Identity-Centric Data Security
‘Identity-Centric Data Security
At one time, data security was considered simple; data was stored within a perimeter with only one managed and monitored egress point and Data Loss Protection (DLP) was invented to protect devices, which developed to protecting files.
Most security teams would agree that DLP does stop breaches but also generates large volumes of work to determine right or wrong, good or bad and thus, the operational overhead is high. As such, DLP has been the holy grail of risk mitigation for many years but has been out of reach for most organisations.
These challenges are why Secrutiny believe in an identity-centric approach to data security:
- Unlike existing data security solutions, protection is not defined by device or network or location or data classification but by user groups and identities.
- No longer are we looking at files, but the data itself. If we look at data then it doesn’t matter where it goes, or in what format, because the data inherits the previous protection.
- As the approach is built upon data rather than file classification, the system can discover data across the enterprise, this is how we bring sensitive data back under control.
- An identity governed approach does not change how the user interacts and collaborates.
How Does It Work?
Device, Location or Network vs Identity
You have a team designing the next big thing, they sit in a group within the identity store (normally active directory, but can be any identity system).
Everything within the group is protected – if they send data to their personal email, another employee, or a third party it cannot be read, unless the group owner or authorised people within the group allow the collaboration – by extending the group to include them. Once the person is authorised they can then collaborate either online or on their device. If they are removed from the group, the data becomes unreadable again.
The best part? All of this activity is tracked and evidenceable.
Classification vs Data DNA
If the system detects data DNA residing on users machines that are not part of the original group or extended group, then the data becomes encrypted and access has to be granted by the data owner or authorised person in the group.
Now we can reduce data loss risk from the volumes of existing data!
Limited Usability vs Transparency
The final piece to the jigsaw is empowering the users and not inhibiting their day to day tasks.
If the design team collaborate with a third party through an unsactioned app (the corporate says O365 but they are using dropbox) then they don’t have to change.
The data stays protected no matter how or where it is shared – it’s data protection NOT file protection!
HOW DOES AN IDENTITY-CENTRIC APPROACH COMPARE?Discover how an identity-centric approach to data protection compares to other data security and access control solutions across three key IT considerations. Download Now
Benefits and Features
Always Tracked; Retractable; and Portable
Network and Application Aware
Invisible Encryption Layer Doesn't Impact User Behaviour
Meet Encryption, Access and Auditing/Reporting Requirements
Lost your laptop?
Simply remove the device from the group and the laptop will no longer have access to any of the protected data stored within it.
Cloud storage provider compromised?
Access rights follow the content regardless of where the content goes so users and devices outside of the group will not have access to the protected data stored with the cloud.
Mistakenly sent sensitive information to the wrong person?
Unless the recipient has been added to the group, they will not have access to the data.
Victim of a Ransomware Attack?
Ransomware will never be able to access the contents of protected files. Files and content are allowed to flow while protected, and centralised control is retained.