Sensitive data finds sanctuary

Software safe protects enterprise data

Data vaults can keep documents safe and help firms comply with governance rules

To comply with new corporate governance regulations such as the US Sarbanes-Oxley (SOX) Act, there is a growing need for companies to protect their sensitive data. One IT vendor addressing this requirement is Cyber-Ark, whose electronic vault technology can secure documents and other data while allowing access to authorised personnel, partners and customers.

Cyber-Ark, which recently made reseller Risc Technology its sole UK distributor, has two product lines: Network Vault, which provides a secure repository for internal documents and administrator passwords; and Inter-Business Vault, which enables companies to exchange information securely with partners.

"Network Vault creates a 'safe haven' to secure sensitive documents on the network until you need to see them," said Cyber-Ark chief operating officer Udi Mokady.

The Network Vault is segmented into storage areas called safes, and users can only see the safes that they are authorised to access, according to Cyber-Ark. In addition, Network Vault maintains an audit trail to show who accessed which files and when.

Central Password Manager, an optional module shipping since late 2004, allows for the automated storage and retrieval of administrator passwords using Network Vault.

"Some firms resort to physical security for top-level admin passwords, storing them on paper in a safe with access only via security guard," said Calum Macleod, Cyber-Ark's business development director. "We can provide the means to electronically safeguard these, and one-time the passwords if firms want it."

If one-time passwords are controlled in this way, IT staff would have to go to Password Manager every time they want to log in to company systems with admin privileges, thus ensuring that each session is logged in the audit trail.

But an even more pressing business need is to share information with partners in a secure fashion.

Inter-Business Vault addresses this by creating a safe haven in the DMZ on a company LAN, where it can be accessed externally. Specific individuals in partner companies can access documents in the vault via Cyber-Ark client software, an FTP client, or a web browser.

Alternatively, the partner's Microsoft Exchange server can be outfitted with a Cyber-Ark Connector that allows it to fetch encrypted emails via SMTP from the other company's vault. "This will typically be used between closely-connected organisations that want to communicate," said Mokady.

This cannot stop information from being accidentally disclosed by a partner, but Inter-Business Vault can help firms to show they have taken every reasonable step to prevent such disclosure.

Network Vault 3.5 is due at the end of March, with enhancements to Central Password Manager.