Fasoo data security framework helps organizations to facilitate and enhance their information security framework based on a data-centric security model with people-centric policies in multi-layered approaches in complex and ever-diversifying enterprise IT environment.
Data-centric security model
In a new security framework, organizations should apply a security policy to data itself rather than controlling access to networks and systems. Within organizations, unstructured data causes lots of security issues since it is constantly being created and used by many different users, travels and is stored in multiple locations while structured data is generally stored and managed in secure environments. Therefore, it is not easy to design a security model for data, unstructured data. Organizations should incorporate a security policy not only to data at rest or in transit, but also in use. Fasoo data security framework allows organizations to protect, control and trace their data based on a data-centric security model no matter where it actually resides. This enables organizations to implement effective file-level security policies and granular permission control for all data types and along its lifecycle.
People-centric policy
A security policy on data should maintain a balance between security and productivity to allow users to perform business operations without interruptions since access to data occurs on multiple devices by different users throughout its lifecycle. This is why security policy on data should be people-centric. The policy should be flexible and dynamically enforceable based on rich context including content, user, device, time, location, etc. Even though a flexible policy is in place, organizations need to allow
exceptions to minimize productivity issues. Data security policies are constantly challenged by the unpredictable nature of data usage in a business environment. Fasoo data security framework supports the dynamic binding of policy with rich context and allows exception on-demand or through approval. The framework offers a unique methodology to adjust and optimize existing security policies by analyzing variation of exception ratios among groups.
Multi-layered approach
A security framework that has data-centric security model with people-centric policy may not be secure enough if it has only a single layer of policy enforcement. The reasons are that exceptions are inevitable in a dynamic business environment, and exclusions can be easily found in real implementations. Exceptions are a temporary deviation from policy, and exclusions are an exemption from applying security policy. Fasoo data security framework consists of a three-tiered suite of solutions to strengthen information security. Fasoo Enterprise DRM (FED) suite plays a pivotal role to enforce security policy on data among three layers of data protection. At the front-end, Fasoo eData Manager discovers and classifies the data, re-assure to apply policy to the data unprotected due to policy exceptions and exclusions. At the back-end, Fasoo RiskView enables organizations to manage risks holistically by collecting and analyzing logs of data usage and various sources that can be useful. Multi-layered approach enhances and completes security level of the framework.
Fasoo data security framework is ideal for a diversified collaboration environment in the cloud and mobile, effective for insider threat management and as a last resort against possible APT.
Needs for New Security Framework
Fasoo Data Security Framework
The Fasoo data security framework helps organizations tofacilitate and enhance their information security framework based on a data-centric security model with people-centric policies in multi-layered approaches in complex and ever-diversifying enterprise IT environments.
Data-centric security model
In a new security framework, organizations should apply a security policy to data itself rather than controlling access to networks and systems. Within organizations, unstructured data causes lots of security issues since it is constantly being created and used by many different users, moved and stored in multiple locations while structured data is generally stored and managed in secure environments. Therefore, it is not easy to design a security model for data, unstructured data. Organizations should incorporate a security policy not only for data at rest or in transit, but also in use. The Fasoo data security framework allows organizations to protect, control and trace their data based on a data-centric security model no matter where it actually resides. This enables organizations
to implement effective file-level security policies and granular permission control for all data types and along its lifecycle.
People-centric policy
A security policy on data should maintain a balance between security and productivity to allow users to perform business operations without interruption since access to data occurs on multiple devices by different users throughout its lifecycle. This is why security policy on data should be people-centric. The policy should be flexible and dynamically enforceable based on rich context including content, user, device, time, location, etc. Even though a flexible policy is in place, organizations need to allow
exceptions to minimize productivity issues. Data security policies are constantly challenged by the unpredictable nature of data usage in a business environment. The Fasoo data security framework supports dynamic binding of policy with rich context and allows exception on-demand or through approval. The framework offers a unique methodology to adjust and optimize existing security policies by analyzing variation of exception ratios among groups.
Multi-layered approach
A security framework that has a data-centric security model with people-centric policy may not be secure enough if it has only a single layer of policy enforcement. The reasons are that exceptions are inevitable in a dynamic business environment, and exclusions can be easily found in real implementations. Exceptions are a temporary deviation from policy, and exclusions are an exemption from applying security policy. The Fasoo data security framework consists of a three-tiered suite of solutions to strengthen information security. The Fasoo Enterprise DRM (FED) suite plays a pivotal role to enforce security policy on data among three layers of data protection. At the front-end, Fasoo eData Manager discovers and classifies the data, reapply policy to the data unprotected due to policy exceptions and exclusions. At the back-end, Fasoo RiskView enables organizations to manage risks holistically by collecting and analyzing logs of data usage and various sources that can be useful. This multi-layered approach enhances and completes an organziation’s security framework.
The Fasoo data security framework is ideal for a diversified collaboration environment in cloud and mobile, effective for insider threat management and a last resort against possible APT.
Needs for New Security Framework
Fasoo Data Security Framework
Significant data breach related news is continuously makingheadlines, and organizations involved in such breaches have suffered irreplaceable loss of intellectual property, losing customer and business partner trust, incurring considerable fines, decreasing revenue or profit or dropping in share prices. Although most organizations are constantly investing their time and efforts in information security, security related issues are happening repeatedly, and threats remain as substantial risks to organizations.
In today’s rapidly changing IT environment, an information security model that emerged in the early days of the Internet does not work as well as it used to. Conventional approaches have been based on the belief that information security is all about protecting network and system boundaries. However, as cloud computing and mobility are blurring the boundaries of an enterprise, defining the boundaries of a corporate network has become difficult or even meaningless. This disruptive change in the IT landscape is one of important reasons why a new security framework is required. Another reason for a new framework is to confront increasing insider threats. Traditionally, insider threat management was always on the top of the priority list for many organizations’ general security practices, but it has been often ignored in information security, relying on security guidelines and regulations without proper technical measures.
There have been some technical measures to prevent insider threats, but most fail to mitigate insider threats. For example, enhanced perimeter based solutions like data loss prevention have been unable to stop data leaks by insiders who have gained access to the data through legitimate business activities. To be effective against insider threats, organizations are seeking a new approach and framework that is capable of enforcing persistent security policy on data, as well as the traditional security practices that include user training and background check.
In addition to cloud, mobile and insider threats, advanced persistent threat (APT) has become the latest concern of CISOs. As cyber-attacks are constantly diversifying and evolving, it has become a complicated game of cat-and-mouse, and often times hackers are one step ahead in the game. There have been many efforts to detect and mitigate APT. However, it has been difficult to prevent and detect APT even after penetration, leaving organizations vulnerable to data breaches. In fact, organizations should implement a security framework that assumes your network will be penetrated, your systems infected by malware, and your data stolen. Cloud and mobile computing, insider threat and APT are forcing organizations to review and re-shape existing security frameworks to overcome challenging security issues and prevent data breaches.
Fasoo Data Security Solutions
Other Systems
Fasoo data security solutions enable organizations to implement a data-centric security model, people-centric policy and multi-layered approach.Fasoo eData Manager helps organizations discover its unstructured data residing on endpoint devices and in repositories, and then classify and protect data using FED or simple data encryption according to the organizations’ security policies. Fasoo eData Manager enables organizations to:
• Discover data residing on endpoint devices and in repositories • Classify data based on content patterns defined by regular expressions • Protect data using FED policy or simple data encryption
• Generate various reports required by regulations and compliance for data governance
Based on the organizations’ confidentiality requirements, the FED suite controls who can access data on what device, when, and in what context. FED also allows organizations to track both authorized and unauthorized access to data, send alerts where necessary, and respond to data security triggers to prevent a possible data breach. Organizations can review security policies by analyzing exceptionally authorized access to data, and optimize them by comparing (minimizing) variation of the exception ratio among groups. Fasoo Enterprise DRM enables organizations to:
• Provide persistent data security throughout its entire lifecycle
• Enable cross-platform and multi-device support with extensive application coverage • Restrict unauthorized copy and paste attempts of protected content
• Prevent unauthorized screen capture attempts while protected documents are in use • Enforce the policy of protected documents on its derivative files
• Limit file access using validity time/period or device ID • Revoke access of protected documents when required
• Leverage existing repository ACLs by integrating with backend systems • Enforce policy when data is being created on PCs
• Authenticate unmanaged external users efficiently using email validation • Provide innovative methodologies for security policy optimization
Fasoo RiskView offers visualization of risks based on correlation modeling by comparing logs of authorized data usage and various sources that can be useful. Fasoo RiskView enables organizations to:
• Collect logs of FED, Fasoo eData Manager and other various systems • Analyze statistics of retention and usage of sensitive data
• Define a risk index based on multiple data breach related scenarios • Visualize a risk index of users and groups
Enterprise Digital Rights Management (EDRM) is the most advanced file-based security solution that allows organizations to protect, control and track sensitive documents containing intellectual property, trade secrets, personally identifiable information, and more. In contrast with conventional security solutions that protect information at the network or system level, EDRM protects information itself persistently while it is stored, being used, being transmitted, and even after transmission throughout the entire document lifecycle.
EDRM is the only effective solution against document leaks by authorized insiders and malicious outsiders. With EDRM, organizations can safely share confidential documents internally and externally, liberating their business without any concern about unintended information loss.
Enterprise Digital Rights Management
Fasoo EDRM enables organizations to protect documents persistently on any device at any time throughout the entire document lifecycle. It protects almost any document format, including ordinary office documents, graphics, images and engineering drawings. Fasoo EDRM is not limited to the PC platform as it is also available on mobile devices such as the iPhone, iPad and Android devices. For each document, Fasoo EDRM can control granular permissions such as view, edit, print, print watermark, screen watermark and screen capture. Further constraints can be imposed, such as the number of devices, valid access period and number of times a user can access the document. Fasoo EDRM can meet the various security requirements of the different stages in the document lifecycle.
Advantages of Fasoo EDRM
Enterprises have deployed lots of application systems to share documents internally. Documents, however, become out of control and vulnerable to loss once downloaded or checked out from application systems such as ECM, ERP,
SCM, CRM, PLM, EHR and more. Fasoo EDRM can easily
integrate with existing systems to protect downloaded content. It is also equipped with a patented email-based authentication technology to protect documents shared externally with partners or customers. Even documents created and used on PCs and mobile devices can be secured by Fasoo EDRM before they are shared internally. Printouts and screens can be overlaid with dynamic watermarks. They help to trace the source of a potential data breach and make users more cautious about handling their printouts and taking pictures of their screens.
Fasoo has transformed EDRM to set security policy automatically according to the content of document. This enhanced capability makes it smarter and easier to use. The policy can be adjusted without user intervention based on access time, device location and document usage history. This context-aware feature makes EDRM more secure without impacting usability and lessens the administrative burden significantly. By collecting and analyzing log data intelligently in real time, Fasoo EDRM can assess and optimize security policies to balance security and productivity, while alerting administrators to irregular or unusual user activities. Fasoo EDRM has become a core security infrastructure component for organizations and seamlessly integrates with the disruptive changes in enterprise IT environments.
Encrypt and control your sensitive data
with Fasoo Enterprise DRM
PC Server Mobile Cloud Email Printer
We Secure Your Data
• Proven to scale within some of the largest enterprise environments in the world
• Breadth of solutions with ability to handle various enterprise requirements with 15+ years of EDRM focus • Flexible data protection policy and authentication models designed to cover full document lifecycle • Cross-platform and multi-device support with extensive application coverage
• Innovative security policy optimization
Sharing and Collaborating Internally
Fasoo Secure Node (FSN)
Secure, control and track sensitive documents created and used on endpoints
Fasoo Secure Document (FSD)
Secure, control and track downloaded documents beyond the controlled boundaries of content repositories
Collaborating with Partners & Customers
Fasoo Secure Exchange (FSE)
Secure, control and track sensitive documents shared with external users
Sharing Files to Your Mobile Device
Fasoo Mobile Solution
Secure your data on mobile platforms, not your device
Monitor and Analyze Your Data
Fasoo Usage Tracer
Monitor and analyze user/file activities, and optimize
existing security policies
Printing and Displaying Your Files
Fasoo Secure Print (FSP)
Trace printing activities and deter information leaks through printouts
Fasoo ePrint
Reinforce print security and help reduce costs Fasoo Secure Screen (FSS)
Prevent and deter security breaches through your screen
Extend Security Perimeter of Your ECM
Fasoo Secure Document for IBM ECM
Secure, control and track documents beyond the controlled boundaries of IBM ECM
Fasoo Secure Document for SharePoint Secure, control and track documents beyond the controlled boundaries of Microsoft SharePoint
Key Differentiators of Fasoo EDRM
Address:
197 State Route 18 South East Brunswick, NJ 08816 Contact Information: Phone: (408) 389-3097 (732) 253-5312 E-mail: [email protected] Web: www.fasoo.com
Fasoo has been successfully building its worldwide reputation as an enterprise DRM (Digital Rights Management also known as information rights management, IRM) solution provider with industry leading solutions and services. Fasoo solutions allow organizations to prevent unintended information disclosure or exposure, ensure a secure information-sharing environment, better manage workflows and simplify secure collaboration internally and externally. Fasoo has successfully retained its leadership in data security by deploying solutions for more than
1,200 organizations in enterprise-wide level, securing more than 2.5 million users. As the leader within the digital rights
management industry providing various data-centric solutions, Fasoo continues to expand in new business areas to provide you with complete data security.
