How To Manage Sensitive Information Management With Cyberark Software

Transcription

1 Sensitive Information Management Securely share sensitive information with trusted users and applications

2 Table of Contents Executive Summary 3 The Challenges 4 The Solution 5 Sensitive Information Management Business Scenarios 7 Solution Components 13 Secure Digital Vault Server 13 Secure Access for People 14 Secure File Exchange Portal 14 CyberArk SafeShare for Windows 14 CyberArk SafeShare for Mobile 14 Sensitive Information Management Utilities 15 One-Click File Transfer 15 Export Vault Data 15 Secure Outlook Add-on 15 Secure Access for Applications 16 Distribution and Collection Automation Engine 16 Encryption Gateway 16 FTP Connector 16 Vault Software Development Kit (SDK) 16 A Variety of Interfaces 17 Overall Benefits 18 Cyber-Ark Software Ltd. cyberark.com 2

3 Executive Summary In today s interconnected world, organizations frequently exchange information with their employees, contractors, partners and customers. From sharing financial data between executives and board members to exchanging clinical trial between pharmaceutical companies and contract research organizations, businesses across a variety of industries must share sensitive, regulated data on a daily basis. As IT teams work to facilitate seamless information sharing, they must also consider the security, compliance and operational impact of any enterprise file sharing solution. Security considerations. When exchanging sensitive information such as financial data, patient health information or intellectual property, it is critical to ensure that this information remains protected from unauthorized access. To avoid the risk of a data breach, organizations should consider the granularity of access controls, encryption strength and monitoring and reporting capabilities. Compliance considerations. Many organizations must comply with industry regulations that require auditability, accountability, segregation of duties and non-repudiation. If an organization were to fail an audit, it could face strict penalties and hefty fines. Any solution that would be used to share regulated information should offering reporting capabilities to help its customer meet and prove compliance. CyberArk Sensitive Information Management provides a highly secure, scalable platform that facilitates the exchange of sensitive information between users and systems without increasing operational overhead. Operational considerations. Organizations must consider how much time is required to setup new users, how reliable the solution is and how much on-going effort is needed to maintain the solution. If a product is difficult to administer, it can dramatically increase the operational burden on the IT team and take time away from more strategic projects. Further, if a solution requires additional components, such as VPNs or leased lines, to improve security, the IT team could end up wasting valuable dollars in its budget. CyberArk Sensitive Information Management provides a highly secure, scalable platform that facilitates the exchange of sensitive information between users and systems without increasing operational overhead. Security policies help protect sensitive data from unauthorized access, and these policies can be configured to meet specific compliance requirements. Customizable reporting capabilities help customers easily prove compliance and pass audits. Further, because Sensitive Information Management uses business language in the administrative interface, business owners are able to manage governance policies and access rights without unnecessarily increasing the operational burden on IT. Cyber-Ark Software Ltd. cyberark.com 3

4 The Challenges Today, the ability to exchange information between users and systems has become a fundamental business requirement. Information sharing enables users to be more productive, facilitates collaboration among teams, and help organizations deliver better customer experiences. However, as organizations share increasing amounts of sensitive information, they also need to ensure that their files remain safe from compromise. Traditional file sharing solutions present several challenges and often times require organizations to choose between security and usability. Common file transfer methods cannot effectively secure sensitive information. Common file transfer methods, such and Peer-to-Peer (P2P) and File Transfer Protocol (FTP), are highly prone to human error and can expose sensitive data in plain text to the internet. If sensitive or regulated information were exposed via one of these file transfer methods, organizations can face several consequences including regulatory fines, financial losses, brand damage and legal action from those whose data was leaked. Meet compliance and pass audits Secure Dropbox alternative Enable secure sharing of files Encryption solutions and Secure FTP are extremely difficult to manage. Organizations sometimes turn to encryption solutions or Secure FTP to secure the exchange of sensitive data. However, many organizations that have implemented such solutions find it complex, difficult and time-consuming to manage certificates and encryption keys. Traditional file transfer methods are siloed and create unnecessary IT overhead. Traditional solutions, such as , Dropbox, P2P, Share Point, FTP and FTP/S, must each be managed separately. Because there is no central management across these file transfer methods, IT teams often times duplicate efforts while managing multiple disparate systems. Common file sharing solutions typically have scalability and reliability issues. In many organizations, critical file transfer operations are based on homegrown systems and scripts, mostly using FTP or as the underlying technology. As organizations grow and requirements become more demanding, these types of solutions often fail to meet business needs. Worse, since FTP and solutions do not provide data encryption on the FTP server, it is almost impossible to prevent data corruption or leakage. Automate processes What should a strategic file transfer solution provide? Protect intellectual property Enable view-only policies for partners Security. Any enterprise file transfer solution must fully protect data in transit and data in storage. It must also offer customizable security policies that support granular access controls, encryption and strong authentication, as well as offer a full audit trail for monitoring and reporting purposes. Auditability. Organizations in regulated industries should invest in a solution that offers centralized, customizable security policies that can be tailored to meet regulatory requirements and can be uniformly enforced across the enterprise. The file transfer solution should also offer a complete, tamper-proof audit trail that can easily be handed over to auditors to prove compliance and pass audits. Operational efficiency. Any strategic file transfer solution should enable user productivity and operational efficiency. As such, the solution should facilitate seamless, secure file sharing between internal and external users, as well as offer a flexible and intuitive interface. It should also be highly scalable so that it can meet growing and changing business needs over time. From an administrative perspective, an optimal solution will offer centralized management so that IT teams can manage all internal and external users, manage all file transfers, enforce consistent security policies, monitor access to sensitive information and report on all activities from behind a single pane of glass. Cyber-Ark Software Ltd. cyberark.com 4

5 The Solution CyberArk Sensitive Information Management enables organizations to share, distribute and access data without putting sensitive information at risk. As an enterprise-ready, scalable platform, the solution enables trusted users and applications to securely exchange files, and it delivers a centralized platform from which IT administrators can manage all users and security policies. The platform enables IT teams to report on all file sharing activities, monitor access to sensitive documents, investigate suspicious activity and prove compliance with industry regulations. Figure 1 Secure Digital Vault for isolating and sharing sensitive files Cyber-Ark Software Ltd. cyberark.com 5

6 SHARE Sensitive documents between users Customer / Client Employee/Contractor AUTOMATE File transfers between applications AUDIT File sharing and access to sensitive documents Partner / Supplier Figure 2 Securely exchange sensitive files internally or externally, manually or automatically CyberArk Sensitive Information Management is a one-stop shop for all your file transfer needs. Based on CyberArk s patented Secure Digital Vault technology, the solution delivers military-grade encryption and granular access controls to protect any organization s most sensitive files. The solution enables customers to exchange sensitive information securely and efficiently, internally and externally, manually or automatically. Cyber Ark Sensitive Information Management is designed to support any protocol or transfer process and can integrate with any most any new or legacy application. The solution is available on premise or as a cloud service for quicker audit readiness without the need for capital expenditure. Cyber-Ark Software Ltd. cyberark.com 6

7 Figure 3 Simple and easy to access your sensitive information Sensitive Information Management Business Scenarios Scenario 1: Secure user-to-user file transfers Organizations today frequently exchange information for a variety of reasons. From internal use cases, such as a business sharing sensitive company information with employees around the world, to external use cases, such as a financial institution sharing investment data with their clients, the need for secure file sharing between internal and external users is vast. The problem is, when business users need to share documents, they typically do so via . However, the use of attachments to share sensitive documents creates two main challenges. First, sending sensitive documents via increases security risks. If the is sent unencrypted, it can easily be intercepted and opened by an unauthorized party. Alternatively, the recipient could forward intentionally or accidentally the sensitive document to unauthorized recipients. To protect sensitive documents, organizations should encrypt all sensitive files, and they should ensure that only authorized parties are able to access the files. Second, from a productivity perspective, offers no inherent version control of documents. When team members need to collaborate on a document or presentation, it can become difficult to track each team member s feedback if users are working from different file versions. To improve productivity and make it easier for teams to collaborate, organizations should consider file sharing solutions that offer built-in version control so that users can know, with complete confidence, they are working off a most recent draft. CyberArk Sensitive Information Management addresses these challenges and more with its state-of-the-art secured environment that facilitates file sharing between internal and external trusted users. Cyber-Ark Software Ltd. cyberark.com 7

8 External Users Business Users Sensitive Information Management Figure 4: Sharing Sensitive Documents with external users Online Secure Access The above diagram illustrates the following capabilities: 1. Business groups can collaborate with each external user separately in a completely isolated environment. 2. Built-in version control eliminates multiple files to guarantee that each user is always accessing the most recent version. 3. Files are securely stored in the Secure Digital Vault, which encrypts all data at rest and in transit. 4. Users are able to receive notifications about recent file activities. 5. Business users have full control over who has access to their documents. CyberArk Sensitive Information Management enables organizations to eliminate insecure file transfer methods such as attachments and Dropbox. Instead, the CyberArk solution offers a secure file repository, complete with militarygrade encryption and granular access controls, that can be accessed 24x7 from any device. To aid productivity, users can also receive alerts when certain files are accessed or updated. To enforce access controls, CyberArk Sensitive Information Management leverages Safes, which are secure, subfolders within the Secure Digital Vault. Users can be granted access to specific Safes based on their role, and they can grant trusted third party users access to certain Safes when needed. The solution supports a variety of authentication methods, and monitoring and auditing capabilities enable organizations to report on who has accessed what to help prove compliance with applicable regulations. To ensure the highest levels of security, IT administrators are able to manage Safes, but they are unable to view or access any of the files within them. Cyber-Ark Software Ltd. cyberark.com 8

9 Granular access controls enable Safe owners to decide which users have what types of access rights. Some users may have complete access, which means they can view, edit and locally save sensitive documents. In many cases, users who have complete file access are trusted internal employees or consultants. Other users, such as business partners or vendors, may only have access to view documents. Figure 5 illustrates the different levels of access privileges each user may be assigned based on the user s relationship to the company and specific role. Figure 5 CyberArk s Secure Data Room - Share files while protecting file content Scenario 2: Mobile application support to facilitate on-the-go file sharing Businesses are constantly seeking ways to enable their users while on the go. With the growth of smartphones, banks, insurance companies, and healthcare organizations have led the trend of going mobile. From check images to legal contracts to medical records, CyberArk customers rely on the Sensitive Information Management solution to secure files that are uploaded and downloaded via mobile apps every day. Figure 6 - Sample mobile banking app for check deposit CyberArk Sensitive Information Management integrates with homegrown mobile apps and the backend systems that power those apps. In fact, one CyberArk banking customer uses Sensitive Information Management to encrypt mobile check deposit images within the app and then vault the image so that it can later be processed by backend systems. Using Sensitive Information Management for mobile apps, this bank is able to allow its customers to deposit checks directly from their smartphones or tablets without ever having to visit a branch or ATM. Scenario 3: Share with external users on an ad-hoc basis Business users occasionally need to share sensitive information with external users with whom they do not have a long-term business relationship. For example, a sales representative may need to send product roadmap information to a prospective customer. To facilitate this kind of ad-hoc information exchange with external users, most organizations use either an FTP server or . While these file transfer methods can be easy for end users, they also pose security risks. Whereas in the past organizations were typically forced to trade security for end user convenience, that is no longer the case today. CyberArk Sensitive Information Management enables end users to quickly, easily exchange files with internal and external users without compromising security. With CyberArk Sensitive Information Management, business users can be empowered to grant one-click access to a dedicated Safe to external parties without having to consult first with IT. External users can self-enroll in the highly intuitive system using One-Click Enrollment. Once enrolled, internal and external users can securely, easily share files Cyber-Ark Software Ltd. cyberark.com 9

10 on an ad-hoc basis. Because these files are subject to the same strong encryption, authentication, access controls and monitoring as other files, the IT team can rest easy knowing that the files will remain secure and all activities will remain fully auditable. 1 Business User 3 2 External User A The above diagram shows the following process: Figure 7: One Click Enrollment 1. The business user enrolls a new external user, and CyberArk Sensitive Information Management automatically sends an invitation to the external user. 2. The external user receives the invitation and completes a simple registration form. 3. Both parties can now exchange files securely. 4. The business user can add restrictions for the exchanged files. The restrictions feature enables files to appear to external parties in a way that is difficult to save or copy. One example of a restriction is read-only access, which can convert any file to a pdf, watermark it and stamp it with the viewer s contact details. CyberArk also offers the option to convert an entire file to a series of images, making it difficult to copy information from the file. Scenario 4: Replace existing FTP-based or homegrown file transfer infrastructure Traditional FTP servers, which are commonly used by organizations, introduce unnecessary security risks and manageability issues. Because FTP servers typically reside in the DMZ, they are accessible from both the internal network and the open Internet by end-users, scripts and systems. While this setup is necessary to facilitate file sharing internally and externally, exposing the FTP server and consequently all the data that is transferred through it to the Internet, makes sensitive files highly vulnerable to unauthorized access. Further, because FTP servers require manual effort and management by IT teams, they can generate high operational costs. In contrast with typical FTP-based solutions, CyberArk Sensitive Information Management is a highly secure intermediate file repository that provides encryption, access control, authentication, auditability and many other security layers. These added security layers drastically improve the security of files in transit and in storage, and they help mitigate the risk of unauthorized access. The CyberArk Sensitive Information Management platform offers a variety of user, system and application interfaces to provide the greatest amount of flexibility and facilitate both manual and automatic file transfers. By automating file transfers, IT teams can significantly reduce the amount of time and effort needed to manage file sharing processes and instead focus their efforts on projects that are strategic to the business. Cyber-Ark Software Ltd. cyberark.com 10

11 CyberArk s solution meets PCI DSS requirements by encrypting all data in storage and in transit. No more unencrypted information on FTP Servers All sensitive information is stored securely in the Secure Digital Vault CyberArk Sensitive Information Management centralizes the management of all file transfers to significantly reduce the IT burden and deliver a rapid return on investment. The solution improves the reliability of file transfers, and it mitigates the risk of data loss by preventing external, unauthorized users from accessing the solution via the Internet. My Enterprise Internal Network DMZ Internet 2 SFTP/FTP/FTPS Connector 3 Business Partner A 1 Legacy Business Partner B AS/400 & Legacy Scripts SFTP/FTP/FTPS Connector Digital Vault 4 FTP Business Partner C 100,000 X Figure 8: Automated file transfers to external users - replacing FTP servers Business Partner # The diagram above shows the following benefits: 1. Seamless back-office integration SFTP/FTP/FTPS /SCP: Full automation No need to maintain legacy scripting Data in the DMZ is always secure and encrypted; no decryption takes place in the DMZ 2. No change to the file transfer process for external end users. External parties can still use legacy scripts by using the standard Protocol Proxy (a.k.a CyberArk Connector ) External parties can still access files via their legacy FTP/SFTP/FTPS servers. 3. Enterprise scalability and integration make the solution future-ready. Users and applications can easily be added and scaled up over time. Same infrastructure can be used for to support internal and external users and processes The solution was purposely designed to support thousands of users and projects Integrations enable the solution to support side-by-side new and legacy access methods Cyber-Ark Software Ltd. cyberark.com 11

12 CyberArk s Automated Process Manager and the Distribution and Collection Agent enable organizations to automatically transfers files between the Secure Digital Vault and remote servers. Automated Process Manager can be used to automatically transfer files within a customer s environment, as well as facilitate vault-to-vault transfers. Alternatively, the Distribution and Collection Agent offers the ability to automatically push or pull files from FTP, SFTP or legacy backend servers within a business partner s environment. Scenario 5: Transform manual file transfer processes into automated ones Using the architecture discussed above, organizations can automate business processes that have traditionally been manual. For example, organizations that understand the risks of insecure electronic file transfers tend to rely on CDs and courier services. Instead of risking electronic file transfers, users tend to burn highly sensitive files to CDs and then share the CD with authorized parties. While this avoids the risks of electronic file transfers, it is manual, timeconsuming and costly, and couriers cannot guarantee the security of the CD. With Sensitive Information Management, however, organizations can gain confidence that their most sensitive data is safe from unauthorized access while simultaneously increasing user productivity and improving operational efficiencies. Cyber-Ark Software Ltd. cyberark.com 12

13 Solution Components Employees Secure access for people Browser ipad Outlook Applications and Systems Digital Vault Server Secure access for applications and automated processes Billing Legacy Applications FTP CRM Integration to Corporate Antivirus & Content Filtering Vault-to-Vault SDK/API Gateways Distribution & Collection Automation Engine FTP/SFTP Connector Encryption Gateway Figure 9 CyberArk Sensitive Information Management Components Secure Digital Vault Server The Secure Digital Vault provides a Safe Haven where all of an organization s sensitive files can be securely archived, transferred and shared by authorized internal and external users in local and remote locations. At the heart of the Secure Digital Vault are multiple security layers such as a firewall, VPN, authentication, access control and encryption. These components help ensure that the Secure Digital Vault is most secure solution available for enterprise file sharing and storage. The Secure Digital Vault is a plug-and-play solution that requires minimum effort to set up, and it can be fully operational within a short period of time. Users can access and manage the Secure Digital Vault through a variety of interfaces, including via a client, web browser or ipad app, and the solution offers enterprise scalability and reliability, complete with Disaster Recovery and High Availability. Non Repudiation & Data Integrity. All data between the Secure Digital Vault and any CyberArk client is encrypted with AES-256 encryption. The initial key exchange occurs during authentication using the Secure Remote Password (SRP) protocol. The SRP protocol creates a secure session between two parties, and it prevents session hijacking and renders active network attacks, such as man-in-the-middle attacks, impossible. Data integrity is assured using Secure Hash Algorithm (SHA1). Encryption. The Secure Digital Vault leverages a built-in hierarchical encryption structure that uniquely encrypts each file, file version, Safe, and Vault. Each of these objects has a different, randomly generated encryption key. Combined, this hierarchical encryption structure enables CyberArk to provide stronger security by protecting files at all levels. Cyber-Ark Software Ltd. cyberark.com 13

14 At the base of the encryption hierarchy: Each time a file is accessed, only the Client knows the File Key of that particular file version. Even if this key is somehow compromised, it can only be used with this particular file version, leaving the full structure of the Safe unharmed. At the top end: At the top of the encryption hierarchy stands the Server Key, which can be physically removed once the Server has started. As a result, even if the server is stolen, the thief will be unable to access any important information. When required, the Server Key can be further protected and be stored on an HSM device. The default encryption methods used by the CyberArk Secure Digital Vault are AES-256 and RSA Secure Access for People Secure File Exchange Portal The Secure File Exchange (SFE) Portal is a web-based end user interface through which authorized users can share and receive files. The SFE Portal enables organizations to manage file transfer processes in a secure and controlled environment, and it offers secure, self-service password reset functionality for when users forget their credentials. CyberArk SafeShare for Windows CyberArk SafeShare, a secure file client, is a standard Windows application that serves as the administrative client for the Secure Digital Vault. CyberArk SafeShare can be installed on any number of Windows devices, and it can access the Secure Digital Vault via a LAN, WAN or the Internet. To grant access to the Secure Digital Vault, the administrator must first define authorized Users. A Vault Network Area Administrator must then define the IP address or IP mask of the device on which the secure file client will be installed within the Vault s Network Area. The User must then authenticate to the Vault before being allowed access. The CyberArk Secure Digital Vault supports a variety of authentication methods, such as passwords, physical keys, and certificates, to ensure the highest levels of security The Secure File Client can also be installed using ActiveX. The Web interface simplifies distribution and installation of the client in large organizations and permits easy access to the Secure Digital Vault from mobile devices. Each command, request, file transfer and user configuration is encrypted to ensure maximum protection for data at all times. CyberArk SafeShare for Mobile The CyberArk SafeShare ipad App enables users to securely and easily access Safes, files and passwords in the Secure Digital Vault directly from their tablets. Through the native app, users can read and share files with other users via a secure link. Users also have the ability to view files in read-only mode Cyber-Ark Software Ltd. cyberark.com 14

15 while offline. Users can download the CyberArk SafeShare App to their ipad from the itunes App Store. Sensitive Information Management Utilities One-Click File Transfer CyberArk s One-Click File Transfer is an end-user utility that transfers files between the CyberArk Secure Digital Vault and a standard file system in accordance with predefined settings. Files can be uploaded to the Secure Digital Vault from the local file server, or they can be downloaded to the local file server from the Secure Digital Vault. As a utility, One-Click File Transfer does not require installation, which eliminated the need for administrator permissions or assistance. An intuitive GUI interface leads end-users through a simple service configuration and enables users to begin working immediately. Users can predefine the files to transfer or select them on-demand. File transfers can be carried out manually or automatically in accordance within a preset schedule. Export Vault Data The Export Vault Data utility enables IT teams to export information about activity in the Secure Digital Vault to either a text file or an MSSQL database outside of the CyberArk environment. Secure Outlook Add-on CyberArk s Secure solution enables users to send and receive files in a controlled and secure manner, reducing the size of attachments and enabling organizations to enforce policies regarding the sharing of sensitive information and extremely large files. This solution integrates with Microsoft Outlook, enabling users to send messages and attachments of any size using an application they are familiar with, from their own workstation, quickly and conveniently. CyberArk Sensitive Information Management offloads the attached files from the then stores and encrypts them in the CyberArk Secure Digital Vault. From there, recipients can access the files according to predefined authorizations. Centralized configuration reduces management overhead and increases efficiency. Enterprise policies for s can be enforced for different users and purposes, depending on specific standards and requirements. The standard Secure Digital Vault tracking feature provides a full audit trail that indicates who has accessed secure s and their attachments. This provides complete visibility into has accessed what, and it enables organizations to meet company policies, security requirements and compliance standards. CyberArk s Secure solution integrates with content scanning tools so that any attachment sent over secure can be scanned and validated before it is sent or retrieved. This valuable feature enables corporations to retain control over activity. By layering in this added security against viruses and other potential security dangers, organizations can prevent data loss and unauthorized distribution. Cyber-Ark Software Ltd. cyberark.com 15

16 Secure Access for Applications Distribution and Collection Automation Engine The CyberArk Distribution and Collection Automation Engine is a file transfer management system that supports crucial business operations by enabling organizations to securely and reliably transfer data internally and with partners, suppliers and customers. The Distribution and Collection Automation Engine also includes a Scan Engine component that enables organizations to validate all incoming and outgoing files and s in the Secure Digital Vault. The Scan Engine can be integrated with various products, such as anti-virus or other types of content filtering products, to ensure that all files sent or received through the Secure Digital Vault comply with enterprise security policies. Encryption Gateway Send secure s from any platform without installing extra software. CyberArk s SMTP Encryption gateway can manually or automatically encrypt any . To manually encrypt files, users must type a unique identifier in the subject line. Alternatively, any message that contains sensitive content as defined with a DLP solution, such as social security or credit cards numbers, can be automatically encrypted the instant the file is transferred. FTP Connector The FTP Connector enables users to access Vaults transparently using FTP protocols such as FTP, SFTP, FTPS or SCP. The connector can be installed within an organization s internal network for backend processing or within the DMZ to allow access by external users or applications. Vault Software Development Kit (SDK) The CyberArk Vault SDK provides an interface to Vault objects and can be used to develop custom solutions that work with the Vault. CyberArk provides a variety of SDKs such as Command Line Interface,.Net API, Web Services API and REST API. Cyber-Ark Software Ltd. cyberark.com 16

17 A Variety of Interfaces Parameter Business Need Secure Self password reset Distribution & Secure File CyberArk One-Click Secure File Collection Exchange SafeShare for File Transfer Client Automation Portal Mobile Engine Manage file Direct, secure Securely and Vault Automatic, transfer file transfer easily access administration system-tosystem processes in a using Safes, files, or and seamless file secure and predefined passwords Office transfer and controlled settings from an online integration management environment; or offline tablet. that enables provide an reliable and intuitive end secure data user interface transfer for file sharing B2B & FTP Secure Integration Connector Manager SDK Replace Develop Business unsecure FTP custom departments processes while applications send and ensuring and integrate receive sensitive business with other business continuity systems information via Yes No Yes No No No No No User License Type Secure user license Secure user license Secure user license + SafeShare Mobile Application Licenses Secure user license Secure user license + DCA license Secure user license + FTP Connector license Secure user license + CyberArk SIM SDK Secure Client User License Supported Protocols Https Vault Protocol Https Vault Protocol Vault Protocol, FTP, SFTP FTP, FTPS, SFTP, SCP Vault Protocol Vault Protocol, SMTP Communication Port Any Port Any Port Any Port Any Port Any Port Any Port Any Port Any Port Requires installation? No (100% web application) No Yes, from the App Store Yes Yes No No No for the Encryption Gateway. Yes for the Secure Outlook Add-On (no administrative rights required) File Transfer Type Manual and Ad-hoc Manual (and can be scheduled) Manual and ad-hoc Manual Automatic Manual and Automatic Manual and Automatic Manual and Automatic Cyber-Ark Software Ltd. cyberark.com 17

18 Overall Benefits CyberArk Sensitive Information Management provides a complete and proven solution for organizations to share, distribute and access date while protecting your most sensitive assets. CyberArk Sensitive Information Management enables organizations to: Reduce security risk. At the core of the solution is CyberArk s patented Secure Digital Vault technology, which provides the highest levels of security and ensures the confidentiality of an organization s most sensitive information. CyberArk Sensitive Information Management maintains strict security policies, securely stores tamper-proof audit logs and prevents unauthorized personnel, including IT administrators, from accessing sensitive data. With the highest levels of security and military-grade encryption, Sensitive Information Management dramatically reduces the risk of sensitive information being exposed to unauthorized, potentially malicious, parties. Comply with industry and regulatory standards. Built-in segregation of duties and robust auditing and reporting mechanisms address a variety of compliance issues related to regulations such as PCI, SOX, HIPAA and others. Reduce operational costs. CyberArk Sensitive Information Management eliminates the need for IT teams to maintain scripts and monitor cumbersome file transfer processes based on FTP and other homegrown solutions. This centralized solution reduces the management burden on the IT team, enabling them to improve efficiencies, reduce operational costs and focus their efforts on projects that are strategic to the business. The solution also provides an easy way to enable external user connectivity and offers users the ability to reset their own passwords with increasing the burden on the IT help desk. Integrate with existing infrastructure and backend systems. CyberArk Sensitive Information Management can easily integrate with backend systems that process incoming files and produce files to be sent to external users. These integrations enable seamless communication between disparate existing systems, and add layered security to the file transfer process. The solution can easily integrate with commonly used infrastructure and security products such as LDAP servers, SSO, backup solutions, SAN/NAS, anti-virus, DLP, and more. Support large file transfers. CyberArk Sensitive Information Management enables users to transfer large files in manual or automatic mode, manages queues of personal transfers, and can resume and recover failed transfers all without any file size limitation. Enable secure business processes. Cyber Ark Sensitive Information Management streamlines business processes through its highly secure file transfer platform. The reliable, scalable solution assures the delivery of files to their proper destinations, provides 24x7 worldwide access and can scale up as your business grows. Scale with changing business needs. CyberArk Sensitive Information Management centralizes the management of file transfers, security policies and reporting. The solution s ability to support any type or size of file transfer enables organizations to address not only today s file transfer needs but it also enables customers to grow their use of the system in the future. With enterprise-class reliability and scalability, complete with high-availability and disaster recovery, Sensitive Information Management is a true strategic solution for any type of organization. Cyber-Ark Software Ltd. cyberark.com 18

19 All rights reserved. This document contains information and ideas, which are proprietary to Cyber-Ark Software Ltd. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, without the prior written permission of Cyber-Ark Software Ltd. Copyright by Cyber-Ark Software Ltd. All rights reserved.