Fortressware enables workgroups to securely create and manage sensitive files
and content across distributed project teams.
It monitors, logs, and blocks unauthorized
use and transmission of sensitive materials from onsite,
offsite and nomadic users;
it also limits the use of sensitive information to specific applications.
To provide this comprehensive solution,
the architecture of Fortressware systematically addresses the unique security
issues raised by the challenge of protecting globally distributed information assets.
Identify the sources to be protected
A source of sensitive information may be a document, source code, or customer
relationship management system, a relational database, or any other repository.
Once a repository is designated a legitimate source, all content required by a
workgroup is encrypted on a Fortressware secure virtual drive.
Establish security policies
A security policy defines who may belong to a project,
the applications they may use,
and the content to which they have access. Users can be drawn from employees only,
or a mix of employees, partners, service providers, and other third parties.
Regardless, the security policy covers them all.
Enforce security policies
All work involving sensitive content takes place in a secure virtual project workspace.
The applications and content available, and the rights to transfer content outside the
workspace are determined by the security policy. Fortressware enforces the policy
unobtrusively in the background; in fact users have no contact with it except when an
action that violates the policy is attempted. As users utilize their customary applications
to access content, Fortressware transparently decrypts files on the fly and observes
user behavior. When an unauthorized action is attempted, the user is initially warned
and, if the action is continued, blocked from completing it.
Any unauthorized actions are logged during this process. As users complete their work,
Fortressware returns each file to its encrypted state.
Maintain an audit trail
Audit logs are automatically generated as users go about their
Fortressware-protected activities.
Depending on management preference, they can be restricted to tracking basic
information, or expanded to include different types of security policy violations.
