Here's a problem: traditionally, organizations with sensitive data have been reluctant - in many cases, have simply refused - to allow that data to be in a public shared storage environment (public cloud). At the same time, these organizations are having an increasing need to share. This is the old multi-level problem that emerged decades ago in government. How does one share a single computing or storage environment with both confidential and secret data, for example?
The cloud has brought with it an array of new problems and challenges. Many of these impinge directly upon the issue of sensitive data in public storage. For example, one of the terms we hear a lot of lately is data sovereignty. That means that data may meet some standard - privacy, for example - in one country but not in another. How does an organization with locations in both countries keep the lower-standard locations from accessing the higher-standard data when that data is in a shared public cloud?
An extension on that question is: How does an organization meet the regulatory compliance requirements of both countries? Finally, how does an organization maintain direct control over its highly sensitive data if it is stored and shared in a public cloud? These are questions that Perspcsys AppProtex Cloud Data Protection (CDP) Platform addresses.
The product is deployed on-premises inside the firewall and uses proxy-based connections that ensure that data is secured in motion, at rest and in use. Policies are enforced in real time wherever the data resides. CDP addresses applications such as Salesforce or Oracle through AppProtex SaaS adapters, and cloud environments such as Dropbox or Box through AppProtex PolicyPro.
The user interface is clean. The administrator panel, for example, is a top-level menu with some important metrics that are easy to pick up at a glance. No glitz or glamour here... just good, solid information and a clean, clear layout that lets the administrator move around quickly and effectively. It's when you start digging into the menu that you find that what you are looking for is there, usually right under the surface.
Building policies is - as one would expect with the rest of the product as clean as it is - simple and quick to do. In protection mode you can encrypt or tokenize, and if you encrypt you can use any third-party encryption desired. So, if you have an investment in a particular flavor of encryption, there is a high likelihood that it will be OK to use it with CDP. Tokenizing is the replacement of characters with some other character, effectively masking the real contents of the field. This can be accomplished selectively, on a field by field basis.
In an analysis of a database with hundreds of fields, the analysts found that only 28 fields needed to be tokenized to comply with regulatory requirements. It is far more efficient to tokenize those 28 fields than it is to encrypt the entire database. Tokenization also gives a slight improvement in performance since an entire dataset does not need to be decrypted. Likewise, security is improved because having simply compromised access to the system does not, necessarily, mean that access to the individual tokenized fields in the document has been compromised.
Setting up a new cloud is straightforward as is refreshing an existing one. Everything, including policy development, is point-and-click and the drop-down dialog boxes make everything clear. Again, no frills or glitz, just solid step-by-step implementation for most functionality. An administrator would be able to work through this UI quickly.
We liked this product both for its ease of use and its focus on highly sensitive data. This combination is appropriate especially because it minimizes the likelihood of error. Because the tool sits behind the firewall and is controlled completely by the organization, there is a reasonable expectation that the security of the data is protected as well since security is in place from inside the firewall all the way to the authorized cloud or cloud-based application.
Pricing may seem a bit high but remember, this is intended specifically for high risk data and in that context pricing is not high at all. As well, ease of use and administration make the overall cost of ownership reasonable. The more we saw of CDP the more we liked it. This one's a keeper.
At a glance
Product AppProtex Cloud Data Protection Platform
Price Pricing varies from $275-$400 per user per cloud.
What it does Addresses compliance, security and privacy issues for cloud-based applications.
What we liked This product is optimized for sensitive data and allows large private sector organizations and government agencies to protect that data in the public cloud.