The company recognised its greatest asset is information about its customers, and was therefore keen to ensure no confidential or personal information is able to leak.
"We were looking for a solution for information protection and control that could classify and control access to sensitive data,” said José Silva, chief information officer at Whitestar.
The leakage of highly confidential data would significantly damage its reputation, breach industry regulations and potentially cause severe financial losses.
The company was looking for a way to protect sensitive data that was easy to use by all those exchanging data and that provided a solid audit trail of what was going on for regulatory compliance.
Through the acquisition of GE Money, Whitestar was able to see the benefit of RightsWATCH, a product of Portuguese startup Watchful Software.
Like GE Money, Whitestar was able to introduce data classification of a wide variety of unstructured data and control access to sensitive data in a non-intrusive way, said Silva.
“This led to an extremely quick adoption and an increased understanding of Whitestar’s information security policy.
More data classification
- Strategies for a compliance-centric data classification toolkit
- Government overhauls security classification to fit digital age
- Data-classification levels for compliance: Why simple is best
- Data classification policy: What it is and how to do it
“At the same time, it has enabled us to control and audit the flow of the information and prevent the misuse of sensitive information inside and outside Whitestar,” he said.
The decision to deploy RightsWatch across the company was made after a pilot project and a further qualification phase with a roll-out in a pre-production environment.
The system has enabled the company to set a single central policy that is applied whenever documents or emails are drafted and used inside or outside corporate networks on a variety of systems and devices.
The system also adds metadata, tags and labels to sensitive data to enhance data discovery mechanisms. It is used by a data loss prevention system that is also being rolled out across the company.
Whitestar plans to use the classification information to enhance the effectiveness of its DLP system.
RightsWATCH works by classifying unstructured data automatically and encrypting if necessary, without requiring any user intervention.
The system works with most common applications for creating unstructured content, integrating through a plugin with applications for email, word processing, spreadsheets, PFD, graphics, audio and video.
The encryption functionality builds on and enhances basic functionality provided by Microsoft’s rights management system.
RightsWATCH analyses the content and classifies documents as they are created based on the central policy set by Whitestar.
In all but the highest level of sensitivity, users are able to override the policy-based classification, but must first acknowledge that they accept responsibility for doing so.
This ensures that sensitive content is not sent out inadvertently and helps reduce corporate liability.
This is all done within the application for creating the content, which means users never have to move outside their normal workflow.
Once classified, all data that is not public can be accessed only by people that have the right credentials or have been given specific permission to access the data.
This data-centric security model also means that users are able to make documents inaccessible to recipients in the event that information contained in the document is no longer accurate.
RightWATCH was initially designed to work across all Windows-based computers, but from July 2014 the product will be available for Apple’s Mac operating system.
“In terms of remote access, however, users can already access RightWATCH protected files though mobiles running Google’s Android and Apple’s iOS,” said Rui Biscaia, director of product management at Watchful Software.
There is also support for Windows Phone and BlackBerry, but not for the latest BlackBerry devices.
The company recently made a free entry-level version of the product available for use by individuals.
“Anyone interested in using this in a corporate environment can download a copy for their personal use to try it out,” said Biscaia.