Comprehensive data protection must be about more than just algorithms and keys; it must also be about defining and enforcing data access controls. EncryptRIGHT leverages strong role-based access controls to define who should be able to access sensitive data, assign appropriate data access permissions and easily orchestrate unlocking the protected data in a need-to-know manner – allowing each user to access data only to the extent to which they are authorized. This is a key component to the data security governance approach to protecting data.
Data access controls start with defining users and permissions. In EncryptRIGHT, users and logical user groups can be defined and can be assigned unique permissions. Since every function of EncryptRIGHT, from encrypting data to changing policies, requires a valid User ID and password, role-based data access controls can be applied in real time to authorize user access to a specific function. This is integral to data masking and managing data privacy.
No Access – All fields obscured when unprotected (e.g.******)
Masked Data Only – Defined fields will be masked (e.g. 123*** or 1**456)
Read Only – visible to application but fields cannot be changed if re-secured (123456)
Read/Write – visible to application and fields can be changed and re-secured
Write Only – allowed to secure data in a field but not unsecure the data