SOLUTION BRIEF
• DATA C O N TA I N M E N T S E R I E S – D C S 0 03
Securing Sensitive & Proprietary Information When Outsourcing
OVERVIEW
ACTIVELY MANAGE INFORMATION
SECURITY WHEN OUTSOURCING
• Automate security audits of outsource partners
• Continuously verify security service level agreements
and quickly respond to new and changing
• Identify
threats
written policies into action with real-time control
• Put
over applications, networks, storage devices and printers
But how do you protect information when you aren’t in
control of the physical environment and the individuals
who are accessing it? Prudent companies take a series
of fundamental steps to protect intellectual property and
customer data when outsourcing. These steps include
requiring outsourcers to have adequate physical security,
making sure thorough employee-screening processes are
in place, carefully structuring security-conscious service
level agreements, and conducting security audits, to
name just a few. Yet such measures may not go far enough.
With increasing concerns being voiced by individuals
over protection of their sensitive financial and healthcare
information and the increased sensitivity to allowing
critical information to fall into unfriendly hands, governments are taking more pronounced steps to remove
the discretion that companies historical had and are
mandating strong controls over the tracking and usage
of sensitive and proprietary information.
Reporting
Digital Guardian
Management
Console
Policy Definition
Configuration
Alert Management
User Activity
Data
..........
Regulated companies, such as health and financial services,
must ensure that the outsourcer provides the new standard
of due care in protecting the private information of individuals that is mandated in privacy regulations. Software
and other technology companies must assure shareholders
that their intellectual property, the source of tomorrow’s
shareholder value, is adequately safeguarded from misappropriation. And those in defense related industries must
prevent restricted information from being transferred to
foreign IT workers in order to keep their export licenses.
Customer Site
..........
Globalization is a reality in the information and communication technology marketplace. But as companies
exploit outsourcing, both onshore and off, to cut costs,
access skilled workers and operate more efficiently, they
must develop new security programs to manage the
increased risks that are inherent to sharing proprietary
and confidential information with outsourcers that are
physically and culturally distant.
Rules for
Enforcement
Internet
Mobile Laptop
Office Desktops
Corporate Server
Outsource Development Site
OVERSIGHT FROM ANY DISTANCE
Digital Guardian enables companies to continuously
audit the outsourcer’s compliance with contracted security policies. By mandating the deployment of Digital
Guardian on all servers, desktops and laptops used by
the outsourcer, audit and security managers are able to
see exactly how their company’s information is being
used and by whom.
The system continuously, silently and efficiently records,
in a tamperproof log, high-level user actions related to
the applications, networks, storage devices and printers
that are used to access and communicate files, databases,
source code and other information supplied to the
outsourcer or created by them. A near-real-time record
of all user activity can be queried through a web-based
management console at anytime and from anyplace.
Audit, compliance and security managers responsible
for verifying trusted information sharing relationships
can now have the visibility they require to establish
compliance, identify new risks and trace any incidents
to their source.
Policies can be centrally defined and deployed to the offshore development site from your location and actively
enforced on the remote desktop. A wide range of enforcement options allow you to strike the right balance between
the needs of the outsourcer and your need for security,
including silent alerts, warnings to the user, prompting
the user or blocking the user action.
CONCLUSION
BEYOND BORDERS, BUT NOT YOUR CONTROL
With Digital Guardian your information is never beyond
your control. The point-of-use architecture of the system
allows you to control the applications, networks, printers
and storage devices that are used to access your critical
business information. You can limit data mobility by managing the use of removable storage devices, contain the
loss of proprietary information over networks and prevent
private information from leaking out of both desktop
and enterprise applications.
Digital Guardian offers a compelling value proposition
for companies who have placed proprietary and sensitive
information into the hands of outsourcing partners.
By providing complete visibility and control over how
information assets are used to those ultimately responsible for their safekeeping, an investment in our security
platform largely satisfies both fiduciary obligations for
the security of valuable corporate information as well as
current and future government imposed directives.
With the deployment of Digital Guardian companies will
have the means to hold outsourcing vendors accountable
for the security and confidentiality of information and the
confidence to enter into new outsourcing relationships
with the knowledge that their critical business information
is not beyond their oversight and control.
VERDASYS INFORMATION SECURITY SOLUTIONS
Verdasys delivers information security solutions that
address business-driven requirements for assuring compliance with a broad range of regulatory mandates;
safeguarding the privacy of client and patient records;
and preventing the misuse and theft of intellectual property.
Offering a compelling set of solutions for a wide array
of data containment, global outsourcing and information
protection challenges, the Verdasys Digital Guardian platform offers real-time, autonomous data-level monitoring
and control. In addition to minimizing the information
security risks posed by technologies such as e-mail, IM
and USB drives, Digital Guardian detects and interdicts
violations of information usage policies – thus creating
a corporate culture centered on accountability.
Verdasys clients include Fortune 500 corporations – in
industries ranging from insurance and financial services
to multimedia and pharmaceutical – who are setting
industry benchmarks for information security. To join
them, contact us at [email protected]
Professional Services & Compliance Policy Packs
Risk Visualization
Application
Logging
User Policy
Enforcement
Activity Summaries
Private Data
Redaction
Resource
Management
Forensic Reports
Adaptive
Encryption
Application
Hardening
Monitoring
Control
Digital Guardian Information Security Platform
Packaged & Custom
Applications
Networks, Storage
Devices, Printers, Clipboard
Windows, Linux, Citrix, and MS Terminal Server
Operating Environments
Data Security at the Point of Use
950 Winter Street, Suite 2600 Waltham, MA 02451
781-788-8180 Tel 781-788-8188 Fax
[email protected] www.verdasys.com
© 2004 Verdasys, Inc. All Rights Reserved. Verdasys, the Verdasys logo, Digital Guardian, and the Digital Guardian logo are trademarks of Verdasys, Inc. The content of this
document is subject to change without notice. Microsoft is a registered trademark, and Windows is a trademark of Microsoft Corporation. Other brands and their products
are trademarks or registered trademarks of their respective holders and should be noted as such.
V1 1-17-05