Simultaneous converting, compressing, and encrypting is the basic principle on which FLAM operates. Since it uses a single pass and touches every byte just once, processor time plus I/O and therefore cost are kept extremely low.
Moreover, FLAM can control this process in a way making it look as if the respective application encrypts the data it creates und decrypts the data it processes without being aware of it. This allows meeting many security standards (like PCI DSS) ) without changes to the applications. This is particularly true with stored data basing on formats with high redundacy such as XML. They can be compressed by a factor of 10 or more and kept accessible but protected against manipulations, while this fact is entirely transparent to the application. Progam run times are thereby reduced proportionally, since our algorithms use less CPU time than the extra time it would take to write the uncompressed data to storage.
By means of the FLIES componens of FLAM the compressed and encrypted stored data can be managed in a simple manner. They can be rekeyed periodically, they can be searched, and combinations of results can be composed as needed. All this does not require access to the actual data contents. This allows building secure archives which can be operated by a third party (e.g. in a cloud) without any risk.
For encryption and compression several hardware acceleration for the different platforms are supported. For example on IBM mainframes ICSF and CPACF for cryptographic protection, ZEDC for compression or special instructions for character conversions are supported. This reduce the CPU consumption of FLAM to a minimum.