The cloud transformation by most organizations comes with stricter data residency requirements such as the EU’s GDPR, California’s CCPA and Japan’s AAPI regulations. Security solutions must meet your data residency requirements and secure your cloud transformation and data security.
We’re excited to announce that Proofpoint Information Protection has expanded its data storage options to include APAC region on top of our options within the U.S. and European Union (EU) regions. The storage for the APAC region is based out of Japan and the EU region is based out of Germany. That means Information Protection customers can now choose to store their data in one or more of the three supported regions while accessing that data from a single portal.
Figure 1. Data storage options for Proofpoint Information Protection
Granular governance of data access
We’re also excited to announce the extension of our industry-leading attribute-based access control to govern data access based on geographic locations and the business functions of analysts and users.
The solution provides unified access to data for multinational corporations—critical for larger security teams and those collaborating with HR, Legal and IT.
A global administrator can also set up data storage and access policies by:
- Storing all collected data in the respective regions (for example, U.S. data in the U.S. region, EU data in the EU region, and APAC data in the APAC region).
- Configure data access so that U.S. analysts can view only U.S. data, EU analysts can view only EU data, and APAC analysts can view only APAC data.
Figure 2. Proofpoint Information Protection allows admins to set up data storage across regions
Also, if a global analyst requires cross-regional visibility, the administrator can provide that analyst access to data in multiple regions.
Simplifying investigations with customized data access policies
Global administrators can also configure access control so that a specific analyst can only look at data required for an investigation.
For example, say an investigation is underway involving a user exhibiting risky behavior. The analyst assigned to the investigation needs additional data access for that user, such as screenshots or application and website usage events.
The admin can create a custom data access policy that gives the analyst access to the additional data related only to the user under investigation and limit that access to the duration of the investigation.
Balancing security with privacy
The configuration flexibility in the Information Protection solution helps customers balance their organization’s security with the privacy of users, essentially storing the data in appropriate jurisdictions and providing access to that data on a need-to-know basis.
We’re always working to add new regions based on market requirements and customer demands.
We’d love to hear from you, and help you work to meet those requirements.
Contact us to learn more.