Is your company at risk for a data breach or compliance violation simply because of the data it holds? Data without controls can create operational, privacy, and security gaps that put company assets at risk. It can create unintended consequences and increases the potential for inadvertent or unauthorized disclosure of sensitive information. With highly sensitive data (Personally Identifiable Information, Protected Health information, or data that is sensitive in nature), limited and appropriate access is always critically important. Simply put, understanding the difference between what should and should not be shared is always the key.
Once you understand what you hold, you can build in controls centered on the data. First, understand what the data is and what rules must apply to it. Data in a highly secure system may need less controls than data located in a cloud environment or a broadly available corporate intranet or website. You should identify elements of the data with metatags and determine:
- People who can access it
- Systems in which it lives along with whether they offer any native controls or need to be supplemented
- Whether it should be kept on premises or if it can go to the cloud
- Geographical location and whether data sovereignty requirements impact how you implement all of the above
The latest release of AvePoint Compliance Guardian – our unified risk management and information security platform – extends the platform’s technical capabilities to support this best practice methodology. Compliance Guardian combines capabilities to discover and map data across multiple systems through a single console, tag and classify that data, and then protect it with both real time and scheduled data loss prevention (DLP) capabilities. Features include:
- Single System, Multiple Sources: Identify and manage risk across multiple enterprise collaboration systems and data sources – including file shares, databases, cloud, instant messaging systems, and SharePoint – through a single administration console with a distributed architecture to support scalability.
- Risk Reports: Advanced Risk Calculators provide sophisticated logic to give multiple perspectives on potential risk within content. Out-of-the-box and customizable algorithms determine Weighted Risk across enterprise content to not only surface risk and risk areas, but also audit and limit the risk.
- Enterprise Classification: Automated classification allows companies to quickly discover, tag, and classify data to understand what it is, where it should live, and who should have access to it.
- Data Loss Prevention: Implement a data-centric and context-aware DLP strategy to block, quarantine as well as redact, encrypt, protect, and move sensitive content to a protected location to ensure appropriate access.
Compliance Guardian provides technical controls to enable workers across the organization to be more productive while guiding them to do the right thing with company data. Attending Privacy. Security. Risk. 2015 this week in Las Vegas? Join us at booth 39 to see the new AvePoint Compliance Guardian in person!
Can’t make the event? Contact us today or request a free demo to see how AvePoint Compliance Guardian delivers information security at its best.