In order to ensure the right level of data protection, all areas of potential risks need to be addressed: the security system will be as efficient as its weakest point.

Given that the majority of data is currently stored in files/documents or databases and that the vast majority of applications are created using WEB technology, the following system should be considered as a necessary set of security measures:

• DLP – protects against leakage of data from hosts/network,
• WAF – secures WEB applications
• DAM – protects data in databases.

Data should be protected at every stage of its life cycle – from the moment it is entered into the systems. Thanks to the use of application protection (WAF) and database protection (DAM), it is possible to protect the data already at the stage of sending the information to the system, which allows to cover key aspects:

• only authorised users have the right to enter/modify data,
• data is of sufficient quality,
• there is absolute user traceability – who performed the specific operations and what scope of data was used.

At a later stage of storing data in files and databases and their subsequent processing, it is necessary to protect them against unauthorised access and uncontrolled leakage.
This is where the DLP systems (host and network protection of sensitive information against leaks) and the aforementioned DAM system come into play. Both solutions offer data classification mechanisms so that the level of protection can be adjusted to the level of sensitivity of the information.
The solutions offered by APIUS cover all the described stages of the data life cycle. Our portfolio includes the following products

1. Imperva SecureSphere Web Application Firewall (WAF) – the solution enables the validation of all information sent by the browser to the server and verification of its correctness, and thus can protect the application from the most common attack mechanisms:

• code injection attacks, usually SQL Injection,
• Cross-Site Scripting (XSS),
• attacks that take advantage of incorrect session management and authentication,
• unsecured direct access to facilities,
• Cross Site Request Forgery (CSRF).

2. Imperva SecureSphere Data Security (DAM) – a system enabling monitoring of users' activity in databases as well as active protection (DBF). Its main features are as follows:

• inventorying and classification of information,
• security evaluation and databases safeguarding,
• monitoring and enforcing the use of databases,
• reporting and audit management.

3. Forcepoint Triton – a DLP-class solution that offers both network protection (e.g. documents attached to e-mails) and host protection (e.g. uncontrolled copying of documents and saving them to flash drives, unauthorised prints, etc.

4. We also offer a Trendmicro DLP solution, a host solution which constitutes an additional module to antivirus software, that can provide a low-cost package of functionalities protecting the terminal station.

Our solutions allow for effective supervision of information security at every stage of its life cycle. In addition:

1. due to the implementation of both application protection (WAF) and database protection (DAM) from the Imperva SecureSphere products family, we receive an unprecedented functionality allowing to track the application users in the database (correlation of information, even though the application logs into the database using a single shared account),
2. the available mechanisms for inventorying and classifying the data make it possible to evaluate the level of sensitivity of the data on the basis of their content, as well as to identify any locations where such data, which are not fully known to data controllers (e.g. due to insufficient level of specificity in the post-implementation documentation of the systems), occur.
3. in view of the very strict requirements concerning the protection of personal data, as well as the traceability of access to such data, risk management and reporting (RODO), which are coming into force in 2018, the presented portfolio of solutions seems to be a necessary set of tools enabling the fulfilment of the main requirements of the directive, for instance, in the scope of:

• full traceability of any access – who, when, to what extent, has been granted access to personal data,
• protection of access to data – privacy by design and privacy by default requirements,
• right to be forgotten – all datasets with entries that need to be deleted can be easily inventoried,
• determining the scope of application of RODO – thanks to the classification mechanisms, all the locations where personal data occur can be quickly and reliably determined without, for example, incurring costs of the protection of systems in which such data do not occur,
• required periodical estimation of the risk level – e.g. through the module of databases security evaluation within the DAM system,
• incident reporting – only thanks to the tools supporting audit/reporting, that are available in the presented systems, it will be possible to collect a complete set of information necessary to report the potential incidents within 72 hours (resulting from legal regulations).