breach prevention

Keeping Private Data Private

As of March 2018, when Alabama enacted a data breach notification law, all 50 states have data breach notification laws on the books. For many U.S. based businesses that could mean supporting 50 different laws, not to mention that over 100 countries around the world have enacted data protection legislation.

While multiple regulations can create complexity and confusion, it helps to understand that there is a common thread across many of these regulations where a security breach is often defined as – unauthorized access to unencrypted or unsecured data.

Unencrypted or Unsecured Data

Unencrypted data is like a bank having a vault with no lock. Once an unauthorized individual gets past the guard at the front door, they can just open the vault and everything of value is there for the taking. Encryption transforms data into an unusable state that can only be transformed back to its original state for authorized users with a specific key or passcode.

Unauthorized Access

While it is common to think of unauthorized access as an external hacker accessing your network and systems, some of the largest and most notable data breaches have resulted from insider actions, both accidental and malicious. Role-based access controls, privileged access management and least privileged access help verify that only those internal employees or contractors needing data for their job function have access.

How DataKeep™ from SecurityFirst helps supports breach notification laws

  • White Checkmark

    Encrypts personal data-at-rest and manage encryption keys

  • White Checkmark

    Manages access to personal data by role or process

  • White Checkmark

    Audits data access requests / denials for encrypted personal data

  • White Checkmark

    Provides data erasure through cryptographic shredding

breach prevention

Protect and Prevent with DataKeep

DataKeep addresses the most stringent breach notification requirements to help organizations avoid hefty fines and detrimental impacts on their brand, reputation and trust.

DataKeep encrypts data-at-rest on servers at a volume or file-level, on network file systems and prior to sending data to S3 object storage. DataKeep combines AES-256 encryption and internal key management that is certified to be FIPS 140-2 compliant.

DataKeep uses customer-defined policies that manage who, what, when, where and how users access decrypted data. DataKeep allows you to define access policies that can be as narrow as -- a specific user, can only see specific data decrypted, when using a specific hashed process/application on a specific server. Access is only allowed through the process/application per policy.

DataKeep logs all user data access requests, whether approved or denied, in real time to allow for prompt remediation. Event logs can be forwarded to Systems Information and Event Management (SIEM) for analysis and reporting.