The most common approach to isolating and encrypting data-in-motion is traditionally performed in the network infrastructure and by devices. Instead, Centrify DirectSecure is a software solution that secures sensitive information by isolating and protecting cross-platform systems and by enabling end-to-end encryption of data-in-motion without the need for costly and complex network devices. Here are the top reasons why Centrify customers have been asking for the DirectSecure solution.
Protect Confidential Information and Intellectual Property
DirectSecure ensures that only trusted machines can access key systems without requiring changes to existing applications or network topology.
- Untrusted machines have no visibility or access to trusted systems on the network.
- Data on the network is (optionally) encrypted to prevent access by any user or machine that does not have appropriate permissions.
Isolate and Protect Servers (Such As Credit Card Systems)
DirectSecure isolates sensitive systems from untrusted systems to reduce the risk of attack from internal or external sources.
- Reduces the expense associated with an audit by limiting the number of servers in scope" for the audit.
- Enforces tiered network access controls by further isolating specific logical groups of systems.
- Leverages existing Active Directory infrastructure and native IPsec within operating systems, making it both cost effective and easy to deploy.
- Eliminates expense and ongoing management costs associated with acquisition and maintenance of traditional approaches, including VLANs, firewalls and routers.
Secure Distributed Networks and Data Centers
Unlike network appliance-based methods, DirectSecure uses a host-based software approach, ensuring security policies are enforced regardless of location. This makes DirectSecure an ideal solution for dynamic IT environments that include distributed networks, virtualized platforms and cloud computing.
- Logically isolate distributed systems to their own trusted virtual network" regardless of the current physical network topology or system location.
- Establish trusted identification of systems independent of either physical or virtual compute platform instead of relying on network (IP or MAC) address.