Fasoo Data Security Framework

Transcription

1 Fasoo Data Security Framework

2 Needs for New Security Framework Significant data breach related news is continuously making headlines, and organizations involved in such breaches have suffered irreplaceable loss of intellectual property, losing customer and business partner trust, incurring considerable fines, decreasing revenue or profit or dropping in share prices. Although most organizations are constantly investing their time and efforts in information security, security related issues are happening repeatedly, and threats remain as substantial risks to organizations. In today s rapidly changing IT environment, an information security model that emerged in the early days of the Internet does not work as well as it used to. Conventional approaches have been based on the belief that information security is all about protecting network and system boundaries. However, as cloud computing and mobility are blurring the boundaries of an enterprise, defining the boundaries of a corporate network has become difficult or even meaningless. This disruptive change in the IT landscape is one of important reasons why a new security framework is required. Another reason for a new framework is to confront increasing insider threats. Traditionally, insider threat management was always on the top of the priority list for many organizations general security practices, but it has been often ignored in information security, relying on security guidelines and regulations without proper technical measures. There have been some technical measures to prevent insider threats, but most fail to mitigate insider threats. For example, enhanced perimeter based solutions like data loss prevention have been unable to stop data leaks by insiders who have gained access to the data through legitimate business activities. To be effective against insider threats, organizations are seeking a new approach and framework that is capable of enforcing persistent security policy on data, as well as the traditional security practices that include user training and background check. In addition to cloud, mobile and insider threats, advanced persistent threat (APT) has become the latest concern of CISOs. As cyber-attacks are constantly diversifying and evolving, it has become a complicated game of cat-and-mouse, and often times hackers are one step ahead in the game. There have been many efforts to detect and mitigate APT. However, it has been difficult to prevent and detect APT even after penetration, leaving organizations vulnerable to data breaches. In fact, organizations should implement a security framework that assumes your network will be penetrated, your systems infected by malware, and your data stolen. Cloud and mobile computing, insider threat and APT are forcing organizations to review and re-shape existing security frameworks to overcome challenging security issues and prevent data breaches. Fasoo Data Security Framework Fasoo The Fasoo data security data security framework framework helps organizations helps organizations to facilitate to exceptions to minimize productivity issues. Data security policies and facilitate enhance and enhance their information their information security security framework framework based based on a are constantly challenged by the unpredictable nature of data data-centric on a data-centric security security model model with with people-centric policies in usage in in a a business environment. Fasoo The data Fasoo security data framework security multi-layered approaches in complex and ever-diversifying supports framework the supports dynamic dynamic binding of binding policy with of policy rich context with rich and context allows enterprise IT environments. environment. exception and allows on-demand exception or on-demand through approval. or through The framework approval. offers The a framework unique methodology offers a unique to adjust methodology and optimize to adjust existing and optimize security Data-centric security model policies existing by security analyzing policies variation by analyzing of exception variation ratios of among exception groups. ratios In a new security framework, organizations should apply a security among groups. policy to data itself rather than controlling access to networks and systems. Within organizations, unstructured data causes lots of Multi-layered approach security issues since it is constantly being created and used by A security framework that has a data-centric security model with many different users, moved travels and stored is stored in multiple in multiple locations locations while people-centric policy may not be secure enough if it has only a while structured structured data data is generally is generally stored stored and and managed in in secure single layer of policy of policy enforcement. enforcement. The reasons The reasons are that exceptions are that environments. Therefore, it is not easy to design a security model are exceptions inevitable are in inevitable a dynamic in business a dynamic environment, business environment, and exclusions and for data, unstructured data. Organizations should incorporate a can exclusions be easily can found be easily in found real implementations. in real implementations. Exceptions Exceptions are a security policy not only for to data at rest or in transit, but also in use. temporary are a temporary deviation deviation from policy, from and policy, exclusions and exclusions are an exemption are an Fasoo The Fasoo data security data security framework framework allows organizations allows organizations to protect, to from exemption applying from security applying policy. security Fasoo policy. data The Fasoo security data framework security control protect, and control trace and their trace data their based data on based a data-centric on a data-centric security security model consists framework of a consists three-tiered of a suite three-tiered of solutions suite to of strengthen solutions to information strengthen no model matter no matter where where it actually it actually resides. resides. This This enables enables organizations to security. information Fasoo security. Enterprise The Fasoo DRM Enterprise (FED) suite DRM plays (FED) a pivotal suite role plays to to implement effective effective file-level file-level security security policies and policies granular and permission granular enforce a pivotal security role to enforce policy on security data among policy three on data layers among of data three protection. layers control permission for all control data types for all and data along types its and lifecycle. along its lifecycle. At of data the front-end, protection. Fasoo At the front-end, edata Manager Fasoo edata discovers Manager and discovers classifies the and data, classifies re-assure the data, to reapply policy policy to the to the data data unprotected due due to People-centric policy policy to policy exceptions and exclusions. and exclusions. At the back-end, At the back-end, Fasoo RiskView Fasoo A security policy on data should maintain a balance between enables RiskView organizations enables organizations to manage risks to manage holistically risks by collecting holistically and by security and and productivity to allow to allow users to users perform to business perform operations business analyzing collecting and logs analyzing of data usage logs of and data various usage sources and various that sources can be without operations interruptions without interruption since access since to access data occurs to data on occurs multiple on useful. that can Multi-layered be useful. approach This multi-layered enhances approach and completes enhances security and devices multiple devices by different by different users throughout users throughout its lifecycle. its lifecycle. This This why is level completes of the an framework. organziation s security framework. security why security policy policy on on data data should be be people-centric. The policy should be flexible and dynamically enforceable based on rich Fasoo The Fasoo data security data security framework framework is ideal for is a diversified ideal for a collaboration diversified context including content, user, device, time, location, etc. Even environment collaboration environment in the cloud in and cloud mobile, and mobile, effective effective for insider for insider threat though a flexible policy is in place, organizations need to allow management threat management and as and a last a last resort resort against against possible APT. APT.

3 Fasoo Data Security Solutions Fasoo data security solutions enable organizations to implement a data-centric security model, people-centric policy and multi-layered approach. Other Systems Fasoo edata Manager helps organizations discover its unstructured data residing on endpoint devices and in repositories, and then classify and protect data using FED or simple data encryption according to the organizations security policies. Fasoo edata Manager enables organizations to: Discover data residing on endpoint devices and in repositories Classify data based on content patterns defined by regular expressions Protect data using FED policy or simple data encryption Generate various reports required by regulations and compliance for data governance Based on the organizations confidentiality requirements, the FED suite controls who can access data on what device, when, and in what context. FED also allows organizations to track both authorized and unauthorized access to data, send alerts where necessary, and respond to data security triggers to prevent a possible data breach. Organizations can review security policies by analyzing exceptionally authorized access to data, and optimize them by comparing (minimizing) variation of the exception ratio among groups. Fasoo Enterprise DRM enables organizations to: Provide persistent data security throughout its entire lifecycle Enable cross-platform and multi-device support with extensive application coverage Restrict unauthorized copy and paste attempts of protected content Prevent unauthorized screen capture attempts while protected documents are in use Enforce the policy of protected documents on its derivative files Limit file access using validity time/period or device ID Revoke access of protected documents when required Leverage existing repository ACLs by integrating with backend systems Enforce policy when data is being created on PCs Authenticate unmanaged external users efficiently using validation Provide innovative methodologies for security policy optimization Fasoo RiskView offers visualization of risks based on correlation modeling by comparing logs of authorized data usage and various sources that can be useful. Fasoo RiskView enables organizations to: Collect logs of FED, Fasoo edata Manager and other various systems Analyze statistics of retention and usage of sensitive data Define a risk index based on multiple data breach related scenarios Visualize a risk index of users and groups Help business managers determine level of intervention for risk management

4 Encrypt and control your sensitive data with Fasoo Enterprise DRM Last resort against insider threats and APT Enterprise Digital Rights Management Enterprise Digital Rights Management (EDRM) is the most advanced file-based security solution that allows organizations to protect, control and track sensitive documents containing intellectual property, trade secrets, personally identifiable information, and more. In contrast with conventional security solutions that protect information at the network or system level, EDRM protects information itself persistently while it is stored, being used, being transmitted, and even after transmission throughout the entire document lifecycle. EDRM is the only effective solution against document leaks by authorized insiders and malicious outsiders. With EDRM, organizations can safely share confidential documents internally and externally, liberating their business without any concern about unintended information loss. Advantages of Fasoo EDRM Fasoo EDRM enables organizations to protect documents persistently on any device at any time throughout the entire document lifecycle. It protects almost any document format, including ordinary office documents, graphics, images and engineering drawings. Fasoo EDRM is not limited to the PC platform as it is also available on mobile devices such as the iphone, ipad and Android devices. For each document, Fasoo EDRM can control granular permissions such as view, edit, print, print watermark, screen watermark and screen capture. Further constraints can be imposed, such as the number of devices, valid access period and number of times a user can access the document. Fasoo EDRM can meet the various security requirements of the different stages in the document lifecycle. Enterprises have deployed lots of application systems to share documents internally. Documents, however, become out of control and vulnerable to loss once downloaded or checked out from application systems such as ECM, ERP, SCM, CRM, PLM, EHR and more. Fasoo EDRM can easily integrate with existing systems to protect downloaded content. It is also equipped with a patented -based authentication technology to protect documents shared externally with partners or customers. Even documents created and used on PCs and mobile devices can be secured by Fasoo EDRM before they are shared internally. Printouts and screens can be overlaid with dynamic watermarks. They help to trace the source of a potential data breach and make users more cautious about handling their printouts and taking pictures of their screens. Fasoo has transformed EDRM to set security policy automatically according to the content of document. This enhanced capability makes it smarter and easier to use. The policy can be adjusted without user intervention based on access time, device location and document usage history. This context-aware feature makes EDRM more secure without impacting usability and lessens the administrative burden significantly. By collecting and analyzing log data intelligently in real time, Fasoo EDRM can assess and optimize security policies to balance security and productivity, while alerting administrators to irregular or unusual user activities. Fasoo EDRM has become a core security infrastructure component for organizations and seamlessly integrates with the disruptive changes in enterprise IT environments. We Secure Your Data PC Server Mobile Cloud Printer

5 Key Differentiators of Fasoo EDRM Proven to scale within some of the largest enterprise environments in the world Breadth of solutions with ability to handle various enterprise requirements with 15+ years of EDRM focus Flexible data protection policy and authentication models designed to cover full document lifecycle Cross-platform and multi-device support with extensive application coverage Innovative security policy optimization Complete Data-Centric Security Architecture Sharing and Collaborating Internally Fasoo Secure Node (FSN) Secure, control and track sensitive documents created and used on endpoints Fasoo Secure Document (FSD) Secure, control and track downloaded documents beyond the controlled boundaries of content repositories Collaborating with Partners & Customers Fasoo Secure Exchange (FSE) Secure, control and track sensitive documents shared with external users Sharing Files to Your Mobile Device Fasoo Mobile Solution Secure your data on mobile platforms, not your device Monitor and Analyze Your Data Fasoo Usage Tracer Monitor and analyze user/file activities, and optimize existing security policies Printing and Displaying Your Files Fasoo Secure Print (FSP) Trace printing activities and deter information leaks through printouts Fasoo eprint Reinforce print security and help reduce costs Fasoo Secure Screen (FSS) Prevent and deter security breaches through your screen Extend Security Perimeter of Your ECM Fasoo Secure Document for IBM ECM Secure, control and track documents beyond the controlled boundaries of IBM ECM Fasoo Secure Document for SharePoint Secure, control and track documents beyond the controlled boundaries of Microsoft SharePoint

6 About Fasoo Fasoo has been successfully building its worldwide reputation as an enterprise DRM (Digital Rights Management also known as information rights management, IRM) solution provider with industry leading solutions and services. Fasoo solutions allow organizations to prevent unintended information disclosure or exposure, ensure a secure information-sharing environment, better manage workflows and simplify secure collaboration internally and externally. Fasoo has successfully retained its leadership in data security by deploying solutions for more than 1,200 organizations in enterprise-wide level, securing more than 2.5 million users. As the leader within the digital rights management industry providing various data-centric solutions, Fasoo continues to expand in new business areas to provide you with complete data security. Address: 197 State Route 18 South East Brunswick, NJ Contact Information: Phone: (408) (732) [email protected] Web: