The Protegrity Data Security Platform is comprised of the Enterprise Security Administrator (ESA) – the central hub for enterprise-wide management of policy, key material, auditing, and reporting. The foundation for protecting sensitive data in the enterprise is the data security policy that the organization creates within the ESA, based on relevant regulations and its particular needs and circumstances. The purpose of the policy is to enable the Security Officer to determine, specify, and enforce the following data security rules:
- What type(s) of sensitive data shall be protected?
- Which method(s) will be used to protect the sensitive data?
- Who shall have access to the sensitive data?
- Where in the enterprise shall the policy be enforced?
- Audit of access and process attempts by whom, to what data, where and when.
The policy is enforced by the Data Protectors, and audit logs of all activity on sensitive data are recorded and sent back to ESA for reporting. Data Protectors have two primary components: the Communications Agent and the Policy Enforcement Agent.
- The Communications Agent is the switchboard between ESA and the Data Protector. It manages all policy and audit log communications between ESA and the Data Protector, caches, and secures policy from ESA with encryption keys (located remotely from the appliance) and prepares the policy for use by the Policy Enforcement Agent.
- The Policy Enforcement Agent executes the policy determined in ESA on the installed system, protecting or unprotecting data, and delivering it to the various enterprise roles according to the policy.
The Protegrity Data Security Platform provides a range of safeguards to protect the diversity of enterprise data environments. This includes the Pivotal Greenplum MPP Database Protector. This delivers protection on every node of a Greenplum database cluster. The Pivotal Greenplum MPP database protector makes full use of the parallel processing capability, the ability for nodes to pull policy updates (instead of pushing from ESA), and collecting and aggregating a massive number of audit logs from every node.
The following diagram illustrates the operations that the Policy Enforcement Agent performs as it protects sensitive data from unauthorized intruders and delivers data in the clear to authorized users.