Trust but Verify People Centric Security

e-Safe Compliance’s information security framework as shown on the right, merges the People Centric Security approach championed by Gartner with the continuous improvement principles required by ISO 27001. The framework educates end-users on what information is sensitive enabling them to make correct decisions. End-users are trusted to protect sensitive information though rights management, and to override those rights when necessary. Both information owners and security personnel can verify that sensitive information is being protected and is not being misused through document tracking and automated User Behaviour Analytics (UEBA) reports.

Integrated Discovery and Classification of Data

Empowers information owners, by providing tools, to define rules for discovery and classification of data at rest within local and shared drives, file servers and databases. The rules and policies are applied centrally to ensure that protection levels are set correctly and well defined sensitive data is secured.

Educate, Trust, Verify Framework for Deployment

Monitoring of Data in Motion & Data in Use

Monitors data movement around and out of an organisation via online and offline channels such as on email, web, shadow sites, social media, chat, cloud, USB drives, SD Cards, printers and mobile phones. Empowers Information Owners to define the risks related to the data and their severity. Advanced analytics calculate risk results by monitoring user behaviour over time and produce a risk score based on the actions taken by each user. The reports generated based on user actions and risk scores are sent direct to the information owners for in-time review and further action.

Preventing Data from being Leaked

Based on policy, prevents data movement around and out of an organisation via online and offline channels such as on email, web, shadow sites, social media, chat, cloud, USB drives, SD Cards, printers and mobile phones.
Educate, Trust, Verify Framework for Deployment

People Friendly Data Protection

Other than central security team to apply protection policies centrally, empowers information owners and end users themselves to directly protect and restrict the access to their sensitive data using persistent and transparent encryption, and rights management. The usage of sensitive data is tracked through document tracking system and is reported to the information owner. In case of genuine business need, the system allows authorised users to override restrictions by giving a reason hence the users are no longer prevented from doing their job. Enables easy to use and secure sharing of sensitive documents with 3rd party or external mobile users through iOS and Android apps.