Default banner

Securing Unstructured Files

CipherTrust Data Discovery and Classification in combination with CipherTrust Transparent Encryption gives your IT organisation a consistent and repeatable method to discover, classify and secure unstructured data across the enterprise.

Securing Unstructured Files

The volume of unstructured data within enterprises has been growing exponentially over the past few years. Data stored on file shares, devices, collaboration portals, mailboxes and cloud platforms is increasing, but securing such unstructured data remains a challenge. To properly protect unstructured data, you need to know where it lives.

To establish uncompromising protection, IT teams need a central data discovery and data protection solution that can identify and secure sensitive data wherever it resides – which is why so many organisations rely on CipherTrust Data Discovery and Classification and CipherTrust Transparent Encryption to discovery, classify and protect unstructured files.


  • Challenges
  • Solutions
  • Benefits

Determining where Sensitive Unstructured Data Resides

Before you can protect data from compromise, exfiltration or destruction threats; before you can comply with various privacy and security mandates, you need to know what sensitive data you hold, where it’s located and its context. Distributed systems and data silos make unstructured data difficult not only to locate but also to classify. Locating and then classifying the data based on sensitivity, risk, compliance or other categories is an important step toward being able to protect it.

Securing Unstructured Files

Unstructured files pose a unique challenge to the IT team, as they often contain sensitive data that requires the same protection as that found in structured databases. These files can reside in a range of databases, depending on the organisation's requirements.

Determining who can Access Unstructured Data

Unstructured data that is distributed across the enterprise, segmented into storage silos and controlled by disparate access control systems, compounds the problem of determining the users and groups who can access sensitive data. Decentralised access control makes it difficult to implement uniform, consistent security policies that control access to unstructured data.

CipherTrust Data Discovery and Classification

Among the first and biggest challenges security architects and IT professionals face is determining where in the enterprise sensitive data resides, what format the data is in, and how and why it is sensitive. Being able to access all the data stores across your organisation and identify and classify resident sensitive data by type and risk allows you to plan the most appropriate data protection.

Thales CipherTrust Data Discovery and Classification enables your organisation to get complete visibility of sensitive data with efficient data discovery, classification and risk analysis across cloud, big data and traditional storage environments.

CipherTrust Transparent Encryption

With CipherTrust Transparent Encryption, your organisation can secure unstructured files, wherever they reside - onsite or in the cloud. The file encryption system allows you to secure sensitive data in spreadsheets, documents, presentations, images and more. Unlike other file encryption offerings, CipherTrust Transparent Encryption enables security teams to implement file-level encryption without having to make changes to the organisation’s applications, infrastructure or business practices. In addition, access control and data access audit logging are available without changes to infrastructure, applications or workflow for maximum control with minimal costs and resource requirements.

CipherTrust Data Discovery and Classification

CipherTrust Data Discovery and Classification simplifies identification and classification of sensitive data across the enterprise by efficiently locating structured and unstructured sensitive data across cloud, big data and traditional data stores. It classifies sensitive data by data format, risk level, relevant compliance regulation (e.g. GDPR, PCI DSS, etc.), and more, making it easy to determine and apply the most appropriate form of remediation.

CipherTrust Transparent Encryption

Persistent, Granular Controls

CipherTrust Transparent Encryption’s file level encryption protection does not end after the encryption is applied. The file encryption agent continues to enforce granular access control policies to protect against unauthorised access by users and processes and it continues to log access. Policies can be applied by user, process, file type, and other parameters. With these capabilities, security teams can ensure continuous protection and control of their organisation’s structured and unstructured data.

Broad Environment Support

CipherTrust Transparent Encryption secures structured databases and unstructured files across data centers, cloud, containers and Big Data environments on Linux, Windows and AIX with a single infrastructure and management environment. The solution can secure sensitive data in such databases as IBM DB2, Oracle, Microsoft SQL Server, MySQL, NoSQL and Sybase.

Separation of Privileged Users and Sensitive User Data

The file encryption system allows organisations to create a strong separation of duties between privileged administrators and data owners. CipherTrust Transparent Encryption encrypts files while leaving their metadata in the clear. So IT staff – including hypervisor, cloud, storage and server administrators – can perform their system administration tasks without gaining access to the sensitive data residing on the systems they manage.

  • Related Resources