| File-GENERAL for Achieving Compliance for File Data |
Managing and securing customer and user data is a growing concern for Information Technology departments. File servers often are used to store and share highly confidential information - customer information, financial data, legal data and trade secrets. This information stored in files is very vulnerable to all kinds of attacks. File-GENERAL™ solves this problem. It’s a secure file server that protects information against malicious/compromised “privileged user”(root). All type of file data is encrypted at inception and immutable file access logs are stored in an encrypted vault.
|
For Stopping Abuse by a Malicious "root" User
| Problem:
All off-the-shelf operating systems have a flawed notion of trust. The "privileged user" is implicitly trusted. This leads to a variety of security problems. For example the "privileged user" can read or change highly confidential information like financial data, legal data or trade secrets. Operating systems simply are unable to stop this type of an abuse.
Solution:
File-GENERAL™ solves this problem. The “privileged user”(“root") can’t access information stored in repositories secured by File-GENERAL™.
Problem:
Payment Card Industry Data Security Mandates (PCI-DSS) require that the credit card data is protected at all times – within database as well as when stored on corporate file servers. Protecting credit card information within databases alone doesn't help.
Solution:
File-GENERAL™ encrypts files containing credit card information, provides lifetime key management, controls data access, and generates irrefutable file access logs. Even the system administrator CAN NOT change these logs.
Problem:
Sometimes it's necessary to monitor access patterns. Moreover, regulatory compliance requires proof - who accessed what data, at what time and operation was conducted? Appropriate steps must be taken to prevent the log entries from being altered by a malicious "root" user (non-repudiation).
Solution:
File-GENERAL™ is the only secure file server available on the market that can provide irrefutable logs for each file access by authorized individuals. The logs are cryptographically-signed and stored in an encrypted vault.
|
For Achieving PCI Compliance for File Data
|
For "File Access" Surveillance
|
|