ENTERPRISE INFORMATION PROTECTION

All companies rely on privileged users to keep their operations running smoothly and to help complete critical transactions. A “Privileged User” has traditionally been defined as someone, like an IT administrator, who has access to networks, applications, and data that go far beyond their own job responsibility. These users are essential in performing routine backups, maintaining the state of the company’s hardware, software, and information, giving or restricting other employees’ access as is needed, and much more.

Over time, as businesses have become far more data oriented, the definition of a privileged user has expanded well beyond just IT administrators. Due to the greater need to share information, new regulations, and segregation of duty rules, the definition of a privileged user must now be expanded to include: senior managers, key line of business managers, engineers, designers, and even the accounting team when considering SOX compliance. Privileged users have become anybody that has 'proper' accessto your These privileged users are the ‘policeman’ of any company’s data infrastructure. They keep operations secure and running smoothly. In today’s business world, where data has become critically important, there is increasingly a need to monitor, guide, and ‘police the policeman.’ Privileged users, with their extended access, are concurrently a key to keeping data secure and a major potential risk to data security.

Because of this duality, a security solution that encompasses privileged users must be one that is effective without being burdensome or restrictive. Cumbersome solutions can slow down the valuable processes that privileged users are put in place to enable. Historically, businesses have tried a number of ineffective methods to ‘police the policeman:’

1.) Do not put in place security policies or solutions and rely on the integrity of the privileged user.

• Problem - A very small minority of users are dishonest or malignant but the actions of even one individual can lead to staggering losses.
• Problem - Bad things can happen to good people. One lost laptop, USB device, or password can make headline news with regards to intentions.

2.) Apply written company policies and enforce them through manual internal audits.

• Problem - Though this approach may meet minimum compliance standards and though it may mitigate risk on some level, it is not a preventative approach. Audits are time-intensive, expensive, and may well occur long after the problem has happened.
• Problem - Honest users will often work around restrictive policies and controls with no bad intentions simply to save time, putting sensitive data at risk.

3.) Deploy network-based security technology, monitoring of privileged user traffic, or encryption.

• Problem - Network solutions often miss encrypted or “tunneled” data traveling over the network. Knowing these limitations, privileged users can easily defeat the system.
• Problem - Technology designed to monitor traffic is unable to monitor or prevent “point of risk” activity such as copying to local drives, USBs, CDs, or DVDs.
• Problem - Broad encryption solutions are both cumbersome and ineffective, often blocking out well-intentioned users and letting in mal-intentioned privileged users.

Verdasys Digital Guardian addresses all these problems. Using data-level monitoring and control, Digital Guardian is able to identify sensitive data and apply controls to that data based on the user or user group. For instance, employees with a business need to see certain sensitive information would be given full access to those files. Administrators needing access to that same information in order to back it up can do so, however if they attempt to open the files, they would them as encrypted. Users with no business need to access the files would be blocked from opening, moving, renaming, or deleting them entirely. Coupling content and context sensitivity with policies based on the user, Digital Guardian can apply intelligent controls that protect data while enabling privileged users to do their jobs without restriction. This dynamic protection allows increased collaboration and eliminates cumbersome data protection policies.

With Digital Guardian, automated compensating controls can be enforced across different types of privileged users with centrally managed security polices defined at the group or individual user level. Digital Guardian's unique and proven agent-based architecture mitigates the risk of potential data loss or compromise by privileged or inside users, while enabling those same users to have greater access to the sensitive data required to complete their tasks.

UNIQUE CAPABILITES

• Host-based monitoring, both on and offline - takes action before the data is compromised.
• All users are monitored and all activity is recorded and auditable - even privileged user activity, including real-time alerting to appropriate managers.
• Segregation of duties through access and usage controls.
• Complete audit records of all privileged users.
• Invisible, hardened, very difficult to defeat agent architecture.
• Deterrence of risk activity through real time warning and justification prompts.
• Privileged user monitoring on older legacy, mainframe or custom applications utilizing the Digital Guarding Application logging and masking module.