PROTECTING DATA IN VIRTUAL ENVIRONMENTS
THE CHALLENGE
While virtual environments can control network access for mobile users and third-party partners, data risks remain. Many traditional security technologies cannot effectively operate in virtual environments and are therefore blind to user activities and data misuse, including attempts to access other sensitive systems. This limitations increases the risk of loss or compromise of all sensitive data types, including IP, trade secrets, PII, PHI, and confidential company data on shared network stores.
As a result, companies migrating to virtual systems must often sacrifice their ability to understand data risk factors and rely solely on compensating controls in those environments. This leads to security challenges such as:
- Securing data egress points in virtual environments
- Securing user data within redirected “home folders” between virtual sessions
- Tracking data distribution and use for compliance audits
Effective data-centric policy enforcement requires a technology solution that answers three questions in both physical and virtual environments:
- How sensitive is the data or application?
- Who is accessing that data or application?
- What is the user authorized to do with the data or application?
Advanced Data Protection in Physical and Virtual Environments
Digital Guardian is a proven data protection platform that enhances the security features of Virtual Desktop Infrastructure (VDI) to include policy-based data access and controls. Digital Guardian classifies data accurately, then audits and enforce policies equally in physical or virtual environments. This allows organizations to consistently monitor and govern sensitive data transfers between internal and mobile users, outsourced workforces, third-party collaborators, and system administrators.
Digital Guardian operates in physical and virtual systems independent of the network. This allows administrators to monitor data usage and risk continuously, and apply role-based policies for individual users at the point of use, including network access and control. Digital Guardian enables large enterprises to adopt VDI consumerization and cloud technologies while ensuring that their IP and confidential data remain protected throughout business processes. Regardless of whether running in a virtual or physical environment, on or offline, the Digital Guardian platform:
Enforcing User-Based Policies in Dynamic VDI Enviroments
Digital Guardian endpoint agents can be embedded in linked VDI clones generated from a gold image. Users are identified at login by Digital Guardian, which dynamically enforce their user-specific data policies and correctly attribute all transactions during sessions. When a user creates new content in the VDI, agents automatically classify and tag the data appropriately.
Securing User Data in Ridrected Home Folders
Digital Guardian maintains the security of sensitive data redirected to a user’s home folder that is stored on network shares between dynamic VDI and application virtualization sessions. Digital Guardian ensures that personal and proprietary data is not exposed during redirection or storage by automatically encrypting relevant files when a session ends.
Digital Guardian’s identity-based encryption model ensures that only those with appropriate rights can access files in a user’s home directory. This protects data while still allowing privileged administrators to access the directory itself for routine maintenance and backups.
Securing Data on Mobile Devices
Many companies allow the use of mobile devices such as iPadsTM to access corporate data and applications, but struggle to enforce data policies on these devices.
When a VDI session is accessed via a mobile device, Digital Guardian is capable of controlling and auditing all data usage within the VDI session.
Managing Data Egress
Digital Guardian audits and controls the use of sensitive data across all endpoint egress channels and maintains user- and session-attributable event forensics: