PortAuthority tightens its data security net
Version 5.0 tracks data in motion, at rest, and in use
To be clear, for complete data coverage I had to perform additional steps. As an example, server agents are required to protect internal data-in-motion (such as networked printers), and desktop agents are loaded to monitor how data is used locally.
Still, a single policy you create universally applies to any data location. That is, when I created a corporate governance policy to look for confidential executive communications, the system checked if relevant documents were e-mailed using Microsoft Exchange and Lotus Notes, printed, or copied to a pen drive. Plus, policies are amazingly granular; I could allow a secure USB product with a certain device ID but prohibit other manufacturers’ thumb drives.
To further evaluate how well PortAuthority 5.0 performed in real life, I also monitored Webmail, FTP, and instant messaging. Overall, false positives and false negative alerts were under 1 percent, which is somewhat better compared with other products I’ve tested. Part of this precision is because PortAuthority 5.0 classifies and extracts content from more than 370 file formats (30 percent more files than Version 4.1). It scanned nested compressed files and correctly determined if a message’s content was extracted from another protected document.
Click for larger view.
PortAuthority 5.0, however, adds integration with DRM systems. With a few clicks I updated a policy so documents sent to a particular partner were first automatically routed to a server running Microsoft RMS (Rights Management Services) for protection. Besides rights management and blocking messages, other policy actions include quarantine, sending communications through an encryption gateway, and archiving sensitive data.
PortAuthority 5.0’s Web incident management and reporting side underwent serious retooling. Role-based administration in this version prohibits business owners (such as an HR representative) from viewing, say, financial-related incident listings.
Further, there’s better usability -- with typically no more than three clicks now required to go from the summary dashboard display to viewing an incident’s detail. Also, once I looked at a message’s content (with offending material highlighted and a list of policies that were violated) I used a simple drop-down list to take action or to delegate the case to another person.
I also found more accessible and thorough reporting. I sorted events by source, destination, or protected content, and by various combinations of these criteria. This advanced filtering should help organizations quickly detect incidents requiring immediate remediation.
With some ILP solutions you get good usability, while others are technically impressive. It rarer to see one that does both so well, which is my conclusion after testing PortAuthority 5.0. The clinchers for me were getting policy management and administration right.