Management
Securely share sensitive information with
trusted users and applications
The Challenges
4
The Solution
5
Sensitive Information Management Business Scenarios
7
Solution Components
13
Secure Digital Vault Server
13
Secure Access for People
14
Secure File Exchange Portal
14
CyberArk SafeShare for Windows
14
CyberArk SafeShare for Mobile
14
Sensitive Information Management Utilities
15
One-Click File Transfer
15
Export Vault Data
15
Secure E-mail Outlook Add-on
15
Secure Access for Applications
16
Distribution and Collection Automation Engine
16
E-mail Encryption Gateway
16
FTP Connector
16
Vault Software Development Kit (SDK)
16
A Variety of Interfaces
17
In today’s interconnected world, organizations frequently exchange information with their employees, contractors, partners and customers. From sharing financial data between executives and board members to exchanging clinical trial between pharmaceutical companies and contract research organizations, businesses across a variety of industries must share sensitive, regulated data on a daily basis. As IT teams work to facilitate seamless information sharing, they must also consider the security, compliance and operational impact of any enterprise file sharing solution.
Security considerations. When exchanging sensitive information such as financial data, patient health information or intellectual property, it is critical to ensure that this information remains protected from unauthorized access. To avoid the risk of a data breach, organizations should consider the granularity of access controls, encryption strength and monitoring and reporting capabilities.
Compliance considerations. Many organizations must comply with industry regulations that require auditability, accountability, segregation of duties and non-repudiation. If an organization were to fail an audit, it could face strict penalties and hefty fines. Any solution that would be used to share regulated information should offering reporting capabilities to help its customer meet and prove compliance.
Operational considerations. Organizations must consider how much time is
required to setup new users, how reliable the solution is and how much on-going effort is needed to maintain the solution. If a product is difficult to administer, it can dramatically increase the operational burden on the IT team and take time away from more strategic projects. Further, if a solution requires additional components, such as VPNs or leased lines, to improve security, the IT team could end up wasting valuable dollars in its budget.
CyberArk Sensitive Information Management provides a highly secure, scalable platform that facilitates the exchange of sensitive information between users and systems without increasing operational overhead.
Security policies help protect sensitive data from unauthorized access, and these policies can be configured to meet specific compliance requirements. Customizable reporting capabilities help customers easily prove compliance and pass audits. Further, because Sensitive Information Management uses business language in the administrative interface, business owners are able to manage governance policies and access rights without unnecessarily increasing the operational burden on IT.
CyberArk Sensitive
Information Management
provides a highly secure,
scalable platform that
facilitates the exchange
of sensitive information
between users and
systems without
increasing operational
overhead.
The Challenges
Today, the ability to exchange information between users and systems has become a fundamental business
requirement. Information sharing enables users to be more productive, facilitates collaboration among teams, and help organizations deliver better customer experiences. However, as organizations share increasing amounts of sensitive information, they also need to ensure that their files remain safe from compromise.
Traditional file sharing solutions present several challenges and often times require organizations to choose between security and usability.
Common file transfer methods cannot effectively secure
sensitive information. Common file transfer methods, such and Peer-to-Peer (P2P) and File Transfer Protocol (FTP), are highly prone to human error and can expose sensitive data in plain text to the internet. If sensitive or regulated information were exposed via one of these file transfer methods, organizations can face several consequences including regulatory fines, financial losses, brand damage and legal action from those whose data was leaked.
Encryption solutions and Secure FTP are extremely difficult
to manage. Organizations sometimes turn to encryption solutions or Secure FTP to secure the exchange of sensitive data. However, many organizations that have implemented such solutions find it complex, difficult and time-consuming to manage certificates and encryption keys.
Traditional file transfer methods are siloed and create unnecessary IT overhead. Traditional solutions, such as e-mail, Dropbox, P2P, Share Point, FTP and FTP/S, must each be managed
separately. Because there is no central management across these file transfer methods, IT teams often times duplicate efforts while managing multiple disparate systems.
Common file sharing solutions typically have scalability and reliability issues. In many organizations, critical file transfer operations are based on homegrown systems and scripts, mostly using FTP or e-mail as the underlying technology. As organizations grow and requirements become more demanding, these types of solutions often fail to meet business needs. Worse, since FTP and e-mail solutions do not provide data encryption on the FTP server, it is almost impossible to prevent data corruption or leakage.
What should a strategic file transfer solution provide?
Security. Any enterprise file transfer solution must fully protect data in transit and data in storage. It must also offer customizable security policies that support granular access controls, encryption and strong authentication, as well as offer a full audit trail for monitoring and reporting purposes.
Auditability. Organizations in regulated industries should invest in a solution that offers centralized, customizable security policies that can be tailored to meet regulatory requirements and can be uniformly enforced across the enterprise. The file transfer solution should also offer a complete, tamper-proof audit trail that can easily be handed over to auditors to prove compliance and pass audits.
Operational efficiency. Any strategic file transfer solution should enable user productivity and operational efficiency. As such, the solution should facilitate seamless, secure file sharing between internal and external users, as well as offer a flexible and intuitive interface. It should also be highly scalable so that it can meet growing and changing business needs over time. From an administrative perspective, an optimal solution will offer centralized management so that IT teams can manage all internal and external users, manage all file transfers, enforce consistent security policies, monitor access to sensitive information and report on all activities from behind a single pane of glass.
Secure Dropbox alternative Protect intellectual property Enable view-only policies for partners Automate processes Enable secure sharing of files Meet compliance and pass audits
The Solution
CyberArk Sensitive Information Management enables organizations to share, distribute and access data without putting sensitive information at risk. As an enterprise-ready, scalable platform, the solution enables trusted users and applications to securely exchange files, and it delivers a centralized platform from which IT administrators can manage all users and security policies. The platform enables IT teams to report on all file sharing activities, monitor access to sensitive documents, investigate suspicious activity and prove compliance with industry regulations.
Employee/Contractor Partner / Supplier Customer / Client
SHARE
Sensitive documents between usersAUTOMATE
File transfers between applicationsAUDIT
File sharing and access to sensitive documentsFigure 2 – Securely exchange sensitive files internally or externally, manually or automatically
CyberArk Sensitive Information Management is a one-stop shop for all your file transfer needs. Based on CyberArk’s patented Secure Digital Vault technology, the solution delivers military-grade encryption and granular access controls to protect any organization’s most sensitive files. The solution enables customers to exchange sensitive information securely and efficiently, internally and externally, manually or automatically.
Cyber Ark Sensitive Information Management is designed to support any protocol or transfer process and can integrate with any most any new or legacy application. The solution is available on premise or as a cloud service for quicker audit readiness without the need for capital expenditure.
Figure 3 – Simple and easy to access your sensitive information
Sensitive Information Management Business
Scenarios
Scenario 1: Secure user-to-user file transfers
Organizations today frequently exchange information for a variety of reasons. From internal use cases, such as a business sharing sensitive company information with employees around the world, to external use cases, such as a financial institution sharing investment data with their clients, the need for secure file sharing between internal and external users is vast.
The problem is, when business users need to share documents, they typically do so via e-mail. However, the use of e-mail attachments to share sensitive documents creates two main challenges.
First, sending sensitive documents via e-mail increases security risks. If the e-mail is sent unencrypted, it can easily be intercepted and opened by an unauthorized party. Alternatively, the e-mail recipient could forward – intentionally or accidentally – the sensitive document to unauthorized recipients. To protect sensitive documents, organizations should encrypt all sensitive files, and they should ensure that only authorized parties are able to access the files.
Second, from a productivity perspective, e-mail offers no inherent version control of documents. When team members need to collaborate on a document or presentation, it can become difficult to track each team member’s feedback if users are working from different file versions. To improve productivity and make it easier for teams to collaborate, organizations should consider file sharing solutions that offer built-in version control so that users can know, with complete confidence, they are working off a most recent draft.
CyberArk Sensitive Information Management addresses these challenges and more with its state-of-the-art secured environment that facilitates file sharing between internal and external trusted users.
External Users
Business Users
Sensitive Information
Management
Figure 4: Sharing Sensitive Documents with external users – Online Secure Access
The above diagram illustrates the following capabilities:
1. Business groups can collaborate with each external user separately in a completely isolated environment. 2. Built-in version control eliminates multiple files to guarantee that each user is always accessing the most recent
version.
3. Files are securely stored in the Secure Digital Vault, which encrypts all data at rest and in transit. 4. Users are able to receive e-mail notifications about recent file activities.
5. Business users have full control over who has access to their documents.
CyberArk Sensitive Information Management enables organizations to eliminate insecure file transfer methods such as e-mail attachments and Dropbox. Instead, the CyberArk solution offers a secure file repository, complete with military-grade encryption and granular access controls, that can be accessed 24x7 from any device. To aid productivity, users can also receive e-mail alerts when certain files are accessed or updated.
To enforce access controls, CyberArk Sensitive Information Management leverages “Safes,” which are secure, sub-folders within the Secure Digital Vault. Users can be granted access to specific Safes based on their role, and they can grant trusted third party users access to certain Safes when needed. The solution supports a variety of authentication methods, and monitoring and auditing capabilities enable organizations to report on who has accessed what to help prove compliance with applicable regulations.
To ensure the highest levels of security, IT administrators are able to manage Safes, but they are unable to view or access any of the files within them.
Figure 5 – CyberArk’s Secure Data Room - Share files while protecting file content
Granular access controls enable Safe owners to decide which users have what types of access rights. Some users may have complete access, which means they can view, edit and locally save sensitive documents. In many cases, users who have complete file access are trusted internal employees or consultants. Other users, such as business partners or vendors, may only have access to view documents. Figure 5 illustrates the different levels of access privileges each user may be assigned based on the user’s relationship to the company and specific role.
Scenario 2: Mobile application support to facilitate on-the-go file sharing
Businesses are constantly seeking ways to enable their userswhile on the go. With the growth of smartphones, banks, insurance companies, and healthcare organizations have led the trend of “going mobile.” From check images to legal contracts to medical records, CyberArk customers rely on the Sensitive Information Management solution to secure files that are uploaded and downloaded via mobile apps every day.
CyberArk Sensitive Information Management integrates with
homegrown mobile apps and the backend systems that power those apps. In fact, one CyberArk banking customer uses Sensitive Information Management to encrypt mobile check deposit images within the app and then vault the image so that it can later be processed by backend systems. Using Sensitive Information Management for mobile apps, this bank is able to allow its customers to deposit checks directly from their smartphones or tablets without ever having to visit a branch or ATM.
Scenario 3: Share with external users on an ad-hoc basis
Business users occasionally need to share sensitive information with external users with whom they do not have a long-term business relationship. For example, a sales representative may need to send product roadmap information to a prospective customer.
To facilitate this kind of “ad-hoc” information exchange with external users, most organizations use either an FTP server or e-mail. While these file transfer methods can be easy for end users, they also pose security risks.
Whereas in the past organizations were typically forced to trade security for end user convenience, that is no longer the case today. CyberArk Sensitive Information Management enables end users to quickly, easily exchange files with internal and external users without compromising security.
With CyberArk Sensitive Information Management, business users can be empowered to grant one-click access to a dedicated Safe to external parties without having to consult first with IT. External users can self-enroll in the highly
on an ad-hoc basis. Because these files are subject to the same strong encryption, authentication, access controls and monitoring as other files, the IT team can rest easy knowing that the files will remain secure and all activities will remain fully auditable.
External User A
Business User
1
2
3
Figure 7: “One Click Enrollment”
The above diagram shows the following process:
1. The business user enrolls a new external user, and CyberArk Sensitive Information Management automatically sends an e-mail invitation to the external user.
2. The external user receives the e-mail invitation and completes a simple registration form. 3. Both parties can now exchange files securely.
4. The business user can add restrictions for the exchanged files.
The “restrictions” feature enables files to appear to external parties in a way that is difficult to save or copy. One example of a restriction is read-only access, which can convert any file to a pdf, watermark it and stamp it with the viewer’s contact details. CyberArk also offers the option to convert an entire file to a series of images, making it difficult to copy information from the file.
Scenario 4: Replace existing FTP-based or homegrown file transfer infrastructure
Traditional FTP servers, which are commonly used by organizations, introduce unnecessary security risks and manageability issues.Because FTP servers typically reside in the DMZ, they are accessible from both the internal network and the open Internet by end-users, scripts and systems. While this setup is necessary to facilitate file sharing internally and externally, exposing the FTP server – and consequently all the data that is transferred through it – to the Internet, makes sensitive files highly vulnerable to unauthorized access. Further, because FTP servers require manual effort and management by IT teams, they can generate high operational costs.
In contrast with typical FTP-based solutions, CyberArk Sensitive Information Management is a highly secure
intermediate file repository that provides encryption, access control, authentication, auditability and many other security layers. These added security layers drastically improve the security of files in transit and in storage, and they help mitigate the risk of unauthorized access.
The CyberArk Sensitive Information Management platform offers a variety of user, system and application interfaces to provide the greatest amount of flexibility and facilitate both manual and automatic file transfers. By automating file transfers, IT teams can significantly reduce the amount of time and effort needed to manage file sharing processes and instead focus their efforts on projects that are strategic to the business.
CyberArk’s solution meets PCI DSS requirements by encrypting all data in storage and in transit.
No more unencrypted information on FTP Servers
All sensitive information is stored securely in the Secure Digital Vault
CyberArk Sensitive Information Management centralizes the management of all file transfers to significantly reduce the IT burden and deliver a rapid return on investment. The solution improves the reliability of file transfers, and it mitigates the risk of data loss by preventing external, unauthorized users from accessing the solution via the Internet.
Internal Network DMZ My Enterprise 1 2 3 4 AS/400 & Legacy Scripts SFTP/FTP/FTPS Connector SFTP/FTP/FTPS Connector Digital Vault Internet Business Partner A Legacy Scripts @ Business Partner B FTP Server @ Business Partner C Business Partner # 100,000 X
Figure 8: Automated file transfers to external users - replacing FTP servers
The diagram above shows the following benefits:
1. Seamless back-office integration – SFTP/FTP/FTPS /SCP:
Full automation
No need to maintain legacy scripting
Data in the DMZ is always secure and encrypted; no decryption takes place in the DMZ 2. No change to the file transfer process for external end users.
External parties can still use legacy scripts by using the standard Protocol Proxy (a.k.a “CyberArk Connector”)
External parties can still access files via their legacy FTP/SFTP/FTPS servers.
3. Enterprise scalability and integration make the solution future-ready. Users and applications can easily be added and scaled up over time.
Same infrastructure can be used for to support internal and external users and processes
The solution was purposely designed to support thousands of users and projects
CyberArk’s Automated Process Manager and the Distribution and Collection Agent enable organizations to
automatically transfers files between the Secure Digital Vault and remote servers. Automated Process Manager can be used to automatically transfer files within a customer’s environment, as well as facilitate vault-to-vault transfers. Alternatively, the Distribution and Collection Agent offers the ability to automatically push or pull files from FTP, SFTP or legacy backend servers within a business partner’s environment.
Scenario 5: Transform manual file transfer processes into automated ones
Using the architecture discussed above, organizations can automate business processes that have traditionally been manual. For example, organizations that understand the risks of insecure electronic file transfers tend to rely on CDs and courier services. Instead of risking electronic file transfers, users tend to burn highly sensitive files to CDs and then share the CD with authorized parties. While this avoids the risks of electronic file transfers, it is manual,time-consuming and costly, and couriers cannot guarantee the security of the CD.
With Sensitive Information Management, however, organizations can gain confidence that their most sensitive data is safe from unauthorized access while simultaneously increasing user productivity and improving operational
Solution Components
Digital Vault Server
Integration to Corporate Antivirus & Content Filtering
Secure access for people
Secure access for applications and automated processes
Employees
Applications
and Systems
Vault-to-Vault
FTP/SFTP Connector Email Encryption Gateway SDK/API Distribution & Collection
Automation Engine Gateways Billing FTP Legacy Applications CRM iPad Browser Outlook
Figure 9 –CyberArk Sensitive Information Management Components
Secure Digital Vault Server
The Secure Digital Vault provides a ‘Safe Haven’ where all of an organization’s sensitive files can be securely archived, transferred and shared by authorized internal and external users in local and remote locations.
At the heart of the Secure Digital Vault are multiple security layers such as a firewall, VPN, authentication, access control and encryption. These components help ensure that the Secure Digital Vault is most secure solution available for enterprise file sharing and storage.
The Secure Digital Vault is a plug-and-play solution that requires minimum effort to set up, and it can be fully operational within a short period of time. Users can access and manage the Secure Digital Vault through a variety of interfaces, including via a client, web browser or iPad app, and the solution offers enterprise scalability and reliability, complete with Disaster Recovery and High Availability.
Non Repudiation & Data Integrity. All data between the Secure Digital Vault and any CyberArk client is encrypted with AES-256 encryption. The initial key exchange occurs during authentication using the Secure Remote Password (SRP) protocol. The SRP protocol creates a secure session between two parties, and it prevents session hijacking and renders active network attacks, such as man-in-the-middle attacks, impossible. Data integrity is assured using Secure Hash Algorithm (SHA1).
Encryption. The Secure Digital Vault leverages a built-in hierarchical encryption structure that uniquely encrypts each file, file version, Safe, and Vault. Each of these objects has a different, randomly generated encryption key. Combined, this hierarchical encryption structure enables CyberArk to provide stronger security by protecting files at all levels.
At the base of the encryption hierarchy: Each time a file is accessed, only the Client knows the File Key of that particular file version. Even if this key is somehow compromised, it can only be used with this particular file version, leaving the full structure of the Safe unharmed.
At the top end: At the top of the encryption hierarchy stands the Server Key, which can be physically removed once the Server has started. As a result, even if the server is stolen, the thief will be unable to access any important information. When required, the Server Key can be further protected and be stored on an HSM device.
The default encryption methods used by the CyberArk Secure Digital Vault are AES-256 and RSA-2048.
Secure Access for People
Secure File Exchange Portal
The Secure File Exchange (SFE) Portal is a web-based end user interface through which authorized users can share and receive files. The SFE Portal enables
organizations to manage file transfer processes in a secure and controlled environment, and it offers secure, self-service password reset functionality for when users forget their credentials.
CyberArk SafeShare for Windows
CyberArk SafeShare, a secure file client, is a standard Windows application that serves as the administrative client for the Secure Digital Vault. CyberArk SafeShare can be installed on any number of Windows devices, and it can access the Secure Digital Vault via a LAN, WAN or the Internet.
To grant access to the Secure Digital Vault, the administrator must first define authorized Users. A Vault Network Area Administrator must then define the IP address or IP mask of the device on which the secure file client will be installed within the Vault’s Network Area. The User must then authenticate to the Vault before being allowed access.
The CyberArk Secure Digital Vault supports a variety of authentication methods, such as passwords, physical keys, and certificates, to ensure the highest levels of security
The Secure File Client can also be installed using ActiveX. The Web interface simplifies distribution and installation of the client in large organizations and permits easy access to the Secure Digital Vault from mobile devices.
Each command, request, file transfer and user configuration is encrypted to ensure maximum protection for data at all times.
CyberArk SafeShare for Mobile
The CyberArk SafeShare iPad App enables users to securely and easily access Safes, files and passwords in the Secure Digital Vault directly from their tablets. Through the native app, users can read and share files with other users via a secure e-mail link. Users also have the ability to view files in read-only mode
while offline. Users can download the CyberArk SafeShare App to their iPad from the iTunes App Store.
Sensitive Information Management Utilities
One-Click File Transfer
CyberArk’s One-Click File Transfer is an end-user utility that transfers files between the CyberArk Secure Digital Vault and a standard file system in accordance with predefined settings. Files can be uploaded to the Secure Digital Vault from the local file server, or they can be downloaded to the local file server from the Secure Digital Vault. As a utility, One-Click File Transfer does not require installation, which eliminated the need for administrator permissions or assistance. An intuitive GUI interface leads end-users through a simple service configuration and enables users to begin working immediately. Users can predefine the files to transfer or select them on-demand. File transfers can be carried out manually or automatically in accordance within a preset schedule.
Export Vault Data
The Export Vault Data utility enables IT teams to export information about activity in the Secure Digital Vault to either a text file or an MSSQL database outside of the CyberArk environment.
Secure E-mail Outlook Add-on
CyberArk’s Secure E-mail solution enables users to send and receive files in a controlled and secure manner, reducing the size of e-mail
attachments and enabling organizations to enforce policies regarding the sharing of sensitive information and extremely large files.
This solution integrates with Microsoft Outlook, enabling users to send e-mail messages and attachments of any size using an application they are familiar with, from their own workstation, quickly and conveniently. CyberArk Sensitive Information Management offloads the attached files from the e-mail then stores and encrypts them in the CyberArk Secure Digital Vault. From there, recipients can access the files according to
predefined authorizations. Centralized configuration reduces management overhead and increases efficiency.
Enterprise policies for e-mails can be enforced for different users and purposes, depending on specific standards and requirements.
The standard Secure Digital Vault tracking feature provides a full audit trail that indicates who has accessed secure e-mails and their attachments. This provides complete visibility into has accessed what, and it enables organizations to meet company policies, security requirements and compliance standards.
CyberArk’s Secure E-mail solution integrates with content scanning tools so that any attachment sent over secure e-mail can be scanned and validated before it is sent or retrieved.
Secure Access for Applications
Distribution and Collection Automation Engine
The CyberArk Distribution and Collection Automation Engine is a file transfer management system that supports crucial business operations by enabling organizations to securely and reliably transfer data internally and with partners, suppliers and customers.
The Distribution and Collection Automation Engine also includes a Scan Engine component that enables organizations to validate all incoming and outgoing files and e-mails in the Secure Digital Vault. The Scan Engine can be integrated with various products, such as anti-virus or other types of content filtering products, to ensure that all files sent or received through the Secure Digital Vault comply with enterprise security policies.
E-mail Encryption Gateway
Send secure e-mails from any e-mail platform without installing extra software. CyberArk’s SMTP Encryption gateway can manually or automatically encrypt any e-mail. To manually encrypt files, users must type a unique identifier in the subject line. Alternatively, any message that contains sensitive content as defined with a DLP solution, such as social security or credit cards numbers, can be automatically encrypted the instant the file is transferred.
FTP Connector
The FTP Connector enables users to access Vaults transparently using FTP protocols such as FTP, SFTP, FTPS or SCP. The connector can be installed within an organization’s internal network for backend processing or within the DMZ to allow access by external users or applications.
Vault Software Development Kit (SDK)
The CyberArk Vault SDK provides an interface to Vault objects and can be used to develop custom solutions that work with the Vault. CyberArk provides a variety of SDKs such as Command Line Interface, .Net API, Web Services API and REST API.
A Variety of Interfaces
Parameter Secure File Exchange Portal One-Click File Transfer CyberArk SafeShare for Mobile Secure File Client Distribution & Collection Automation Engine FTP Connector B2B & Integration SDK Secure E-mail Manager Business Need Manage filetransfer processes in a secure and controlled environment; provide an intuitive end user interface for file sharing
Direct, secure file transfer using predefined settings Securely and easily access Safes, files, or passwords from an online or offline tablet. Vault administration and seamless Office integration Automatic, system-to-system file transfer and management that enables reliable and secure data transfer Replace unsecure FTP processes while ensuring business continuity Develop custom applications and integrate with other systems Business departments send and receive sensitive business information via e-mail Secure Self password reset Yes No Yes No No No No No User License Type Secure user license Secure user license Secure user license + SafeShare Mobile Application Licenses Secure user license Secure user license + DCA license Secure user license + FTP Connector license Secure user license + CyberArk SIM SDK Secure Client User License Supported Protocols
Https Vault Protocol Https Vault Protocol Vault Protocol, FTP, SFTP
FTP, FTPS, SFTP, SCP
Vault Protocol Vault Protocol, SMTP
Communication Port
Any Port Any Port Any Port Any Port Any Port Any Port Any Port Any Port
Requires installation?
No (100% web application)
No Yes, from the App Store
Yes Yes No No No – for the E-mail Encryption Gateway. Yes – for the Secure E-mail Outlook Add-On (no administrative rights required) File Transfer Type Manual and Ad-hoc Manual (and can be scheduled) Manual and ad-hoc
Manual Automatic Manual and Automatic
Manual and Automatic
Manual and Automatic
Overall Benefits
CyberArk Sensitive Information Management provides a complete and proven solution for organizations to share, distribute and access date while protecting your most sensitive assets. CyberArk Sensitive Information Management enables organizations to:
Reduce security risk. At the core of the solution is CyberArk’s patented Secure Digital Vault technology, which provides the highest levels of security and ensures the confidentiality of an organization’s most sensitive information. CyberArk Sensitive Information Management maintains strict security policies, securely stores tamper-proof audit logs and prevents unauthorized personnel, including IT administrators, from accessing sensitive data. With the highest levels of security and military-grade encryption, Sensitive Information Management dramatically reduces the risk of sensitive information being exposed to unauthorized, potentially malicious, parties.
Comply with industry and regulatory standards. Built-in segregation of duties and robust auditing and reporting mechanisms address a variety of compliance issues related to regulations such as PCI, SOX, HIPAA and others.
Reduce operational costs. CyberArk Sensitive Information Management eliminates the need for IT teams to maintain scripts and monitor cumbersome file transfer processes based on FTP and other homegrown solutions. This
centralized solution reduces the management burden on the IT team, enabling them to improve efficiencies, reduce operational costs and focus their efforts on projects that are strategic to the business. The solution also provides an easy way to enable external user connectivity and offers users the ability to reset their own passwords with increasing the burden on the IT help desk.
Integrate with existing infrastructure and backend systems. CyberArk Sensitive Information Management can easily integrate with backend systems that process incoming files and produce files to be sent to external users. These integrations enable seamless communication between disparate existing systems, and add layered security to the file transfer process. The solution can easily integrate with commonly used infrastructure and security products such as LDAP servers, SSO, backup solutions, SAN/NAS, anti-virus, DLP, and more.
Support large file transfers. CyberArk Sensitive Information Management enables users to transfer large files in manual or automatic mode, manages queues of personal transfers, and can resume and recover failed transfers all without any file size limitation.
Enable secure business processes. Cyber Ark Sensitive Information Management streamlines business processes through its highly secure file transfer platform. The reliable, scalable solution assures the delivery of files to their proper destinations, provides 24x7 worldwide access and can scale up as your business grows.
Scale with changing business needs. CyberArk Sensitive Information Management centralizes the management of file transfers, security policies and reporting. The solution’s ability to support any type or size of file transfer enables organizations to address not only today’s file transfer needs but it also enables customers to grow their use of the system in the future. With enterprise-class reliability and scalability, complete with high-availability and disaster recovery, Sensitive Information Management is a true strategic solution for any type of organization.
