Data Lockdown with Imperva’s SecureSphere File Security

Jul 13, 2010

From encrypted passwords to firewalls, a company will expend immeasurable amounts of energy and money to protect its information. Just keeping data safe from outside assaults is an ongoing task, but company outsiders are no longer the only ones who pose a threat. Insiders with unlimited access to sensitive data can cause just as much damage to an organization as a hacker. On July 13, 2010, Imperva, a data security company, aims to mitigate the problems that accompany securing sensitive information with the release of SecureSphere File Security.

This new addition to the SecureSphere Data Security suite was created to provide companies with the ability to monitor and control data access. As Rob Rachwald, director of security strategy for Imperva explains, if a company does not take the proper steps to secure sensitive data, it becomes vulnerable to insider attacks. "Organizations store intellectual property, financial information, customer details, and many other kinds of sensitive business information in files," says Rachwald. "These files are typically stored on shared file systems within organizations, intended for communications, collaboration, and sharing. So, by their very nature, these files are at risk of overexposure and potential access by maliciously inclined insiders unless organizations maintain strict controls."

To alleviate this worry, SecureSphere File Security shows users in real time exactly who is accessing what data. "The way we lock down files is to look at and analyze who has access to these files," says Rachwald. This process is "based on user rights management capability. We look at the files and compare them to HR systems to see which people should be accessing files. We basically try to identify based on ownership who should be looking at files and who should not be looking at files." Thus, if a low-level administrative assistant who usually accesses 20 financial documents a day suddenly starts looking at 10,000 documents, SecureSphere File Security will flag their actions and then alert the proper authorities. "Organizations may have a directory on their file server that contains financial data, and another with HR data, etc.," says Rachwald. "With SecureSphere, you can say ‘everything over there is financial data,' and then you can build policies that say ‘If someone outside the finance group accesses financial data, I want an email alert to that effect.'"

While catching suspicious behavior as it occurs has its advantages, the ability to prevent a data leak from happening in the first place is crucial for successful data management. To achieve this, SecureSphere File Security users can block particular files so only certain employees have access, thus keeping sensitive data safe from tampering. For example, businesses can create "SecureSphere policies that say, in effect, ‘No one outside the Finance Group (as defined by the HR system data) can access financial data,'" explains Rachwald. In addition, in order to manage these policies more efficiently and to avoid any slip-ups, SecureSphere File Security will consolidate data usage information, displaying "alerts, auditing information, and a host of other details in the SecureSphere user interface, which administrators can access via a browser."

These real-time capabilities of Imperva's SecureSphere File Security can not only help a company keep better control of who has access to its data, it can also provide assistance in regard to regulatory policies. Compliance acts such as the Sarbanes-Oxley Act of 2002, or SOX, which requires companies to monitor anyone who has manipulated financial information, or the Plastic Card Security Act (PCI), which demands credit card data be secured, put added pressure on companies.

"Regulators recognize the fact that unstructured data and files are becoming a big target for insiders, and they are looking to lock those down," explains Rachwald. "With respect to reporting, [SecureSphere File Security's] ability to look at all the documents and report on them in real time is a huge service to companies who are under regulatory pressure. You can show what you are doing to lock down data."