April 16, 2018

Exchange Database Solution for GDPR Compliance

Cord3’s Exchange database solution for GDPR compliance protects the sensitive contents of your Exchange databases from unauthorized access.

Exchange databases contain an immense set of incredibly sensitive information: private customer and employee information, sales transactions, strategic negotiations, business plans, supply chain management, safety plans, … the list goes on and on. Attacks on personally identifiable information (PII),  intellectual property, and strategic data go straight for Exchange databases because there is such a wealth of information in corporate and government Exchange systems. It makes sense that Exchange contains such a wealth of information. E-mail is the most widely used communication tool on the planet!

What doesn’t make sense is not properly protecting your Exchange databases from insider and external attacks. Organizations that do not protect their Exchange databases will not be GDPR compliant when a breach occurs.

Cord3’s solution encrypts e-mail messages so that only authorized people can view the contents of sensitive messages stored in Exchange databases. “Authorized people” is based on your policy, but it is usually just the sender and the recipients. Cord3’s solution also delivers highly sophisticated e-mail delegation that allows delegates to only see information they are authorized to see – this capability enables executive assistants, for example, to do their jobs, but it prevents the assistants from accessing confidential information only intended for executives. Privileged administrators and external hackers cannot access sensitive information even if they have access to Exchange … even with Exchange administrator privileges!

The Exchange database solution is completely transparent to users. All they have to do is hit “Send” and “Open” as they normally would. Cord3 takes care of the encryption and encryption key management so users (and administrators) don’t have to. There is nothing to install on users’ desktops and mobile devices. And there is nothing to install on the Exchange server which can live in either the corporate network or in the Cloud. Cord3’s Exchange database protection solution is controlled by centralized policies, not users’ choices, and separates keys from message contents.

In addition to making your Exchange databases GDPR compliant today, Cord3’s solution already solves the next big problem in security – the breaking of public-key cryptography by quantum computers. Cord3’s encryption of messages in Exchange databases is done using only strong, standard symmetric encryption, so there is nothing to be concerned about when quantum computers can break public-key cryptography. You can read more about Cord3’s strong encryption here.