Data Confidentiality Management
For greater protection of sensitive data against loss, theft, disclosure and economic espionage, PRIM’X introduce a new way of integrating encryption within an organisation.
Information is considered a company asset; data is both everywhere and widely disseminated. Classifying a company’s information is a difficult task, and its actual value is not that attributed to it, rather that which an enemy would give it.
For these reasons, a global policy must be adopted:
Encrypt everything, everywhere, and always
The encryption products available on the market are often very partial and quite complex to handle, while PRIM’X’s vision for encryption is that it must be all embracing, simple & transparent, automatic and security policy-driven.
End-to-End Global Protection
When thousands of users – often on the move – are involved, and dozens of terabytes at stake, security cannot merely be left to the discretion of users, no matter how experienced they may be, and must not be limited to simply protecting against the outside world (e.g. the loss or theft of a mobile device).
It must enable internal segregation (via the “Need to Know” rule) and offer End-to-End Global Protection, covering anything from local files and folders to central backups, shares on servers or NAS systems to MS SharePoint™ libraries, USB drives or external hard drives to e-mails and Cloud exports (Dropbox™, OneDrive™, etc.).
Encryption means managing the right to understand
Whether in the office or on the move, users must live and work in a globally encrypted environment, without changing their habits or having to deal with new constraints (everything is transparent), and thus apply their organisation’s global protection policy. They must also have very simple, user-friendly and intuitive means to strengthen this protection when they have to take information outside the company perimeter (external emails, work sharing in the Cloud, etc.).
Encryption means managing the Right to Understand.
This right is intended to supplement – but not replace – the various classic rights-based systems (rights on files, network rights, etc.) that manage and control the physical entity which carries the information, the file and its medium.
The Right to Understand must be separate from, and independent of, the infrastructure. It is absolute, since no loss is permitted. It must be applied end to end and seamlessly: only the end user has the means (i.e. the key) to access readable content; no third parties (storage providers, relays, temporary data warehouses, user authority servers) must be able to access this content without themselves representing a major – and global – risk.