|
A risk based, data centric approach to security is a paradigm shift away from traditional "network or system" centric security. It is instead a combination of process and technology that focuses on information flow across business processes and human interactions. Its goal is to create and sustain a flexible, ongoing and continually improving security process that recognizes and reacts to changes in the internal and external environment and enables, not disables, business processes.
The traditional network or system based approach to security continues to fail to protect sensitive data. For companies to substantially reduce the risk of information loss, they need to take a risk based, data-centric approach security. In other words, it's about the data and understanding:
-
What sensitive data exists, and where it is located
-
What user is taking what actions with sensitive data
-
Where is the sensitive data going
-
What controls are needed to mitigate the risk of the users actions
With this holistic understanding, or data-centric "visibility," organizations can, for the first time and in a meaningful way, define and apply data security policies to users who interact with sensitive data including "privileged users", contractors, outsourcers and partners.
Digital Guardian data protection software offers uniquely flexible models for delivering automated data security controls to users. These risk appropriate warnings can be configured to enforce corporate polices, offer alternative approaches to completing tasks including forcing security system usage like VPNs or automatic encryption of emails or files, reinforce training of compliance rules like HIPAA and PCI and deter improper activities. All of these control implementations occur before the data is put at risk. Once the improper action on sensitive data on the network, on a device or in a web mail is taken - the information is compromised. Warnings, justifications and blocks, to meaningfully prevent data loss must occur before action is taken.
 |
Digital Guardian Block
Alert users that they have violated security policy and their actions have been blocked and recorded. Block risky actions before they occur.
Digital Guardian Reminder Control
Reinforce good behavior in an enabling model. Deliver real-time user training on corporate and regulatory policy.
Digital Guardian Warning Control
Warn users of potentially risky actions before they are carried out. Deter by announcing their actions have been recorded. Optionally force users to take responsibility for their actions with justifications that also offer feedback to Security Managers. |
The Foundation to Enable Business
When Digital Guardian is implemented and a data security process put into action, companies can move beyond the traditional notion of data security as "prevention" to data security as a business enabler.
Unlocking Sensitive Data – Enabling Business
Digital Guardian data protection software is the cornerstone of your security technology and when integrated into a data-centric security process becomes the foundation of enabling business agility by unlocking your sensitive business information and putting it to work. The foundation, the integration of Digital Guardian and a data centric security process enables:
-
Visibility to sensitive data and its usage across the enterprises
-
The creation and implementation of automated data security policies, rules and controls within the context and support of your business processes and not as preventive security.
Employees, contractors, partners and outsourcers are alerted proactively and in real-time to high risk behavior, trained to understand compliance and corporate policy violations and offered alternative and preferred processes to complete their tasks. With the security foundation in place, companies can implement uniform and meaningful protection for intellectual property, privacy information and company secrets through our data protection software. This data is protected against loss or compromise from and by:
-
The insider threat and improper privileged user activity
-
Threats and risks associated with sharing sensitive data with third parties
-
Risks created by users due to poor process, lack of training or policy awareness
As companies mature their data security process and implement risk mitigating controls across the extended enterprise, line of business and operations managers are able to share previously “locked down” data in more collaborative environments enabling increased business agility through not only improved new product research, design and manufacturing but also improved cost management as they confidently and in provable compliance share privacy data with lost cost off-shore outsourcers. |
