Perimetrix SafeUse

Perimetrix SafeUse safeguards confidential data whenever it is being handled on a user’s computer. Perimetrix SafeUse protects confidential data during use. SafeUse creates an auditable environment for the distributed storage and processing of confidential data in line with a company’s security policies.

Locally installed Perimetrix SafeUse agents provide control over any movement of confidential data and directly prevent breaches that can occur via the network, removable media, printers, or local system ports. SafeUse prohibits the user from copying sensitive data to new documents or from transferring sensitive data to unapproved or unintended applications.

On a technical level, SafeUse agent (driver) on a user’s workstation operates at the kernel level. The agent monitors all operations on objects that contain confidential data (files, folders, remote resources, network nodes, etc.). The agent either allows or prevents access to the data from users, applications, or processes depending on the security policies associated with the object.

Policies apply to the processing, storing, or transmission of any data that the object contains. The confidentiality of the data is identified and maintained by means of an electronic “security tag”. The secured Perimetrix SafeUse system assumes that electronic security tags have been applied to all confidential data.

When changing the format of a file containing confidential data (for example: from *.xls to *. pdf, etc.) the “security tag” of the parent object is inherited by the child object, thereby ensuring that the confidential data remains under the control of the SafeUse™ agent.

Perimetrix SafeUse the multidimensional category model allows for extremely accurate data classification. Classification tags that are assigned to data objects define the rights of users and applications in relation to the data. The classification tags are not only inseparable from the data object but are also automatically inherited by child objects.

→ Perimetrix approach is fundamentally different from the “classic” DLP (Data Loss Protection) model, in which probabilistic methods are used to attempt to identify data in the information flow that is similar to data deemed to be valuable. Contrary to Perimetrix, DLP systems attempt to prevent the data breach. But in the end, they more often than not simply register a data leak.