Overview
Companies face many challenges today when managing all of the customer and sensitive data that they possess. Data volumes are exploding across endpoints, clouds, applications, storage, Big Data, IoT, digital services, etc.
Many companies lack the capabilities to scan, audit and protect the entire enterprise. Understanding the content of the organization’s data is critical for maintaining the strong security of the organization’s assets, complying with government regulations, and ensuring customers’ sensitive data is protected no matter where it is stored.
CipherTrust Intelligent Protection enables organizations to assess all of their data, discover and protect sensitive data, and classify data according to various data privacy laws, by using the CipherTrust Intelligent Protection solution with CipherTrust Data Discovery and Classification for finding and classifying sensitive data, and CipherTrust Transparent Encryption for encrypting that data.
This protects customer data, achieves compliance, and best practice requirements. It helps a company avoid devastating financial, legal and reputational consequences that can occur if an organization’s network is breached and sensitive data is stolen.
CipherTrust Data Security Platform enables CipherTrust Intelligent Protection by integrating the intelligent data classification and risk visualization capabilities of CipherTrust Data Discovery and Classification, and integrating it with the policy-based data at rest encryption capabilities of CipherTrust Transparent Encryption to provide adaptive protection to the company’s data.
Data Security Challenges
The CipherTrust Intelligent Protection solution solves a company's biggest problems including the following.
Lack of Visibility
Lack of visibility on where sensitive data resides, especially in the Cloud, and when a business has large volumes of data. This creates business risks because sensitive data is not adequately protected throughout the enterprise. Customers need to know that their sensitive data is protected.
Solution
Guarding top-level directories enables CipherTrust Intelligent Protection to automatically remediate all of the assets based on classification risk defined during data discovery.
Large Volumes of Data
Data continues to accumulate exponentially.
Solution
Organizations require an automatic process for understanding the location and the type of data they hold. CipherTrust Intelligent Protection offers Adaptive Protection. It applies the most appropriate remediation method automatically, based on the classification risk, thereby improving operational efficiency CipherTrust Intelligent Protection reduces complexity. It leverages an integration platform with common policies from a single vendor.
Compliance
Requirements are not being met because of the volume and lack of visibility.
Solution
CipherTrust Intelligent Protection streamlines compliance. It discovers and then remediates data in a single step, with no manual intervention.
Associated Roles
The primary users for CipherTrust Intelligent Protection fulfill the following types of roles in their companies:
Chief Information Security Officer (CISO)
Ensures security across the process, including the security of each data location and assisting in the interpretation and application of this process.
Chief Compliance Officer (CCO)
Aligns the process with laws and regulatory requirements. Monitors the entire process once implemented.
Data Protection Officer (DPO)
Aligns the organizational data protection goals. Monitors the compliance with privacy laws concerning the protection of personal or customer data, ensuring they are consistent with the data classification process defined.
Chief Information Officer (CIO)
Delivers information technology services that meet the requirements stated in this guide, are involved in the risk analysis and provide information for security planning and implementation.
IT
Configures the defined policies in the CipherTrust Data Security Platform.
Remediation Workflow
The following describes and illustrates the workflow for CipherTrust Intelligent Protection.
Illustration Steps
CTE admin: Creates a Policy, with a Classification-based Resource Set, on CTE Connector and applies the GuardPoint on the CTE agent.
CTE: CTE Agent scans the GuardPoint and uploads the list of files to the Thales Data Platform.
DDC admin: Adds a DDC data store with CipherTrust Manager on the server where the CTE agent resides.
DDC admin: Creates and Initiates a scan on the data store, at the specified GuardPoint, setting the scan path to the GuardPoint path, and enables remediation.
DDC: After the scan finishes running, DDC stores the scan results in the Thales Data Platform, including the classification for each of the files in the GuardPoint.
DDC: DDC Connector notifies CTE Connector that new scan results are ready.
CTE: CTE Connector notifies CTE Agent there are new classifications ready.
CTE: CTE Agent downloads the classification information from Thales Data Platform.
CTE: CTE Agent applies the security rules, to enforce access control, based on policy and classifications.
CTE: Encrypts each file according to the policy key rule. Each time a file is encrypted, the file’s status information is sent to the Thales Data Platform and updated.