Securing Unstructured Files

CipherTrust Data Discovery and Classification in combination with CipherTrust Transparent Encryption gives your IT organization a consistent and repeatable method to discover, classify and secure unstructured data across the enterprise.

Securing Unstructured Files

The volume of unstructured data within enterprises has been growing exponentially over the past few years. Data stored on file shares, devices, collaboration portals, mailboxes, and cloud platforms is increasing, but securing such unstructured data remains a challenge. To properly protect unstructured data, you need to know where it lives.

To establish uncompromising protection, IT teams need a central data discovery and data protection solution that can identify and secure sensitive data wherever it resides—which is why so many organizations rely on CipherTrust Data Discovery and Classification and CipherTrust Transparent Encryption to discovery, classify and protect unstructured files.


  • Challenges
  • Solutions
  • Benefits

Determining where Sensitive Unstructured Data Resides

Before you can protect data from compromise, exfiltration, or destruction threats; before you can comply with various privacy and security mandates, you need to know what sensitive data you hold, where it’s located, and its context. Distributed systems and data silos make unstructured data difficult not only to locate but also to classify. Locating and then classifying the data based on sensitivity, risk, compliance, or other categories is an important step toward being able to protect it.

Securing Unstructured Files

Unstructured files pose a unique challenge to the IT team, as they often contain sensitive data that requires the same protection as that found in structured databases. These files can reside in a range of databases, depending on the organization's requirements.

Determining who can Access Unstructured Data

Unstructured data that is distributed across the enterprise, segmented into storage silos, and controlled by disparate access control systems compounds the problem of determining the users and groups who can access sensitive data. Decentralized access control makes it difficult to implement uniform, consistent security policies that control access to unstructured data.

CipherTrust Data Discovery and Classification

Among the first and biggest challenges security architects and IT professionals face is determining where in the enterprise sensitive data resides, what format the data is in, and how and why it is sensitive. Being able to access all the data stores across your organization and identify and classify resident sensitive data by type and risk allows you to plan the most appropriate data protection.

Thales CipherTrust Data Discovery and Classification enables your organization to get complete visibility of sensitive data with efficient data discovery, classification, and risk analysis across cloud, big data, and traditional storage environments.

CipherTrust Transparent Encryption

With CipherTrust Transparent Encryption, your organization can secure unstructured files, wherever they reside -- onsite or in the cloud. The file encryption system allows you to secure sensitive data in spreadsheets, documents, presentations, images, and more. Unlike other file encryption offerings, CipherTrust Transparent Encryption enables security teams to implement file-level encryption without having to make changes to the organization’s applications, infrastructure, or business practices. In addition, access control and data access audit logging are available without changes to infrastructure, applications, or workflow for maximum control with minimal costs and resource requirements.

CipherTrust Data Discovery and Classification

CipherTrust Data Discovery and Classification simplifies identification and classification of sensitive data across the enterprise by efficiently locating structured and unstructured sensitive data across cloud, big data, and traditional data stores. It classifies sensitive data by data format, risk level, relevant compliance regulation (e.g. GDPR, PCI DSS, etc.), and more, making it easy to determine and apply the most appropriate form of remediation.

CipherTrust Transparent Encryption

Persistent, Granular Controls

CipherTrust Transparent Encryption’s file level encryption protection does not end after the encryption is applied. The file encryption agent continues to enforce granular access control policies to protect against unauthorized access by users and processes, and it continues to log access. Policies can be applied by user, process, file type, and other parameters. With these capabilities, security teams can ensure continuous protection and control of their organization’s structured and unstructured data.

Broad Environment Support

CipherTrust Transparent Encryption secures structured databases and unstructured files across data centers, cloud, containers and big data environments on Linux, Windows and AIX with a single infrastructure and management environment. The solution can secure sensitive data in such databases as IBM DB2, Oracle, Microsoft SQL Server, MySQL, NoSQL, and Sybase.

Separation of Privileged Users and Sensitive User Data

The file encryption system allows organizations to create a strong separation of duties between privileged administrators and data owners. CipherTrust Transparent Encryption encrypts files while leaving their metadata in the clear. So IT staff—including hypervisor, cloud, storage, and server administrators—can perform their system administration tasks without gaining access to the sensitive data residing on the systems they manage.

  • Related Resources