Find and protect sensitive data where it's most vulnerable

Unstructured data—information contained in documents, spreadsheets, images, and other files, rather than in a database—accounts for 80% of a typical organization's data. Much of this data resides on user devices like laptops, mobile phones, and tablets, where it's exposed to physical theft, unauthorized sharing, and other threats on a daily basis.

Typical approaches to endpoint security have focused on protecting devices, rather than the data stored on them, from unauthorized access. These strategies fail to address the reality that employees are constantly sharing and sending data from their devices to external parties, cloud storage services, and other destinations outside the organization's control.

Meaningful endpoint security requires not only protection while data resides on a device, but protection against threats when data travels to other devices, other operating systems, and other networks.

Protect data you didn't know you had

Two obstacles commonly hinder organizations who attempt to secure data on desktops and laptops:

  • A lack of visibility into the data stored on employee devices
  • Limited options for remediating and protecting sensitive data

PKWARE solves these challenges, enabling organizations to identify and protect sensitive information as soon as it appears on a user device. PKWARE's advanced data discovery, classification, and protection capabilities allow administrators to scan endpoint devices for files containing sensitive information and to apply automated, policy-based, remediation and protection.

Administrators can define the types of information that require protection, and can choose from a wide range of actions to be taken when sensitive data is detected:

  • Protecting files with persistent encryption that travels with files when they are moved or shared via email, FTP, or the cloud.
  • Masking or redacting specific text within files
  • Moving files to a quarantine folder or other secure location
  • Deleting files that contain inappropriate data or that are stored in inappropriate locations

PKWARE solutions are compatible with every enterprise operating system and integrates with Microsoft Office, allowing users to maintain their normal workflows without compromising the security of the organization's data.

How it works

PKWARE endpoint agents are installed on user devices that may be used to create, process, or store sensitive data. Agents apply the organization's data protection policies as defined in the PKWARE Enterprise Manager administrative console.

After deployment, PKWARE agents monitor all file activity on protected devices. Depending on the organization's policies, PKWARE can encrypt all files on a device, or use data discovery and classification to determine which files should be encrypted. Whether encrypted files are saved on a computer’s hard drive, stored on removable media, or backed up on a cloud service, the files can only be accessed by authorized users.

If the organization's policies call for actions other than encryption, PKWARE will apply the appropriate form of protection or remediation.

Find, classify, and protect sensitive information

With PKWARE's data classification capabilities, organizations can add data classification to their security policies, while maintaining a streamlined, intuitive user experience.

PKWARE can be configured to search for tagged files on laptops and desktops, and to encrypt tagged files according to the organization's policies. PKWARE can also detect untagged sensitive information and initiate classification. Administrators define the types of sensitive data they want to find, as well as the locations they want to search for it.