In our previous blog article, we showed you 5 use cases where you should increase the security of sensitive company documentation. In this one we present you 5 new weak spots for Data Security in your Business. These cases are the following:
1. Protect technical data or intellectual property
In the field of manufacturing companies, especially in high-tech industries such as aerospace, automotive, semiconductors, etc., it collaborates with a wide variety of suppliers and clients and the intellectual property, technical data and critical know-how to the company has to go outside the company. We can have visibility into what is happening with the data within the organization, but this is much more complicated when it comes to tracing access to information or protecting it throughout the entire supply chain.
In this context, it is critical to be able to protect the intellectual property contained in digital format both inside and outside the organization. Sensitive information, the result of costly research, investment in R&D and past experiences with clients, is found in different formats. From documentation in Word, Excel or PDF format, images and of course, CAD designs. Much of the intellectual property is in 2D and 3D CAD designs that need to be shared both internally and with external partners. It is critical to keep this information protected to avoid risk of leakage from internal or external threats.
2. Secure Human Resources information
Payroll documentation, information with personal data, medical, resumes. Some of them with a high level of confidentiality and others protected by regulations such as EU-RGPD. Applying adequate protection policies, we will know that only Human Resources personnel can access them and even audit if someone is trying to access them improperly.
In this area, SealPath has solved the needs of numerous clients who needed to share sensitive information regarding the recruitment of talent and personal data internally within the organization, but in a secure way. It’s important automating the protection of Human Resources information stored in different repositories such as File Servers, Microsoft SharePoint, etc. Although it is stored in the cloud, we will know that it has an additional layer of security. Human Resources managers can control who accesses and who does not access this type of information without requiring IT intervention. In other clients, SealPath has automated the protection of information downloaded from internal applications that can be protected and is safe and under control on the computers from which the download has been made.
3. Extend the security provided by a DLP or CASB
DLP (Data Leak Prevention) tools are used to attempt to monitor and block possible egress of confidential documentation from a corporate network. It is a technology that is normally restricted to the perimeter of the network: Sending by email, uploads via the web, output via USB port, documentation stored internally on users’ computers or file servers. The problem they pose is that many times the solution is not to block the output of sensitive information but to be able to get it under control, on the other hand, once they let the information pass, all traceability and access to it is lost.
In the case of the CASB (Cloud Access Security Brokers), sensitive information is inspected in Cloud repositories and just as a DLP blocks the output of sensitive information via email, a CASB can block confidential data downloads from Cloud applications with Office 365, Box, Google Drive, etc. As with the DLP, sometimes we must allow the documentation to be downloaded, but do so in a way that can be controlled, and we continue to maintain access traceability.
This is where an IRM solution like SealPath is the perfect complement since it integrates with a DLP so that when sensitive documentation is detected within the corporate network (e.g. credit card data, personal information, etc.), in user computers, file servers, etc., it can be protected automatically without user intervention. Sensitive information sent by email can also be automatically protected so that, even if it is in the hands of third parties, we can continue to audit its use, and revoke access if necessary.
Similarly, as a complement to a CASB, a data-centric security solution can protect the information in Cloud repositories automatically so that if it is downloaded, we can have access traceability and it can remain encrypted and under control on the computer or device where it was downloaded.
4. Protect classified or tagged information
There are companies that have initiated or use programs for the classification or labeling of sensitive information. They use tools that, through plugins in Office or with the right button of the mouse, mark documents with a certain level of confidentiality: Public, Internal Use, Restricted, Confidential, etc.
A classification system does not in itself protect the documentation, but simply the label. Protection is in the hands of a DLP-like tool that can block the output of the document if it is labeled or marked confidential.
With a data-centric protection tool like SealPath, it is possible to associate automatic protection with a certain level of classification. In this way, if the user classifies a document as confidential, SealPath can protect it automatically.
This approach has been deployed in different SealPath clients, which also, through SealPath for File Servers, can discover sensitive information classified in a file server or document manager and protect it automatically based on the classification level. Thus, an administrator can ensure that documentation labeled with a certain level, such as “Top Secret” is protected wherever it is and the risk of improper access to this type of documentation is mitigated.
5. Protect and control communications or collaboration with contractors
In the day-to-day life of many organizations, we collaborate with third-party companies with which sensitive information of different types is shared: Technical projects with information on processes, internal products, etc. Also, information of legal, financial, human resources with personal data, which by EU-GDPR type regulations must be protected.
Despite investments in security to protect the perimeter and equipment of our organization, we cannot control the security of these types of contractors or companies with which we collaborate. In large clients in the automotive, aeronautical, defense sectors, etc. certain security audits are imposed on suppliers. A data leak in one of our suppliers, with whom we have shared our sensitive information, can also have a reputational and economic impact on our organization.
This case has occurred in SealPath clients, where technical documentation, human resources, etc. are shared with suppliers. In this case, thanks to SealPath, the documentation is protected, making it possible to review accesses or block access to the information if necessary. On the other hand, providers can access confidential documentation without the need to download or install agents.
In the previous article we detailed 5 Critical use cases in Companies where Securing Information, access it to complete this series of 10 key protection points in the company. In these two articles we have seen cases where SealPath clients have used a data-centric security approach to have more control over the data regardless of where it is.
What three key benefits does an IRM/E-DRM solution bring and are they common to these cases?
- The risk of data leaks is mitigated, and secure collaboration is enabled: Documentation that is shared both internally and externally is protected and under control. We can audit their use, block access if someone should no longer have to access the documentation, even if they have it on their computer.
- An additional layer of protection against breaches in the network is added: In a ransomware attack, the attakers can extract our data once inside, but if it is encrypted, they will not be able to extort money from us by making it public and we have the possibility to “destroy it remotely”.
- Facilitates compliance with regulations: As we commented in the use case of the previous blog article, keeping the information protected when iddle, in transit and in use, we will be better protected to be able to comply with regulations such as EU-GDPR, in the case of personal data of third parties, PCI, for financial data, HIPAA, in the case of health or similar data.
Do you want to know more in detail how SealPath works and be able to solve your specific use case? Contact us and we will show you how a data-centric security approach can help improve the management of sensitive information in your organization.