Legacy data loss prevention (DLP) solutions are ineffective at identifying sensitive data because of their modus operandi: Indexing at the source (e.g, databases, repositories, and directories), followed by scanning at the exits and in storage. When using this approach, you leave a “black hole”, which means you have a gap in data visibility from the moment the data is retrieved from the source (e.g. a query of customer records from a database) to the moment the data “appears” after multiple “content incarnations” at the various exits and storage. During this "black hole" period of time, end users make modifications to the data as part of their daily business conduct. Even when using sophisticated content matching technologies (such as content fingerprinting), the probability to identify content with no false positive and false negative identification is dramatically reduced throughout the above described life cycle of the data. Moreover, when data is maliciously manipulated in an attempt to prevent tracking of its origin, by simple “password protection” which is an every-day used functionality, or by replacing a section of a credit card number to something that can be changed back afterward. Such manipulations might prevent data identification completely.
In order to eliminate the invisible “black hole”, Secure Islands developed a data classification technology which classifies the data in a Nexus Point between the structured data arriving from data centers and applications and the unstructured data that is used by user applications such as MS Office, browsers, IM, etc. At this Nexus Point, when data is still in its structured form and prior to its transformation to unstructured formats in control of users, Nexus Data Identifier identifies sensitive data deterministically with ZERO false-positive and false-negative results. From now on, the data is "tagged" as it was in its structured format, and these tags travel with the data anywhere it goes, including any unstructured formats, such as documents, Web, files, etc.
Now, rather than using classification based on various complicated techniques of content matching and scanning technologies, with Nexus Data Identifier, organizations gain:
-
100% accuracy in identifying content derived from databases, applications (including legacy systems), repositories and directories even in an unstructured form.
-
Simple deployment of content classification, with no scanning of databases and repositories.
-
Enhanced security with pre-emptive protection techniques rather than post-mortem data monitoring.
