- By Industry
- By Use Case
Managing Regulated Data Can be Daunting
Complying with diverse and expanding regulatory requirements presents major challenges. Whether it’s HIPAA (ePHI), GDPR (EU citizens personal data), or PCI (cardholder data), or NERC-CIP (operational and systems data), regulatory requirements are focused on protecting data.
Do you know what it takes to identify this data throughout your enterprise, classify it accurately, and make sure it’s used appropriately?
Automatically Classify Regulated Data with Digital Guardian
Digital Guardian addresses these issues by automatically spotting and classifying data as it is created, and applying persistent, identifying “tags” to the data. Contextual awareness allows our solution to classify and tag electronic health records, EU citizen personal data, cardholder data, confidential design documents, and other structured or unstructured data. Content inspection classification, meanwhile, enables identification of social security numbers, credit card information, and PHI in files and emails without human intervention.
Protect data in use
Once data is classified and tagged, Digital Guardian monitors data use and enforces corporate policies, even if the data is encrypted, compressed, or saved to a different file format. Policies can prevent unauthorized users, including those with administrative rights to the system, from viewing or modifying regulated data. Our solution can ensure personal data is not used for any purpose besides the original agreement (as required by GDPR). It can also prevent data egress through copying to removable storage devices (as required by PCI-DSS 12.3, NERC-CIP-007 R2 and HIPAA § 164.310).
Safeguard shared data
Sometimes it’s necessary to share information with employees and partners, but without exposing all the data. For instance, PCI-DSS 3.3 requires organizations to mask PAN data when displayed, such that “only personnel with a legitimate business need can see the full PAN.” Another example: ITAR requirements forbid foreign nationals from viewing sensitive components in design documents. Digital Guardian’s “masking” feature supports both use cases, giving users access to the information they need while ensuring compliance with regulations.
Automatically encrypt data
Digital Guardian can automatically encrypt regulated data when moved to a disk or an authorized removable device, or attached to an email in support of GDPR, PCI-DSS 4 and HIPAA § 164.312. Decryption is limited to authorized individuals using devices protected by Digital Guardian.
Are You Ready for Your Next Audit?
Complying with regulatory standards can be difficult — and providing evidence of compliance can be even more so. Evidence must prove written controls are in place, communicated, and enforced, and support nonrepudiation. For GDPR, evidence that you have implemented risk mitigation controls may reduce or eliminate otherwise sizeable fines.
Our solution’s evidentiary-quality audit trails deliver the data needed for GDPR, NERC-CIP, HIPAA, and PCI standards. In fact, they have been used to prosecute data thefts in the United States and Europe, providing proof, chain of custody, and nonrepudiation.
Bloor Research GDPR Report
This analyst report explains what GDPR means for security professionals and the important role a data protection platform can play in enabling compliance.