ProtectFile

Today, perimeter-based security defenses cannot adequately secure the growing volume of sensitive data residing on servers in physical, virtualized, and public cloud storage environments. To be completely protected, organizations must employ a solution that attaches security to the data itself.

SafeNet ProtectFile provides transparent and automated file system-level encryption of server data at rest in the distributed enterprise. This includes data-centric protection of Direct Attached Storage (DAS), Storage Area Network (SAN), and Network Attached Storage (NAS) servers using CIFS/NFS file sharing protocols.

SafeNet ProtectFile also features granular access controls, centralized policy and key management, and comprehensive auditing capabilities. Once deployed, files containing sensitive data are rendered useless in the event of a breach, misuse or hijacking of privileged accounts, physical theft of servers, and other potential threats.

Secure Sensitive Server Data at Rest in the Distributed Enterprise

SafeNet ProtectFile is deployed in tandem with KeySecure for Government, a FIPS 140-2 up to Level 3 enterprise key manager, for centralized key and policy management across multiple sites. The solution encrypts sensitive data on servers, such as credit card numbers, personal information, logs, passwords, and more in a broad range of files, including word processing documents, images, database files, archives, and backups.

Once deployed and initiated on a server, SafeNet ProtectFile transparently encrypts and decrypts data in local and mapped network folders at the file-system level based on policies – without disruption to business operations, application performance, or end-user experience.

Transparent, Strong, and Efficient Encryption

• Apply transparent and automated file system-level encryption in physical, virtual, and cloud environments
• Define and enforce granular access control policies

Privileged User Control

• Prevent rogue root administrators from impersonating other users and accessing protected data

Secure Data Archival and Destruction

• Keep data encrypted and unreadable to server administrators performing back-up and restore tasks
• Ensure all secured, sensitive data is rendered unreadable in the event data destruction is required

Easy Implementation and Management

• Utilize remote, silent automation tools for quick and easy deployment in large and small environments
• Streamline administration with centralized policy and key management in FIPS certified hardware
• Built-in, automated key rotation
• Set up encryption in the cloud more quickly with automated Chef recipes

Achieve Compliance

• Ensure separation of duties
• Track and audit user access to protected data and keys

• Servers: A file server, web server, application
• server, database server, or other machine running compatible software
• Network Shares: SMB/CIFS, NFS
• Remote silent installation for easy deployment in any size environment
• Encryption Algorithms: AES
• Supported Platforms: Linux: Oracle, Red Hat Enterprise Linux, SUSE Microsoft Windows
• Big Data: Apache Hadoop, IBM InfoSphere BigInsights
• Cloud: All public clouds, including AWS
• Cloud Management: Chef
• Databases: Cassandra, IBM DB2, Microsoft SQL Server, Microsoft SharePoint, mongoDB, Oracle, Couchbase
• Containers: Docker