For greater protection of sensitive data against loss, theft, disclosure and economic espionage, PRIM'X introduce a new way of integrating encryption within an organisation.
Information is considered a company asset; data is both everywhere and widely disseminated. Classifying a company's information is a difficult task, and its actual value is not that attributed to it, rather that which an enemy would give it.
For these reasons, a global policy must be adopted:
Encryption must be ALL-EMBRACING, SIMPLE and TRANSPARENT, AUTOMATIC and SECURITY POLICY-DRIVEN.
When thousands of users - often on the move - are involved, and dozens of terabytes at stake, security cannot merely be left to the discretion of users and must not be limited to simply protecting against the outside world.
It must enable internal segregation (via the "Need to Know" rule) and offer End-to-End Global Protection, covering anything from local files and folders to central backups, shares on servers or NAS systems to MS SharePoint libraries, USB drives or external hard drives to e-mails and Cloud exports (Dropbox, OneDrive, etc.).
Whether in the office or on the move, users must live and work in a globally encrypted environment, without changing their habits or having to deal with new constraints and thus apply their organisation's global protection policy. They must also have very simple, user-friendly and intuitive means to strengthen this protection when they have to take information outside the company perimeter (external emails, work sharing in the Cloud, etc.).
This right is intended to supplement -but not replace - the various classic rights-based systems (rights on files, network rights, etc.) that manage and control the physical entity which carries the information, the file and its medium.
The right to understand must be separate from, and independent of, the infrastructure. It is absolute, since no loss is permitted. It must be applied end to end and seamlessly: only the end user has the key to access readable content; no third parties (storage providers, relays, temporary data warehouses, user authority servers) must be able to access this content without themselves representing a major - and global - risk.