PDWatch: Endpoint Encryption – Protection for Sensitive Data
PDWatch guarantees privacy during data transport. The solution enforces content-based encryption of data in transit, according to the criteria in the security policy, like user, file type, included patterns, source media or characteristics of the target media.
VIP-users know about the sensitivity of data, but have no time for encrypting it. Therefore PDWatch has integrated the encryption within the functions of the operating system. The degree of the user’s free decisions concerning the data is defined centrally. Is he allowed to define his own key or does he have to work with enterprise keys exclusively? What data is he allowed to exchange with third parties? All security characteristics are controlled centrally.
Coexistence of Sensitive and Non-sensitive Data
Files like a direction sketch or the marketing’s product description don’t necessarily have to be encrypted. PDWatch enables the coexistence of encrypted and unencrypted data on the same media. Again it is centrally defined who is permitted to transport what kind of information without encryption on which media.
Local Safe Protects against Data Loss
PDWatch provides a local safe as protection against unauthorized access for especially sensitive data on the PCs hard disk or for information, which admins shouldn’t get access to. Thus you can make sure, that only authorized users can access the local safe respectively that only specific trustworthy applications access the safe.
Secure Data – Even in the Cloud
The trend of storing data in the cloud is intensifying due to the benefit of enabling access the information from everywhere for employees, customers or partners. But are your data safe, when stored in the cloud? Regardless of the storage location, with the help of PDWatch4Cloud you are able to securely store and protect your data on virtual systems, like Dropbox and Skydrive, in compliance to the BDSG §9. In addition, for every connected cloud you can define your own DLP filters and specify details on how the data can be stored: permitted in plain text, prohibited, mandatory encryption with a company key or with a user defined key.
Several Keys – One Media
Different offers for several customers on the same media – no problem with PDWatch. After typing in the correct key the user is presented with only the desired data, all the other information stays protected.
Enterprise Key and Your Data Doesn’t Leave the Company
Beside the encryption with personal keys, you can enforce the use of an enterprise key by user or user group based on the name and/or content for certain or for all files. This key is applicable only on enterprise systems, thus efficiently preventing an unauthorized “pick-up” of data. A company can centrally manage any number of enterprise keys (for instance for departments and projects), hence controlling systems and groups. This way important data leaks are closed. Further you can log the permitted data activities via XRayWatch and extent storage areas for sensitive data even to public clouds.
The German BDSG§9 is stipulating an increased protection for personal data being stored on mobile media. The PDWatch function for “forced encryption” meets this requirement. The encryption is done based on name, user, used devices, storage location and file content. Logging and the user’s agreement to it are implemented as automated processes in real time. Privileged users keep all their permissions, the assumption of liability is being logged.
- Sensitive information on mobile media and data in transit are easily getting lost – be it by losing the media or by theft.
- Local data, which is of special importance, have to be protected against unauthorized access even by administrators.
- Not all data on a media should be visible for a user, hence they have to be protected in different ways.