraud with digital documents, contact us today!

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), more than 90% of all cyber attacks begin with phishing.

“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”

Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.

Phishing Attacks

In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”

“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”

This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.

“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”

“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” adds Crowdstrike.

Blockchain Cybersecurity Against Phishing

“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.

Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.

  • In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.

    Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates.  With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.
  • In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

    Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.

To learn more about blockchain as cybersecurity and how ZorroSign employs private, permissioned Hyperledger Fabric blockchain, visit https://www.zorrosign.com/z-forensics/secure-blockchain-technology/


Banks, credit unions, investment groups, lenders, and other financial service providers use ZorroSign’s digital platform to lower operating costs while protecting privacy and data security. Only ZorroSign pairs digital signatures with blockchain technology—delivering 21st century security to the age-old ceremony of signing agreements.

FINANCIAL SERVICES INDUSTRY NEEDS

Anyone managing technology for a financial services provider feels the stress of managing data, networks, and endpoint devices in a world where cyber attacks, regulatory compliance, and customer needs are changing quickly. 

To ensure their financial organizations are secure, compliant, and delivering easy to use customer-facing solutions, IT departments need the latest technologies but also proven solutions. ZorroSign is proud to protect financial services data—for customers, for regulators, and for the institutions themselves.

TRANSFORM YOUR FINANCIAL SERVICES WITH SUPERIOR SECURITY

Whether you’re a financial advisor or lender, a bank, credit union, or other services provider, you need fully compliant, automated, blockchain-level security and digital transactions you can trust. ZorroSign delivers:

  • Unbeatable user authentication, validation and privacy, with superior data and document security
  • A secure, paperless digital signature solution that’s easy to use, so you can “sign it and forget it”
  • Workflow automation that saves times and eliminates paper—streamlining approvals, signatures, and workflows
  • Error-free forms filled out and processed faster via artificial intelligence and machine learning

Financial institutions need privacy and security, but also need to know their technology solutions meet regulatory compliance.  ZorroSign’s platform is compliant with the Digital Millennium Copyright Act, UETA, the ESIGN Act, GDPR, plus ISAE 3402 Type II certified, SOC II Type 1 certified, and ISO 27001 certified while supporting HIPAA, ADA, WCAG 2.1, CCPA, New York SHIELD Act, and other standards varying country by country.

For banks, credit unions, and other financial service providers that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity.

As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

ADD IDENTITY-AS-A-SERVICES (IDAAS) TO KNOW-YOUR-CUSTOMERS (KYC)

Beyond digital signatures, ZorroSign delivers identity-as-a-service (IDaaS) to verify financial services users and support know-your-customer (KYC) requirements:

  • ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities
  • ZorroSign is the first to adopt password-less login amongst our digital signature competitors
  • ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.

Moving forward, ZorroSign will be adding further user verification capabilities, including integrations with U.S. driver licenses via state motor vehicle departments, verification via passports (with approximately 72 countries to start), other government-issued identities (with approximately 100 countries to start), and even tapping U.S. credit union databases for identity verifications.

Further, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.

We invite you to request a copy of our ZorroSign Security Brief to learn how our private blockchain architecture, document storage and protection, and platform security measures can support your financial service clients today!

Identity-as-a-Service (IDaaS) is a relatively new—and somewhat nebulous—concept in today’s market.  Gartner, a global research and advisory firm, has a category defined as “identity management as a service” but most Software-as-a-Service (SaaS) companies providing identity and identity management functionality tend to define IDaaS to their own strengths and capabilities, so it is hard to find a consistent definition.

 

Yet the world of digital data we engage today requires digital identities for access and operations. Using digital identities we can trust is at the heart of modern cybersecurity—and hacking, phishing, or stealing identity credentials is one of the most common attack vectors for cybercriminals seeking to penetrate digital systems. As such, IDaaS has a very well-defined need, if not yet a well-defined category.

 

What is IDaaS?

At a basic level, all IDaaS platforms are created to enhance online user experiences, secure access to critical enterprise applications, and reduce IT resource-related expenses with efficient identity and access management (IAM) and privileged access management (PAM).

 

“There’s no way around it: sound identity management is essential,” writes Mark Diodati at Gartner. “Without good IAM, you are at real risk for data breaches and denial of service attacks. And IAM is hard to get right.”

 

The overarching goal of IDaaS solutions is to ensure users are who they claim to be—and to give users access to applications, data, systems, or other digital resources as authorized by their organizations.

 

Why Organizations Need IDaaS?

Foremost, IDaaS solutions can improve data security and cybersecurity. Knowing with confidence who your digital users are can elevate privacy and security across all digital systems. With an estimated 81% of hacking-related breaches leveraging either stolen and/or weak passwords, effective IDaaS solutions can eliminate one of the most glaring gaps in cybersecurity.

 

For government agencies and public-sector organizations, IDaaS is quickly becoming a critical need. “Cyber attackers always target government agencies to gain access to confidential government data,” explains Markets and Markets™, the world’s largest revenue impact company, headquartered in Pune, India.

 

Another key advantage of IDaaS is operational cost savings. Provisioning IAM with onsite solutions can be expensive:  IT teams have to manage servers and software—purchasing, installing, upgrading, and managing backup data. Plus, onsite teams must shoulder the burden of monitoring network security and endpoint device management.

 

With IDaaS, however, costs can be minimized to subscription fees and administration. In one-ready example, secure single sign-on to applications can significantly reduce IT help desk costs related to password resets.

 

Besides security and savings, the ROI for IDaaS solutions can include improved user experiences with saved time via faster logins and fewer password resets. “Whether a user is signing in from open WiFi at an airport or from a desk in the office, the process is seamless and secure,” notes Fabrice Berté, director at Weborama.“The improved security can keep companies from facing a hack or breach that might topple their business.”

 

Today, Gartner defines key market drivers for IDaaS as access to SaaS applications, provisioning, managing, vertical communities, ensuring strong authentication, and gaining SaaS efficiency. And trends in IDaaS that Gartner reports include information breach concerns, the broader use of consumer authentication, and reverse-proxy WAMs.

 

“We’ve been talking about this for a very long time,” said Diodati in a CSO Magazine article. “But didn’t have the big data/analytics capabilities and the mobile platform architectures until recently.”

 

How ZorroSign Delivers IDaaS to Verify Users

While it used to be acceptable to grant access via username and password, the industry standard is two-factor authentication and rapidly evolving to MFA with password-less logins. Here are ways ZorroSign delivers IDaaS to verify users:

     *  ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities.

     *  ZorroSign is the first to adopt password-less login amongst our digital signature competitors.

     *  ZorroSign multifactor authentication (MFA) provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

 

Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.

 

These technologies secure the endpoints of our private, permissioned blockchain architecture where only approved nodes (endpoints) are allowed to access our Hyperledger Fabric distributed ledger. Hyperledger emerged as an open-source collaborative effort, hosted by the Linux Foundation, to advance cross-industry blockchain technologies and improve trust, transparency and accountability.

 

For governments, companies, and individuals that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. And built on a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

 

Moving forward, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.

 

Patented Z-Forensics Token

Finally, ZorroSign’s patented Z-Forensics (“4n6”) token is a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

 

ZorroSign’s Z-Forensics token securely reads the information from the secure ZorroSign servers so it can be accessed by the document originator or third parties (with permission from the originator) when requested. Only the Z-Forensics token:

     *  Allows ZorroSign to manage permissions as to who gets to see what level of information about the transaction and the document

     *  Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire

     *  Can verify, validate and authenticate both digital and printed (paper) version of electronically signed documents

 

Together, this dynamic and integrated set of technologies allows ZorroSign to provide unmatched privacy and security for our users. Our IDaaS capabilities augment our blockchain architecture to ensure users/signers are who they say they are and deliver trusted connections in a zero-trust environment.

 

Contact us today to learn more.

ZorroSign’s primary focus is the security and privacy of our customers’ data.

Our technology platform was built for the highest levels of security and compliance—from our blockchain architecture to our patented 4n6 token, to our multi-factor authentication—all ensuring our platform is compliant with dozens of international privacy and security standards.

BLOCKCHAIN ARCHITECTURE

ZorroSign has implemented its own secure instance of Hyperledger Fabric—the world’s most trusted blockchain technology, created by the Linux Foundation—using proprietary technology. This blockchain architecture is permissions-based and requires users to authenticate themselves before making requests to read or write into the distributed ledger (i.e., the “blocks” on the “chain”) or taking any action that adds to the blocks on the ledger.

As a private blockchain, ZorroSign can ensure privacy is always maintained, as only approved nodes (endpoint users) can write to ZorroSign’s blockchain—as opposed to public blockchains (like Bitcoin and Ethereum) where anyone can be an endpoint and write to the blocks. As a result, ZorroSign’s architecture has even tighter privacy and security than other blockchains. If users make a change to the information recorded in one particular block of a blockchain, they cannot rewrite that block—instead, the change is stored or recorded in a new block along with the date and time of the change, permanently capturing the chronological changes to the document.

Further, ZorroSign’s platform was based on the Sherwood Applied Business Security Architecture (SABSA)—a proven methodology for developing business-driven, risk and opportunity-focused security architectures. We leverage Defense in Depth (DiD) mechanisms, such as AI-based Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and border routers. Plus ZorroSign brings personally identifiable information (PII) data security, 24/7 monitoring, business continuity/disaster recovery policies, security logging and incidence response via Elastic search Logstash and Kibana (ELK), and Microsoft Intune for unified endpoint management.

PATENTED Z-FORENSICS TOKEN

The ZorroSign patented Z-Forensics token is a digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

The key benefits of ZorroSign’s blockchain and Z-Forensics token technology include immutability of chronological records, permissions-based private blockchain security and privacy of the users’ information (i.e., PII or PHI), fraud prevention, and lifetime escrow (as ZorroSign issues its own certificates that never expire).

MULTI-FACTOR AUTHENTICATION (MFA)

With the growing number of data breaches affecting user authentication, protecting one’s account credentials has become a top priority. Many solutions are now moving towards a Zero Trust model where the user must prove their identity. While it used to be acceptable to rely on a username and password, the current industry standard is two-factor authentication which is rapidly evolving to MFA with password-less logins.

ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors—validating what you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), and who you are (e.g., biometrics such as fingerprints or eye iris on the device, securing who can access it).

GLOBAL PRIVACY & SECURITY COMPLIANCE

This unique combination of security architecture and data privacy functionality grants ZorroSign compliance across many international standards for privacy and security, including but not limited to:

  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada: The Uniform Electronic Commerce Act (UECA)
  • EU: Data Protection Regulation (GDPR) for data privacy and security
  • EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
  • India: The Information Technology Act 2000 (IT Act of India)
  • International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
  • International Organization for Standardization (ISO) 27001 certified
  • PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
  • UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
  • USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
  • USA: California Consumer Privacy Act (CCPA)
  • USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
  • USA: The Digital Millennium Copyright Act (DMCA)
  • USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
  • USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
  • USA: The Health Insurance Portability and Accountability Act (HIPAA)
  • USA: The Uniform Electronic Transactions Act (UETA)

We invite you to request a copy of our ZorroSign Security Brief for details on our private blockchain architecture, document storage and protection, and platform security measures today!

U.S. law enforcement agencies such as police departments, sheriffs, probation offices, prisons, prosecutors, and district attorneys are relying more and more on digital records.  In serving the public, LE agencies need to ensure data privacy and security no matter if their records are paper or digital.

 

ZorroSign offers a technology platform built on blockchain to support law enforcement, including digital signatures, documents, workflows and archives to enhance the privacy, security, and efficiency of any LE administrative process.

 


“Law enforcement increasingly needs to have access to data residing in remote data centers, and investigators frequently face multiple barriers in this process.  As more data routinely collected by investigators have come to reside in remote locations, these barriers have become a growing challenge for stakeholders.”

 

~Michael J. D. Vermeer, Dulani Woods, Brian A. Jackson
Identifying Law Enforcement Needs for Access to Digital Evidence in
Remote Data Centers
(Rand Corporation white paper)


 

ZorroSign can help LE agencies with:

  • Digital signatures across personnel records, payroll, budgeting, contracts, and finances
  • Digital documents related to court commitments, jurisdictional and warrant transfers, and supporting depositions
  • Expediting the collection of Uniform Crime Reporting (UCR) statistics—providing officers in the field with an easy-to-use tool to scan licenses and automatically populate a digital ledger with all required UCR data
  • An immutable audit trail for all LE, administrative, and legal documents in digital formats

 

Chain of Custody

Perhaps ZorroSign’s greatest value to law enforcement is protecting the chain-of-custody.

 

According to a 2020 white paper issued by the National Center for Biotechnology Information (NCBI), “Maintaining the chain of custody should be considered a professional and ethical responsibility by those in charge of the evidence. It is imperative to create appropriate awareness regarding the importance and correct procedures of maintaining the chain of custody of evidence among the people dealing with such cases… it must remain in mind that it is the most critical procedure which ultimately decides the admissibility of evidence in the court of law.”

 

ZorroSign’s platform can place all aspects of evidence documentation—audit trail, chain of custody, documents and attachments, user authentication information, and digital signatures) on a private permissions-based blockchain to create an immutable and legally-binding record.  This ensures the highest levels of security are observed, all evidence is legally defensible, and gives LE agencies a high level of confidence in every step of the evidence documentation process.

 

Further, ZorroSign’s technology can easily be integrated into a law enforcement organization’s existing document management system—augmenting their ability to protect and secure all sensitive data, while delivering operational efficiencies that can lower costs and raise administrative productivity.

 

The Security of Blockchain Plus the Privacy of Hyperledger Fabric

Blockchains are a distributed ledger technology (DLT) using digital cryptography to secure information records (blocks) distributed across users (nodes) on peer-to-peer (P2P) networks.  They can be run publicly (open to anyone becoming a node, used for cryptocurrencies like Bitcoin) or privately (permissioned to limit who can become a node, used for business applications like Hyperledger Fabric).

 

ZorroSign’s platform is built entirely on a private, permissioned Hyperledger Fabric to protect identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through that data’s lifetime.

 

For LE agencies that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (users) can write to ZorroSign’s blockchain.

 

Uniquely, ZorroSign also uses a patented 4n6 (“forensics”) token—a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is digitally encrypted and contains all the details about the transaction including timestamps, user authentication, document, and attachments. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

 

Committed to the Men & Women in Blue

ZorroSign strongly supports the men and women in law enforcement who put their lives on the line every day to defend our communities and protect our freedoms.  ZorroSign has partnered with the National Law Enforcement Officers Memorial Fund (NLEOMF) and committed to 10% of ZorroSign’s sales to law enforcement be donated to the Memorial Fund.

 

 

We believe our digital signatures and document management solutions to be the most private, most secure available and we are eager to prove it for law enforcement.  Contact us today to learn more!

ZorroSign’s digital signature and document management platform not only brings the privacy and security of a private, permissioned blockchain technology, but our software-as-a-service (SaaS) model can be deployed in various configurations to meet your organization’s data security requirements.

 

Public Cloud SaaS

 

Our standard deployment is on Amazon Web Services (AWS) public cloud computing network.  This configuration benefits from AWS data centers and a network architected to protect your information, identities, applications, and devices.Built with the highest standards for privacy and data security, AWS is designed to help ZorroSign deliver secure, high-performing, resilient, and efficient infrastructure for our applications.

 

 

Two big advantages of ZorroSign’s public SaaS configuration are our simple pricing model and the ability for new customers to quickly sign-up, login, and start uploading and sending documents for signatures.  Pairing superior security with user-friendly operations, ZorroSign’s public cloud configuration is our most popular deployment.

 

Private Cloud SaaS

 

In ZorroSign’s private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization.  This fully managed service is ideal for financial services institutions or any organization requiring that your data resides only in servers where you have full control.

 

 

The benefits of private cloud deployments include unlimited API usage, complete control over privacy and security measures, a system configuration much easier to manage and maintain than on-premise deployments, plus the ability to implement custom ZorroSign features and functionality.  Private cloud deployments require that customers have IT and security staff trained to manage cloud networks, but ZorroSign works closely with such customers to ensure successful and secure configurations.

 

Hybrid (Public/Private) Cloud SaaS

 

Sitting between fully-public and fully-private cloud deployments is the option for a hybrid cloud configuration.  Here, storing your data on our private, permissioned blockchain can occur on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations.  We collaborate with your organization to configure the right mix of public self-service, scalability, and elasticity with private control and customization available with dedicated hardware.

 

 

Like a private cloud, hybrid cloud benefits include unlimited API usage and a system configuration much easier to manage and maintain than on-premise deployments.  Hybrid cloud deployments can be a strong option for financial services institutions, and ideal for healthcare organizations, law firms, legal departments, real estate firms, and other industries where data security is highly regulated.

 

On-Premise Configurations

 

Finally, for those customers who require both the ZorroSign platformand their data reside behind their own firewall or demilitarized zone (DMZ)—where a physical or logical sub network contains and exposes your organization’s external-facing services such as ZorroSign digital signatures, workflow management, and identity-as-a-service applications—we support on-premise deployments.

 

 

On-premise deployments require your organization to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes.  On-premise deployments of the ZorroSign blockchain platform can be ideal for government agencies and departments, critical infrastructure organizations, large financial institutions, and other organizations that prefer to fully manage their own IT infrastructure.

 

Whichever configuration your organization requires, ZorroSign has the staff, the architecture, and the deployment experience to ensure your data privacy and security needs are met.  To learn more about ZorroSign’s cloud configurations for various SaaS deployments, and how we deliver greater privacy and security for digital signatures and documents, contact us today!

Is your organization effectively protecting its information?

 

Happy Data Privacy Day! Or perhaps a more appropriate greeting: Is your organization employing information privacy best practices today . . . and everyday?

 

Data Privacy Day focuses on raising awareness among businesses, consumers, and families on the importance of protecting the privacy of their personal information online.

 

At ZorroSign, our corporate mission is to leverage blockchain technology to deliver a lifetime of security and privacy for your digital signatures and documents that is easy-to-use and legally compliant. Data privacy is one of our core values as we strive to provide the most trusted and secure paperless experience.

 

A Short History of Data Privacy in the United States

 

“In recent years, information privacy has emerged as one of the central issues of our times,” notes Daniel J. Solove in a George Washington University Law School publication on information privacy laws. “Today, we have hundreds of laws pertaining to privacy: the common law torts, criminal law, evidentiary privileges, constitutional law, at least twenty federal statutes, and numerous statutes in each of the fifty states.”

 

Solove traces privacy protections from early American census and government records, through post mail and telegraph communications, to personal papers and information. Then “the development of the computer in 1946 revolutionized information collection. Throughout the second half of the twentieth century, the computer revolutionized the way records and data were collected, disseminated, and used,” writes Solove and “the increasing use of computers in the 1960s raised a considerable public concern about privacy.”

 

Congress passed the Privacy Act of 1974 to regulate the “collection and use of records by federal agencies, and affords individuals right to access and correct their personal information,” then passed the Electronic Communications Privacy Act (ECPA) of 1986 which “protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.”

 

The 1990’s saw the rise of the Internet which changed the game for data collection, storage, and dissemination. Initially, the U.S. passed the Children’s Online Privacy Protection Act (COPPA) of 1998—which “prohibits unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children on the Internet”—then the Gramm-Leach-Bliley Act (GLBA) of 1999 defining personal identifying information privacy for financial institutions which expanded privacy policies across many industries.

 

The September 11, 2001 attacks on the United States initially brought challenges to data privacy as the USA PATRIOT Act of 2001 granted federal agencies greater power to collect personal information and expanded the investigative powers of law enforcement based on the Foreign Intelligence Surveillance Act (FISA).

 

At this time, “the U.S. doesn’t (yet) have a federal-level general consumer data privacy law, let alone a data security law,” notes Varonis, a cybersecurity company.

 

But individual states are taking up the cause for data privacy and—often emulating policies and practices set by the European Union’s General Data Protection Regulation (GDPR)—defining stronger privacy protections. For example, the California Consumer Privacy Act (CCPA) of 2018 (and copycat laws in other states such as Hawaii, Maryland, Massachusetts, New York, and North Dakota) gives “consumers more control over the personal information that businesses collect about them, including: The right to know about the personal information a business collects about them and how it is used and shared; the right to delete personal information collected from them (with some exceptions); the right to opt-out of the sale of their personal information;  and the right to non-discrimination for exercising their CCPA rights.”

 

Information Privacy Today

 

2020 was not a great year for world health or for data privacy. The news was filled with stories of data breaches, and the Great Supply Chain Hack of 2020 may haunt government data systems for years—“This is looking like it’s the worst hacking case in the history of America,” says one U.S. official. “They got into everything.”

 

In this climate of fear and risk, ZorroSign’s CEO and co-founder, Shamsh Hadi, has built a company culture where “trust is everything.” Private businesses, government organizations, educational institutions, legal departments, real estate companies, and many other industries trust ZorroSign technologies to protect their data and secure their information privacy.

 

Our private, permissioned blockchain platform is compliant with dozens of international privacy and security standards, including United States eSign Act, Uniform Electronic Transactions Act (UETA), Health Insurance Portability and Accountability Act (HIPAA), Americans with Disabilities Act (ADA) and Web Content Accessibility Guidelines (WCAG 2.1), the Federal Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian Provincial Uniform Electronic Commerce Act (UECA), the Information Technology Act 2000 (IT Act of India), and GDPR in Europe, and many more.

 

Request a copy of our ZorroSign Security Brief for details on our unique blockchain architecture, document storage and protection, and platform security measures or contact us today to learn how ZorroSign’s digital business platform can protect your data privacy!

“Modern digital technology that supports information sharing,

communication, collaboration, and learning are

central to daily living and to the function of government.”

~Teri Takai, Executive Director at the Center for Digital Government

 

Local governments in the United States such as counties, municipalities, and school districts serve the public with codified processes for business, education, health and safety, law enforcement, property development, transportation, utilities, and more. The sheer volume of legal agreements, licenses, permits, records, and reports are daunting to manage, and digital solutions are becoming more and more necessary to effectively administrate public services.

 

Further, local governments know the value of operating more efficiently both in cost-savings (by reducing administrative costs in paper, printing, reproduction, storage, etc.) and in resource allocation (by being able to serve more constituents with the same resources). Technology solutions that speed clerical work, reduce errors, and lower administrative costs can readily generate a return on investment for the public.

 

As local governments strive to move paper administration to digital environments, privacy and security become top priorities. Beyond simply digitizing forms, processes, and records, these government organizations must:

 

  • Validate end users as constituents engage digital public services
  • Authenticate digital data as it is moved between users and offices
  • Secure digital documents for storage, archiving, and retrieval—ensuring immutability with non-repudiation audit trails and post-execution fraud/tamper protection

 

Digital Benefits for Local Governments

The COVID-19 pandemic has accelerated local governments’ need to move to digital services.

 

“When offices were forced to close, many local governments were unable
to conduct business without physical access to legacy systems,
holding up everything from building permits to license renewals
and access to land records.”
~Doug Harvey, VMware Head of U.S. State & Local Governments & Education

 

As local governments add remote administration capabilities, the promise of digital transformation is tremendous. Large municipalities to the smallest administrative districts can leverage digital signature and document management software to protect the chain of custody (CoC) for documents and securely review, approve, archive, and retrieve:

 

  • Across-agency or inter-department agreements
  • Architecture and engineering drawings/schematics for construction permits
  • Benefits administration programs and processes
  • Certificates of occupancy
  • Court decrees and orders
  • Facilities management forms
  • Housing programs and building permitting management
  • Human resources processes (e.g., employment agreements, expense forms, payroll sign-off sheets, etc.)
  • Licenses for alcohol, auctions, business, construction, farming, plumbing, restaurants, retail, valet services, etc.
  • Logistics and procurement processes
  • Permits for building, carnivals and fairs, exhibit and trade shows, explosives, fireworks, gas, hazardous waste, hospitals, lumber, medical facilities, nursing homes, public assemblies, waste handling, etc.
  • Public health programs administration
  • Purchase agreements for public assets, products, or services

 

ZorroSign blockchain digital signature, a secure, encrypted platform provides a means for local governments to digitize records—eliminating duplication errors, streamlining clerical work, decreasing costs and time spent, and ensuring public record immutability for legal enforceability and transparency.

In today’s digital world, data privacy and security are critical. At ZorroSign, we are proud to put privacy and security at the heart of everything we do—including how we’ve built our digital transaction management (DTM) platform. With our private, permissioned blockchain foundation, our commitment to security and privacy meets important regulations and standards upheld by countries around the world. Here are some quick examples…

 

NORTH AMERICA

 

In the United States, there have been many laws and regulations enacted around data privacy and digital security, including:

 

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) set national standards for electronic health care transactions and codes, unique health identifiers, and security—ZorroSign DTM helps organizations meet HIPAA compliance.
  • The Digital Millennium Copyright Act (DMCA) of 1998 is an anti-piracy statute protecting digital rights management—ZorroSign’s digital signatures support DMCA.
  • In 1999, the Uniform Electronic Transactions Act (UETA) established the legal equivalence of electronic records and signatures, with paper documents and manually-signed (wet) signatures—ZorroSign digital signatures meet UETA compliance.
  • In 2000, the Electronic Signatures in Global and National Commerce Act (E-Sign Act) validated electronic records and signatures for commerce across states and countries—ZorroSign digital signatures fulfill ESIGN compliance.
  • The Sarbanes–Oxley Act of 2002 (SOX) set regulations for the financial practice and corporate governance of U.S. public company boards, management, and public accounting firms—ZorroSign DTM helps organizations fulfill SOX requirements.

 

In Canada, similar laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) defined how organizations can collect, use or disclose personal information; and the Uniform Electronic Commerce Act of 1999 (ULCC) regulated the provision and retention of electronic information, and the communication of electronic documents. Again, ZorroSign digital signatures meet both Canadian standards for privacy and security.

 

EUROPE

 

The European Union has enacted two major regulations for data privacy and security in the General Data Protection Regulation (GDPR) and Electronic Identification and Trust Services Regulation (eIDAS) of 2018. This elaborate set of rules and requirements are also met by ZorroSign’s digital signatures and DTM platform.

 

MIDDLE EAST

 

In the Middle East region there are two major laws that govern electronic signatures in the United Arab Emirates (UAE) and Saudi Arabia. ZorroSign meets the United Arab Emirates’ Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect. ZorroSign also meets the KSA laws in Saudi Arabia as governed by the Electronic Transactions Law, Royal Decree No. (M/8) 8 Rabi’ I- 1428H from 2007.

 

ASIA

 

In 2000, India passed a sweeping Information Technology Act, with further amendments in 2008, providing legal recognition for transactions performed by electronic data interchange, eCommerce, and digital signatures, plus rules for electronic records and certifying authorities. Again, ZorroSign DTM meets the security and privacy requirements of India’s IT Act.

 

UNMATCHED PRIVACY & SECURITY

 

While ZorroSign’s platform ensures compliance with these (and other) regulations around the world, we separate ourselves from our competition by going even further to protect our customers’ data and privacy. ZorroSign’s patent-pending blockchain architecture uniquely ensures:

 

  • Immutability—maintaining a chronological record of transactions in multiple copies on a ledger to avoid doubt or ambiguity.
  • Legal Enforceability—ZorroSign uses patented and legally-binding electronic signature with real digital information versus competitors who simply superimpose a flat image of a signature on a document… legally distinguishing intent to sign a document vs actually signing a document.
  • Signature Attribution—signatures are protected and validated using ZorroSign’s private permissioned blockchain, plus high-level security provisions and multifactor authentication (including biometrics) to ensure signatory attribution.
  • Fraud Prevention—our proprietary 4n6 token detects document fraud, document tampering and signature forgery (as a tamper seal that runs on the blockchain).
  • Lifetime Escrow—while competitors often use third-party digital security certificates that expire every two years, ZorroSign issues its own certificates that never expire for lifetime document escrow.

 

We are proud to be the digital signature solution of choice for organizations around the world committed to privacy and security.