Sensitive documents, files and intellectual property are extracted from a central repository such as a database, records management system, or document management system to complete daily tasks, however, extracting this information can lead to a security breach. Avalere provides the tools you need to control the proliferation of sensitive information throughout your organization.
UUssee CCaassee:: Handling Sensitive
Information Extracted from
Corporate Repositories
Almost every company keeps their most sensitive documents, files and intellectual property in a database, records management system, or document management system in secure data centers. These systems have been proven over time to provide superior protection through network access controls and physical security. And while only authorized users can access this extremely valuable data, these systems simply cannot protect data when a copy is saved to a laptop or desktop. In fact, all "secure" corporate information repositories lose visibility, protection and control of its content once it is copied, downloaded, renamed, saved-as, printed or converted to a new format such as PDF. So, how can companies control this proliferation of information throughout their company and protect it? What happens to information today? Central information repositories provide a great approach to monitor, manage and secure the single master copy of an information asset. The problem is, when employees work on these files, they are doing so with a copy of the master information on their laptop or desktop. Maybe they will email this copy to co-workers for advice or opinions, or copy to removable media such as a USB device. As the multiple "rogue" copies are created and modified, the company is now faced with un-tracked copies and variants of the master copy. These situations can cause confusion and affect the productivity of all employees and can even expose the company to unnecessary risks in the areas of compliance, litigation or discovery. A company's risk is increased through the number of "unaccountable copies" in many ways, such as through IP 1leakage, standard e-Discovery or a compliance initiative. When a company is being sued, an e-Discovery must be completed to find all relevant documents. According to various laws, such as the Sarbanes-Oxley Act for 2example, information need only be retained for a set period of time. A central document management system ensures that one copy is expired, but what about all the other copies of the information on laptops and desktops? In an e-Discovery process, these files will be located on this distributed device and can negatively expose the company. Another method that information leaves the datacenter is via applications that are accessing centralized databases. These databases typically contain the information that is responsible for most of the data breaches that one reads about in the press. Employees that are "just doing their jobs", access databases all day long extracting information that is needed to answer questions, perform analysis or create lists for sharing of information. Each extract leaves sensitive information in the form of files on desktops or laptops completely outside of the current database controls. Over time, these files accumulate in the distributed environment as users keep the information "just in case" representing a very large risk to the exposure of information. Avalere Information Assurance Manager TM TMAvalere Information Assurance Manager (IAM ) provides complete visibility, protection and control of distributed information, all without limiting accessibility or impacting end-user productivity. There are currently two modules within the Avalere Information Assurance Manager Solution: 1 http://www.avalere.com/portal/Solutions/UseCases/eDiscovery/tabid/87/Default.aspx 2 http://www.avalere.com/portal/LinkClick.aspx?fileticket=17AXXGpdKqw%3d&tabid=72&mid=404 Avalere Use Case: Handling Sensitive Information Extracted from Corporate Repositories 1 Visibility and Protection Module . Classify: Identify information by its business use-before you can control or protect information, you need to know what you have. . Protection: Use encryption to ensure your data at rest and data in flight is safe. . Report: Catalog and audit information to know where the information is, who has it and how it's being handled according to corporate policies. Automation and Control Module . Control: Configure policies to support compliance initiatives and corporate regulations. . Automat... [download for more]
