Ohalo

Ohalo's Data X-Ray is an AI-driven unstructured data platform built for the environments where sensitive data is hardest to find and hardest to protect — complex, air-gapped, on-premise, and hybrid-cloud deployments serving federal agencies and regulated enterprises. Data X-Ray connects to virtually any data source and maps files at high speed, applying an AI-powered classification engine that combines regular expressions, dictionaries, OCR, named entity recognition, and large language models to identify sensitive content across millions of documents with precision.

What makes Data X-Ray distinctive is its immediate time to value and continuous operation. Rather than producing a static inventory, the platform drives action from first connection: automatically labeling files, applying Microsoft Information Protection sensitivity markings, redacting content where appropriate, and feeding discovered data directly into governance workflows through integrations with Collibra and Atlan. Data X-Ray continually adapts to new and changing content as it is created, edited, and shared — and when classification policies change, labels and enforcement update automatically. Discovery is not a one-time event, it is a continuous, AI-driven, policy-aligned process.

Ohalo + Virtru Data Security Platform

From Classification to Enforcement in One Automated Loop

Discovering where sensitive data lives is necessary but it is not sufficient. Every classification scan produces a map of exposure — but a map does not control who can open a document, prevent it from being forwarded, or revoke access when an employee leaves or a contract closes. As sensitive information increasingly moves across organizational boundaries — between agencies, coalition partners, contractors, and cloud environments — perimeter-based security offers no protection. The gap between knowing what is sensitive and actually governing access to it is where most data security programs stall.

The Ohalo and Virtru integration closes that gap automatically, across your entire domain. When Data X-Ray identifies a file that meets policy criteria, it triggers encryption via the Virtru Data Security Platform. Each file is wrapped in the Trusted Data Format (TDF) with Attribute-Based Access Control (ABAC) policy embedded cryptographically inside the data object. Protection travels with the file regardless of where it moves, across organizational and national boundaries. Access is evaluated in real time against current entitlements at every subsequent open. The cold start problem — years of existing unprotected files — closes in a single automated operation.

Critically, the integration does not stop at first import. Data X-Ray continually adapts to new and changing content as it is created, edited, and shared. When classification policy changes, enforcement is updated with current attributes automatically — no stale protection, no manual remediation. Classification drives enforcement. Enforcement stays current with classification. 

For defense and intelligence organizations, TDF provides the interoperability layer between U.S. IC/DoD and NATO standards, making the Ohalo + Virtru integration directly applicable to coalition data sharing and allied partner environments.

Specific integration points:

• Data X-Ray's admin console connects directly to the Virtru platform via credentials and ABAC namespace/attribute selection — a single configuration step links discovery to enforcement across the full file inventory
• Data X-Ray's dry run mode lets administrators preview which files will be TDF-encrypted and validate decryption before committing to full-scale rollout — eliminating the mass encryption error risk that blocks adoption in high-stakes environments

• Discover sensitive data across every environment — and protect it automatically — Data X-Ray connects to cloud storage, on-premise file shares, and air-gapped repositories without code changes; when classification criteria are met, Virtru TDF encryption triggers immediately, embedding ABAC policy inside each file before it can move or be shared
• Close the cold start problem on existing repositories — years of unprotected files across shared drives, federal program stores, and enterprise repositories are scanned, classified, and TDF-encrypted in a single automated operation; no manual file-by-file remediation, no operational disruption
• Enforce access at the object level — not just at the perimeter — once TDF-wrapped, a file carries its own access controls regardless of where it moves: contractor laptop, partner network, downstream agency or enterprise system; the Virtru Key Access Service enforces entitlements at every open, not just at the point of download
• Revoke access instantly when relationships change — when a contractor rotates off a program, an employee exits, or a business engagement closes, entitlements update centrally; the next access attempt on any copy of any protected file is denied, without recalling or re-encrypting documents
• Integrate protection into existing governance workflows — native Data X-Ray integrations with Collibra and Atlan surface discovered and classified data within existing governance platforms; Virtru ABAC enforcement travels with those files wherever workflows move them, extending control beyond the catalog boundary
• Keep protection current as policies and regulations change — affected files get updated ABAC attributes automatically; protection stays aligned with policy without a manual remediation cycle
• Build the audit trail that compliance programs require — every Data X-Ray classification event and every Virtru access decision is logged; the combined record supports evidentiary requirements under CMMC Level 2, NIST SP 800-171, HIPAA, GDPR, and other frameworks that demand proof of persistent protection, not just perimeter controls

Deploying the Ohalo Data X-Ray and Virtru Data Security Platform integration requires active deployments of both platforms and an identity provider to source the user and environmental attributes that govern access decisions.

• Ohalo Data X-Ray deployment — on-premise, air-gapped, or hybrid; designed for complex, highly secure environments
• Virtru Data Security Platform deployment — SaaS, customer VPC, on-premises, or air-gapped; matches Data X-Ray's deployment profiles
• Virtru platform credentials configured in the Data X-Ray admin console, with specific ABAC namespaces and attributes selected during setup
• S3-compatible or on-premise object storage at the target data source — Data X-Ray connects without code changes
• Compatible OIDC/OAuth2 identity provider — Okta, Microsoft Entra ID, Ping Identity, or equivalent — for ABAC attribute sourcing

Security

The Ohalo and Virtru integration applies defense in depth across the full data lifecycle. Ohalo Data X-Ray governs discovery and classification — scanning sensitive data at high speed across complex, air-gapped, and on-premise environments. The Virtru Data Security Platform adds object-level TDF encryption with ABAC enforcement that persists beyond the discovery boundary, through every downstream access, share, and movement event. Data X-Ray identifies what needs protection. Virtru ensures that protection is applied at the object level, stays current with policy, and is enforced at every access — including after files leave the originating environment.

Compliance

The Virtru Data Security Platform is FIPS 140-2 validated (VirtruCrypto module, Certificate #4440). TDF encryption with ABAC enforcement directly addresses persistent protection requirements under CMMC Level 2, NIST SP 800-171, HIPAA technical safeguards, and GDPR Article 32. Every access event is logged in Virtru's comprehensive audit trail, providing the evidentiary record required by compliance programs that must demonstrate not just that data was protected, but that every access to protected data was authorized and recorded.

Privacy

Virtru's architecture is built around a core principle: we cannot expose what we do not hold. Client-side encryption ensures that Virtru infrastructure never has access to plaintext data. Customer-controlled key management options allow organizations to retain full cryptographic custody of their keys within their own infrastructure. For organizations with data residency requirements under GDPR, state privacy laws, or agency-specific mandates, object-level encryption with customer-held keys provides the technical control that residency obligations require.