Data-Centric Info Security

About

Watchful’s flagship offering is RightsWATCH, a data-centric security solution that dynamically identifies, classifies, marks/tags, and encrypts information as it is created by users. Once information is secured, it can only be viewed/used by individuals with the express authorization of the organization. RightsWATCH customers can define their information control policy, indicating classes of sensitivity such as Public, Internal Use, Confidential, and Secret, and then assign their employees credentials to fit into that scheme based upon their position in the business. From that point on, nothing is required of the user – the system can dynamically identify and classify the information being created right at the point of origin based upon its content, context, or metadata (or a combination), regardless of whether it may be a document, spreadsheet, PDF, email, etc. In addition, any characteristics for that data required by the policy, such as watermarks, footers, disclaimers, are applied, again without user involvement. This is a quantum leap forward from yesterday’s Data Loss Prevention (DLP) tools, which seek to restrict information from moving outside of the organization; those require the information to have been pre-classified in some way, and do little to fulfil the audit/compliance/legal requirements of tagging and marking. In today’s world, accountability and forensics are key. With RightsWATCH, classified information is not only protected, but it’s digitally ‘fingerprinted’ to enable the organization to track its usage – who touched it, printed it, forwarded it, etc. A key imperative of CISOs everywhere is to remove the risks of sensitive information getting out where it shouldn’t, be it from external cybercriminals or ‘insider violations’ from careless or malicious employees. For example, the risk of employees taking confidential information when they leave the company, or selling valuable data to competitors, or ‘leaking’ confidential or sensitive memos to the press, are now mitigated. Even if an employee leaks information outside the network (for example, on a USB key), it can only be opened/viewed/read by someone with expressly authorized credentials. This is the ‘holy grail’ that users are looking for. No company should live in fear of their sensitive information being posted on the web…they should be bold enough to know that they could post it there themselves, with the full comfort that only authorized users could open/read/use it. In order to become simply an everyday part of how companies work, RightsWATCH has been designed to fit seamlessly into the normal users’ workflow, so that information such as documents, spreadsheets, emails, presentations, etc. begin to get classified and protected on day one with virtually no user training required. There is no need for a user to launch a separate application or access additional menus and take additional steps to classify and protect information – this is done dynamically according to the policies established by the company, so that the ROI is immediate and there is no stress on the user at all. The result: faster and broader adoption for increased ROI.