S O L U T I O N B R I E F
•
DATA C O N TA I N M E N T S E R I E S – D C S 0 03
OVERVIEW
Globalization is a reality in the information and communication technology marketplace. But as companies exploit outsourcing, both onshore and off, to cut costs, access skilled workers and operate more efficiently, they must develop new security programs to manage the increased risks that are inherent to sharing proprietary and confidential information with outsourcers that are physically and culturally distant.
Regulated companies, such as health and financial services, must ensure that the outsourcer provides the new standard of due care in protecting the private information of individuals that is mandated in privacy regulations. Software and other technology companies must assure shareholders that their intellectual property, the source of tomorrow’s shareholder value, is adequately safeguarded from misappropriation. And those in defense related industries must prevent restricted information from being transferred to foreign IT workers in order to keep their export licenses.
Reporting
Policy Definition
Configuration
Alert Management
User Activity
Data
Internet
Customer Site
Digital Guardian
Management
Console
Rules for
Enforcement
A C T I V E L Y M A N A G E I N F O R M A T I O N
S E C U R I T Y W H E N O U T S O U R C I N G
•
Automate security audits of outsource partners
•
Continuously verify security service level agreements
•
Identify and quickly respond to new and changing threats
•
Put written policies into action with real-time control over applications, networks, storage devices and printers
Mobile Laptop Office Desktops Corporate Server
Outsource Development Site
But how do you protect information when you aren’t in control of the physical environment and the individuals who are accessing it? Prudent companies take a series of fundamental steps to protect intellectual property and customer data when outsourcing. These steps include requiring outsourcers to have adequate physical security, making sure thorough employee-screening processes are in place, carefully structuring security-conscious service level agreements, and conducting security audits, to name just a few. Yet such measures may not go far enough.
With increasing concerns being voiced by individuals over protection of their sensitive financial and healthcare information and the increased sensitivity to allowing critical information to fall into unfriendly hands, governments are taking more pronounced steps to remove the discretion that companies historical had and are mandating strong controls over the tracking and usage of sensitive and proprietary information.
OVERSIGHT FROM ANY DISTANCE
Digital Guardian enables companies to continuously audit the outsourcer’s compliance with contracted security policies. By mandating the deployment of Digital
Guardian on all servers, desktops and laptops used by the outsourcer, audit and security managers are able to see exactly how their company’s information is being used and by whom.
The system continuously, silently and efficiently records, in a tamperproof log, high-level user actions related to the applications, networks, storage devices and printers that are used to access and communicate files, databases, source code and other information supplied to the outsourcer or created by them. A near-real-time record of all user activity can be queried through a web-based management console at anytime and from anyplace.
Audit, compliance and security managers responsible for verifying trusted information sharing relationships can now have the visibility they require to establish compliance, identify new risks and trace any incidents to their source.
Policies can be centrally defined and deployed to the offshore development site from your location and actively enforced on the remote desktop. A wide range of enforcement options allow you to strike the right balance between the needs of the outsourcer and your need for security, including silent alerts, warnings to the user, prompting the user or blocking the user action.
BEYOND BORDERS, BUT NOT YOUR CONTROL
With Digital Guardian your information is never beyond your control. The point-of-use architecture of the system allows you to control the applications, networks, printers and storage devices that are used to access your critical business information. You can limit data mobility by managing the use of removable storage devices, contain the loss of proprietary information over networks and prevent private information from leaking out of both desktop and enterprise applications.
CONCLUSION
Digital Guardian offers a compelling value proposition for companies who have placed proprietary and sensitive information into the hands of outsourcing partners.
By providing complete visibility and control over how information assets are used to those ultimately responsible for their safekeeping, an investment in our security platform largely satisfies both fiduciary obligations for the security of valuable corporate information as well as current and future government imposed directives.
With the deployment of Digital Guardian companies will have the means to hold outsourcing vendors accountable for the security and confidentiality of information and the confidence to enter into new outsourcing relationships with the knowledge that their critical business information is not beyond their oversight and control.
VERDASYS INFORMATION SECURITY SOLUTIONS
Verdasys delivers information security solutions that address business-driven requirements for assuring compliance with a broad range of regulatory mandates; safeguarding the privacy of client and patient records; and preventing the misuse and theft of intellectual property.
Offering a compelling set of solutions for a wide array of data containment, global outsourcing and information protection challenges, the Verdasys Digital Guardian platform offers real-time, autonomous data-level monitoring and control. In addition to minimizing the information security risks posed by technologies such as e-mail, IM and USB drives, Digital Guardian detects and interdicts violations of information usage policies – thus creating a corporate culture centered on accountability.
Verdasys clients include Fortune 500 corporations – in industries ranging from insurance and financial services to multimedia and pharmaceutical – who are setting industry benchmarks for information security. To join them, contact us at info@verdasys.com
Professional Services & Compliance Policy Packs
Risk Visualization
Activity Summaries
Forensic Reports
Application
Logging
Private Data
Redaction
Adaptive
Encryption
User Policy
Enforcement
Resource
Management
Application
Hardening
Monitoring Control
Digital Guardian Information Security Platform
Packaged & Custom
Applications
Networks, Stor age
Devices, Printers, Clipboard
Windows, Linux, Citrix, and MS Terminal Server
Operating Environments
Data Security at the Point of Use
950 Winter Street, Suite 2600 Waltham, MA 02451
781-788-8180 Tel 781-788-8188 Fax info
@ verdasys.com www.verdasys.com
© 2004 Verdasys, Inc. All Rights Reserved. Verdasys, the Verdasys logo, Digital Guardian, and the Digital Guardian logo are trademarks of Verdasys, Inc. The content of this document is subject to change without notice. Microsoft is a registered trademark, and Windows is a trademark of Microsoft Corporation. Other brands and their products are trademarks or registered trademarks of their respective holders and should be noted as such. V1 1-17-05