According to Okta, the average organization manages 88 distinct applications. While not all of those apps handle sensitive data, many — including customer relationship management (CRM) and business intelligence tools like Salesforce, Zendesk, and Looker — contain and transmit customer and business details that should remain confidential.
On our recent webinar, Extending Encryption Across Your SaaS Applications (now available on demand), Virtru’s Trevor Foskett, Director of Solutions Engineering, and Brett McCrae, Senior Director, Customer Success, described the Virtru Data Protection Gateway as a “Swiss Army Knife” for encrypting data anywhere it needs to be, but also decrypting it where it makes more sense to do so.
Virtru’s Data Protection Gateway is versatile, and customers use it for a wide range of encryption and decryption scenarios. Virtru’s Gateway also equips organizations to daisy-chain inbound and outbound encryption and decryption, enabling them to automate and fulfill their archiving and data protection needs seamlessly.
Outbound Encryption: Protect Messages Before They Leave Your Environment
Outbound encryption protects outgoing messages that are being shared outside your organization and can be tied to Data Loss Prevention (DLP) rules so that only messages that meet certain criteria become encrypted. Virtru customers use this to automatically encrypt messages containing specific details like social security numbers or patient records. Some customers connect this to device-generated data, such as a scanner creating and sharing a PDF.
Inbound Decryption: Enable Scanning, Archiving, and Automated Data Flows
Inbound decryption makes encrypted data readable when it enters your environment. Many organizations use this to archive messages in an unencrypted format, or to run other software like malware or virus scanners. This ensures that organizations can get the most out of the other software they’ve invested in, allowing data to flow through those apps in an unencrypted format.
Many Virtru customers use apps like Salesforce to manage their customer data, and they want data to be encrypted as it is shared, but they also want to ingest data into their Salesforce instance unencrypted so that their sales teams are better able to do their jobs.
This use case extends to other apps created in-house, business intelligence apps like Looker, collaboration tools like Atlassian, and many more.
Outbound Decryption: Decrypt Messages In Transit to Trusted Environments
A less common Virtru Gateway scenario, this decrypts messages and files that have been encrypted by the sender using the Virtru email plugin. This can be useful for organizations sharing data with a trusted external partner and already have other data protection safeguards in place.
Some industries, such as the financial sector, have reporting obligations (such as to the Securities and Exchange Commission, the SEC) and need to make eDiscovery available. In these kinds of scenarios, outbound decryption can be followed by another Gateway instance (outbound encryption) to ensure that the decrypted message can be inspected or logged, but then becomes re-encrypted as it moves outside the network. This way, the message is still encrypted when it travels to the recipient, the way the sender intended.
Inbound Encryption: Protecting Incoming Data As It Enters Your Environment
Inbound encryption ensures that data remains secure as it enters your environment. This can be valuable for organizations in highly regulated industries that want to keep their data completely secure in the cloud, or for organizations that receive inbound highly sensitive information. Healthcare organizations, for example, may receive patient protected health information (PHI) unsolicited, such as a patient describing their symptoms or sharing their insurance information via email. That information needs to be safeguarded as it’s stored, so it doesn’t become compromised. HR teams may also receive an abundance of resumes containing personally identifiable information (PII). Inbound encryption ensures these messages are wrapped in a layer of security.
Deploying the Virtru Data Protection Gateway
Customers have the option to choose a fully hosted solution (a Virtru SaaS offering), or to host the Gateway on-premise or in a private cloud. Customers can implement these flows on the Google Cloud Platform, Amazon Web Services, Microsoft Azure, or in a physical data center, if they prefer. Virtru’s team provides comprehensive support to ensure your Gateway meets your needs and is set up according to your specifications. Start to finish, Virtru’s team can support you through the transition to make sure you get up and running smoothly. To hear more details about how the Virtru Data Protection Gateway works, watch the webinar.
Want to learn more about how you can protect the data flowing through your SaaS apps? Contact Virtru today to start the conversation.