Overview
Companies face many challenges today when managing all of the customer and sensitive data that they possess. Data volumes are exploding across endpoints, clouds, applications, storage, Big Data, IoT, digital services, etc.
Many companies lack the capabilities to scan, audit and protect the entire enterprise. Understanding the content of the organization’s data is critical for maintaining the strong security of the organization’s assets, complying with government regulations, and ensuring customers’ sensitive data is protected no matter where it is stored.
CipherTrust Intelligent Protection enables organizations to assess all of their data, discover and protect sensitive data, and classify data according to various data privacy laws, by using the CipherTrust Intelligent Protection solution with CipherTrust Data Discovery and Classification for finding and classifying sensitive data, and CipherTrust Transparent Encryption for encrypting that data.
This protects customer data, achieves compliance, and best practice requirements. It helps a company avoid devastating financial, legal and reputational consequences that can occur if an organization’s network is breached and sensitive data is stolen.
CipherTrust Data Security Platform enables CipherTrust Intelligent Protection by integrating the intelligent data classification and risk visualization capabilities of CipherTrust Data Discovery and Classification, and integrating it with the policy-based data at rest encryption capabilities of CipherTrust Transparent Encryption to provide adaptive protection to the company’s data.
Data Security Challenges
The CipherTrust Intelligent Protection solution solves a company's biggest problems including the following.
Lack of Visibility
Lack of visibility on where sensitive data resides, especially in the Cloud, and when a business has large volumes of data. This creates business risks because sensitive data is not adequately protected throughout the enterprise. Customers need to know that their sensitive data is protected.
Solution
Guarding top-level directories enables CipherTrust Intelligent Protection to automatically remediate all of the assets based on classification risk defined during data discovery.
Large Volumes of Data
Data continues to accumulate exponentially.
Solution
Organizations require an automatic process for understanding the location and the type of data they hold. CipherTrust Intelligent Protection offers Adaptive Protection. It applies the most appropriate remediation method automatically, based on the classification risk, thereby improving operational efficiency CipherTrust Intelligent Protection reduces complexity. It leverages an integration platform with common policies from a single vendor.
Compliance
Requirements are not being met because of the volume and lack of visibility.
Solution
CipherTrust Intelligent Protection streamlines compliance. It discovers and then remediates data in a single step, with no manual intervention.
Associated Roles
The primary users for CipherTrust Intelligent Protection fulfill the following types of roles in their companies:
Chief Information Security Officer (CISO)
Ensures security across the process, including the security of each data location and assisting in the interpretation and application of this process.
Chief Compliance Officer (CCO)
Aligns the process with laws and regulatory requirements. Monitors the entire process once implemented.
Data Protection Officer (DPO)
Aligns the organizational data protection goals. Monitors the compliance with privacy laws concerning the protection of personal or customer data, ensuring they are consistent with the data classification process defined.
Chief Information Officer (CIO)
Delivers information technology services that meet the requirements stated in this guide, are involved in the risk analysis and provide information for security planning and implementation.
IT
Configures the defined policies in the CipherTrust Data Security Platform.
CIP Workflow
The following describes and illustrates the workflow for the CipherTrust Intelligent Protection.
Illustration Steps
CTE Admin: Creates a Policy with a Classification-based Resource Set on the CTE Connector.
CTE Connector: Applies the GuardPoint on the CTE Agent with policy created by the CTE Admin.
CTE Agent: Scans the GuardPoint, and uploads the list of files metadata to the Thales Data Platform (Hadoop).
DDC Admin: Adds a DDC Data Store with the CipherTrust Manager on the Local Storage or Network Server.
DDC Connector: Creates and initiates a scan on the Data Store at the specified GuardPoint, setting the scan path to the GuardPoint path, and enables remediation for the selected classification tagged files.
DDC Agent: Scans the GuardPoint path and stores the scan results in the Thales Data Platform (Hadoop), including the classification for each sensitive file in the GuardPoint, after the scan finishes.
DDC Connector: Notifies the CTE Connector that new scan results are ready.
CTE Connector: Sends the DDC Connector notification to the CTE Agent.
CTE Agent: Fetches the classification information from the Thales Data Platform (Hadoop) for each file in the GuardPoint.
CTE Agent: Applies the security rules to enforce access control, based on policy and classifications. Also, encrypts each file according to the policy key rule.
CTE Agent: Sends the status information of the file to the Thales Data Platform (Hadoop) each time a file is encrypted.