Perspecsys AppProtex Cloud Data Protection Platform
Here's a problem: traditionally, organisations with sensitive data have been reluctant - in many cases, have simply refused - to allow that data to be in a public shared storage environment (public cloud). At the same time, these organisations are having an increasing need to share. This is the old multi-level problem that emerged decades ago in government. How does one share a single computing or storage environment with both confidential and secret data, for example?
The cloud has brought with it an array of new problems and challenges. Many of these impinge directly upon the issue of sensitive data in public storage. For example, one of the terms we hear a lot of lately is data sovereignty. That means that data may meet some standard - privacy, for example - in one country but not in another. How does an organization with locations in both countries keep the lower-standard locations from accessing the higher-standard data when that data is in a shared public cloud?
An extension on that question is: How does an organisation meet the regulatory compliance requirements of both countries? Finally, how does an organisation maintain direct control over its highly sensitive data if it is stored and shared in a public cloud? These are questions that Perspcsys AppProtex Cloud Data Protection (CDP) Platform addresses.
The product is deployed on-premises inside the firewall and uses proxy-based connections that ensure that data is secured in motion, at rest and in use. Policies are enforced in real time wherever the data resides. CDP addresses applications such as Salesforce or Oracle through AppProtex SaaS adapters, and cloud environments such as Dropbox or Box through AppProtex PolicyPro.
The user interface is clean. The administrator panel, for example, is a top-level menu with some important metrics that are easy to pick up at a glance. No glitz or glamour here... just good, solid information and a clean, clear layout that lets the administrator move around quickly and effectively. It's when you start digging into the menu that you find that what you are looking for is there, usually right under the surface.
Building policies is - as one would expect with the rest of the product as clean as it is - simple and quick to do. In protection mode you can encrypt or tokenise, and if you encrypt you can use any third-party encryption desired. So, if you have an investment in a particular flavor of encryption, there is a high likelihood that it will be OK to use it with CDP. Tokenising is the replacement of characters with some other character, effectively masking the real contents of the field. This can be accomplished selectively, on a field-by-field basis.
In an analysis of a database with hundreds of fields, the analysts found that only 28 fields needed to be tokenised to comply with regulatory requirements. It is far more efficient to tokenise those 28 fields than it is to encrypt the entire database. Tokenisation also gives a slight improvement in performance since an entire dataset does not need to be decrypted. Likewise, security is improved because having simply compromised access to the system does not, necessarily, mean that access to the individual tokenised fields in the document has been compromised.
Setting up a new cloud is straightforward as is refreshing an existing one. Everything, including policy development, is point-and-click and the drop-down dialog boxes make everything clear. Again, no frills or glitz, just solid step-by-step implementation for most functionality. An administrator would be able to work through this UI quickly.
We liked this product both for its ease of use and its focus on highly sensitive data. This combination is appropriate especially because it minimises the likelihood of error. Because the tool sits behind the firewall and is controlled completely by the organisation, there is a reasonable expectation that the security of the data is protected as well since security is in place from inside the firewall all the way to the authorised cloud or cloud-based application.
Pricing may seem a bit high but remember, this is intended specifically for high-risk data and in that context pricing is not high at all. As well, ease of use and administration make the overall cost of ownership reasonable. The more we saw of CDP the more we liked it. This one's a keeper.
At a glance
Product AppProtex Cloud Data Protection Platform
Price Pricing varies from £185-£269 per user per cloud.
What it does Addresses compliance, security and privacy issues for cloud-based applications.
What we liked This product is optimized for sensitive data and allows large private sector organisations and government agencies to protect that data in the public cloud.