Data Protection

Manager

Deep DPM

www.deepidentity.com
 Deep DPM 


Data Protection Manager (Deep DPM) is the world’s first Data Loss Prevention (DLP)
technology integrated with Data Access Governance (DAG) and Identity Governance &
Administration (IGA).
While typical DLP solutions focus only on files and its data, Deep Identity uses the “layered
approach” to inspect and analyze data providing real-time monitoring and take appropriate
preventive actions taking into consideration the identity, access, file attributes including
storage and data itself.
Point solutions or Silo implementations simply don’t meet the key requirements of an
enterprise today. Enterprises must decide on the right strategy to address the data
security challenges of today.

The integration with Data Access Governance technology (Deep DGM) has enabled Deep Identity to
provide source location, destination location, number of duplicate files in the enterprise, list of
individuals with the related information on access to the files with detailed access rights and last
access dates, classifications and finally the owner of the file itself.
Integration with Identity Governance and Administration (Deep IACM, IM and PIM) has enabled Deep
Identity to provide comprehensive information about the individuals and their access rights to these
files and data. Deep IACM, Deep IM and Deep PIM provide information on who has access to what,
when, where, why and how-along with the related request and approval information. Other valuable
information includes logical information about these individuals such as date of hiring, transfers,
current department, manager and business role within the enterprise.
With this integrated solution, enterprises can truly meet their end to end data lifecycle management
and data protection requirements.

Integrating Identity and Data Security provide a 360°

view of enterprise risk.

www.deepidentity.com | 1
 


Deep DPM
Data Protection Manager Architecture

Content & Contextual Analysis

Deep DPM will first get hold of the files or objects, either from data at rest or data in motion or data at
endpoint. Once a file or object is opened, Deep DPM will perform content inspection or contextual
analysis. For the analysis, contexts include source, destination, size, recipient, sender, header
information, time, format and many more attributes.

Content inspection involves searching for a particular string or pattern against opened files or objects.
This is more time consuming than basic contextual analysis. Regular expression and Rule based
search are applied to make the DLP implementation more practical. Whitelist and Blacklist words are
also possible to be applied here. As part of this content and contextual analysis, pre-built rules also
can be used. Such rules include PCI-DSS for credit card, Source Code for IP protection, PDPA for
privacy of personal data and HIPAA for healthcare information.
www.deepidentity.com | 2
 Deep DPM
Real-time Data Protection (Monitoring & Prevention)

Deep DPM provides various types of real-time monitoring and protection against data loss. Such real-
time monitoring and protection is implemented for:

1. Data at rest typically resides within stationary repositories - such as Windows file server, Databases,
SharePoint portal and other common storage drives. Typical risks with this type of data include the
lack of visibility of who has access to the sensitive data and list of duplicate files being copied again
within the enterprises.

Deep DPM understands where the data reside within an enterprise and reports regularly on details
such as complete access to these files or objects, duplication files/objects, last access and other
related information.

2. Data in motion include information that is in transition, especially documents being attached in the
mail and sent outside the organization. Common risks associated with this type of data include the
loss of sensitive data and business risk associated with it.

Deep DPM can capture data in transit from laptops, mobile devices or even from mail servers and
protect these data from leaving the enterprises.

3. Data at the endpoint relates to information stored on laptops, mobile devices and portable storage.
Misplaced or Stolen laptops, mobile devices and portable storage give unauthorized access to
valuable data, eventually causing access to “offline” data.

Deep DPM with endpoint agents can discover the files and objects and their content for inspection
and analysis which leads towards protection of these data against data loss.

Copyright © 2016 Deep Identity.

www.deepidentity.com | 3
All rights reserved. OCT 2016