The heart of Digital Guardian’s core EIP platform is driven by a powerful data discovery, classification and encryption engine. These unique capabilities are combined to create the core portion of the cloud computing offering.
Classification: Through multilevel classification, CloudTrust delivers actionable data taxonomies that define the sensitivity of any type of file without the need for context of the network, user or file content. This highly flexible document tagging capability includes persistence (the ability to maintain a tag through the lifecycle of the file), and classification inheritance (meaning the ability to have a tag move from one file to another when any content is moved out of the original classified file and into a new file). Classification is assigned when the document is being created on the network, at rest on the network or when a file is being created in a cloud computing environment. Classification is recognized by all Digital Guardian Agents and appropriate data governance policies are then implemented.
Unified Encryption Controls are fully integrated into the Digital Guardian platform and are fully automated and policy driven. Digital Guardian’s patented encryption includes a self-contained key management system and 256-AES strong encryption. File Encryption and decryption is driven by data classification and user identity. Unlike folder based encryption solutions, Digital Guardian’s file level encryption controls are automated and transparent to the user. This eliminates the end user action requirement and supports a streamlined and more efficient business process for cloud computing platforms.
When sensitive data is moved to a cloud environment, it is recognized by a Digital Guardian Agent and proper controls are applied. Controls include letting the file move to the cloud, preventing the file from moving to the cloud, or encrypting the file before it is moved to the cloud. A complete audit record is kept of all files moving to the cloud and what controls were enforced. The file, in its encrypted form is stored in the cloud until it is accessed by a user. Decryption of that file only occurs if the user has been properly authenticated and has proper access to the file. A Digital Guardian Agent (host or remote depending on the location of the user) will drive the process of granting access to the user and auditing the transaction.
