Data Confidentiality Management
For a greater protection of sensitive data against loss, theft, disclosure and economic espionage, PRIM’X introduce a new way of integrating encryption within an organization.
Information is a company asset while data is both everywhere and widely disseminated. Classifying company’s information is a difficult task. Moreover, the actual value is not the one attributed to it, but rather the one an enemy would give to it.
A global policy must be adopted and deployed accordingly:
Encrypt everything, everywhere, and always
The encryption products available on the market are often partial and quite complex to handle, while PRIM’X’s vision for encryption is that it must be all embracing, simple and transparent, automatic and security policy-driven.
End-to-End Global Protection
When thousands of users – often on the move – are involved, and dozens of terabytes at stake, security cannot merely be left to the discretion of users, no matter how experienced they may be. Security must not be limited to a simple protection against external threats (e.g. the loss or theft of a mobile device).
It must also enable internal segregation via the “Need-to-Know” policy and offer an End-to-End Global Protection applied to: local files and folders, central backups, shares on servers or NAS systems, MS SharePoint™ libraries, USB drives, external hard drives, e-mails and Cloud exports (Dropbox™, OneDrive™, etc.).
Encryption means managing the Right-to-Understand
Whether in the office or on the move, users must live and work in a globally encrypted environment. This, without changing their habits or having to deal with new constraints: everything is transparent. Users will consequently apply Organisation’s Global Protection Policy.
Users must also have very simple, user-friendly and intuitive means to strengthen this protection when taking information outside the company perimeter (external emails, work-sharing in the Cloud, etc.).
Encryption means managing the Right-to-Understand.
This right is intended to supplement – but not replace – the various classic rights-based systems (rights on files, network rights, etc.).
The Right-to-Understand must be distinct and independent of the infrastructure. This right is absolute since no loss is permitted. It must be applied end-to-end and seamlessly: only the end-user has the mean (i.e. the key) to access intelligible content.
No third parties (e.g. storage provider, relay, temporary data warehouse, user authority server) should be able to access this content in order not to represent a major and global risk.