1. Gathering real sensitive information requires too much effort
- a mechanism where information owners can define restrictions on who can access the said information without involving IT staff. Further, the monitoring of this information is also limited to the information owners and not the IT department.
- an automated way for end-users to classify information and define what is important as it is being produced.
2. Lack of sharing of highly sensitive information with the IT staff
- A mechanism where information owners can define restrictions on who can access the said information without involving IT staff. Further, the monitoring of this information is also limited to the information owners and not the IT department.
3. Over-blocking vs ease of use - Changing sensitivity of information.
What is required is a mechanism where end-users can take up the responsibility of defining who can access the information and who cannot, and an override mechanism where they can override a defined restriction by giving a valid reason.
The solution: e-Safe Compliance managing security the smart way
1. Secures Information at Its Source, Ensuring Information Is Protected All the Time
2. Protecting Highly Sensitive Information Using Document Rights Management
- Define the classification of sensitive documents as being
- Office document
- Define who can have access to the said information.
- Define the usage restriction on the information such as cut/copy/paste/print etc.
3. Monitoring Real Sensitive Information Using Decentralised DLP Rule Creation
4. Solution to Overblocking via Trust but Verify Philosophy
- Block sensitive document usage/transfer etc
- Allow document usage but monitor.
Restricting document usage prevents users from doing their job, while just monitoring document usage results in the reviewing of a large number of incidents. e-Safe Compliance introduces a third way – “allow users to remove restrictions but require them to provide a reason for doing so.” By allowing authorised users to override restrictions by giving a reason, the users are no longer prevented from doing their job. Furthermore, the fact that they have to give a reason ensures that users are aware of the importance of the information and that they will be held responsible for any misuse. This automatically ensures security of information.