KuppingerCole Webinar recording
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
KuppingerCole Webinar recording
KuppingerCole Webinar recording
Good afternoon or depending on the time zone you're in good morning, ladies and gentleman, welcome to our recruiting and call webinar. How to share your corporate information with whomever you want securely secure information, sharing, collaborating with enterprises and this year partners while keeping your sensitive well, you information assets protected. This webinar is supported by tics. The speakers today are me Martin Kuppinger I'm, founder and principal Analyst at KuppingerCole and Saman CTO and founder attics.
So today we really want to talk about sort of the essential topic of overall information security, how keep your informa, how to keep your information secure when sharing that information. That's not about keeping a single system secure or whatever, protecting your network with a firewall. It's about the thing at the core, which is the information before we start somehow, it's keeping some information about keeping a call and then we will we'll move on. Keeping a co is an Analyst company.
We are providing enterprise it research device, service, decision support, and networking for it professionals through our research services, advisory services and events. You'll find more information about it on our website when looking at events, our mainly ones, European identity and cloud conference, which will be held again next year in may in Munich, it's the lead conference around identity access management, information security and related topics in Europe. Don't list that conference regarding the webinars and guidelines you are to centrally. So you don't have to mute or mute yourself.
You are controlling these features. We will record the webinar and the recording will be available tomorrow. We also will provide slide X to you for download so that you can download slide X on the Q and a session we'll be at the end. So you can end the questions at any time using the questions, feature the code to webinar control panel. I always recommend that you start entering questions once they come to your mind so that we have a list of questions available. When we start to take Q a session, looking at the agenda, the agenda for today is most our, our webinars, three parts.
First part, I will talk about various approaches and secure information, sharing the overall lead for secure information sharing. And when looking at approaches a little bit, I was looking at strengths and weaknesses. The second part Kaman will talk about or will provide a deep dive from various customer use cases, explaining the customer requirements for secure information sharing. And afterwards we will have some time for Q and a.
As I've said, if you have any questions popping up during this webinar, please enter them directly so that we have a good list of questions when we are starting to take Q and a session. So I want to start with a, a picture. Some of you who have attended our company called webinars or VC or other presentations of me before picture, some of you might be familiar with, which is sort of our computing TRICA picture. So what you really see is that we have a lot of change with cloud computing, with other deployment models.
We have social computing, more types of users to deal with sort of more complex scenarios. We have the mobile computing stuff. And so our scope of information security also is changing. We have to cover more devices out of deployment models, more users. There's a lot of discussion about what technology use around etcetera. But when we look at it, realistically point is that at the core of this entire thing, we have information. So information is really what is at the core.
We want to product information, regardless of where there are in which deployment model, which, which device we are using, who is using that device. So we need to focus family on information security and investing a little bit technol into a little bit technology for mobile security, a little bit technology for social logins and a little bit technology, but cloud security will not solve your problem of information security. What really will solve your challenges is in Westing into technology that protects information. And this aligns well.
When we look at today's business today's business challenges and what we need to do around these challenges. So we have a number of challenges. So we have some permanent challenges, such as globalization landscape changing. We have changing competitive landscape and far we got changes. The never before we need to grow, we need to hunt for talent. We had various incidents around economic turmoil. So the us financial crisis in the Euro crisis, we have changing and usually increasing regulation. So to be successful as an organization, we need to do some things.
We need to support the extended enterprise in a global world. We need to be at trial to grow. We need to be agile to sustain, changing competitive landscape. We need to innovate for grows. We need to collaborate and communicate far more than ever before. Also across the entire enterprise, we need to become agile in case of economic Turmo cetera. So we have to do various things for many of these changes. For many of these challenges, we need better ways to securely share information.
So the extended enterprise, which is already connected the agile connected enterprise, how we call it these days is where we really need to be able to collaborate across the supply chain with a number of partners in a very flexible way when it comes to agility. It means also that we will work more with partners. We work with different partners when we look at different competition and or the co-option, we need to be able to flexibly share information, but also ensure that this information keeps under control.
Innovation also means working more with external partners, cetera, see the number of industries. If you look at life sciences and others, their entire research and development becomes more and more open shared, but it still needs to be safe and protected. Even compliance on fact is something which is closely related to secure information sharing and clearly us collaboration communication. So if we have people who want to work in different work models with different devices, cetera, we still need to be able to protect the information this case. So we need to be successful as an organization.
We need to be able to share information securely. And there's one thing I, I want to add here is that there was, I think a while ago, probably a year ago. So there was a, a survey done by, by a larger security vendor who looked at the percentage, the information as itself in the overall corporate value. And they asked a number of organizations in the us and in Europe and other regions. And on average, the value of information was more than 50% of the corporate value.
And if you look at a lot of industry, life science and pharmaceutical automotive and other types of manufacturing industries, etcetera cetera, in many of these industries, the value of the overall organization is largely based on their intellectual properties. And so we need to protect it. We need to protect successfully. In other areas, we have just regulatory regulatory issues. So we have to comply with regulations and protect information in a well sorted way. So the question that arises is which technologies will allow us to protect information, always in every situation addressed.
So when it is a file server in move, when we transfer it, let's let it be an attachment to an email, let it be an other type of file transfer, whatever, when it's in use. So frequently, we have technologies which protect information at the windows file server.
Okay, that's fine. But once we remove it from there, things become more complicated. We have all the technologies to protect, to encrypt information when we transferred. But what happens?
Someone, if someone decrypted opens it, usually he can do everything. So how can we keep information under control in, in a number of scenarios, in as many situations as possible. And there are various terms for, for technologies around this, which I will use in the next huge lives in the next few minutes. And so one is secure information sharing. This is a term that this drives all types of technologies that enable secure sharing of information within and beyond the enterprise. There's a term digital rights management, which is more commonly used for videos and music.
So it's a, usually a little bit more low end approach of protecting some property rights in that area. And then we have enterprise rights management, information, rights management, which are used pretty much synonymously. So how to protect shared documents. It's mainly about documents, not about records, databases, cetera. So all types of documents, in fact, because that's why we create documents. We want to share them, how can we protect these documents, right? A life cycle, the rights in this case are the sense of access, right?
Entitlement or in the case of digital rights management, right. To use. So how can we apply rights to information and protect information so that these rights always apply. That can say, okay, this document are, Martin could be allowed to read. He allowed to print it, but he's not a lot to copy parts out of it, whatever else he have in mind, that might be a lot of different types of rights. But basically this is the idea, how can I protect information and a key technology there in rights management.
And there are a number of players that market, which write capabilities in somewhat different ways, but basically the fundamental concept always is sort of the same. So, so you have a document, you have a key, usually have a number of keys for different persons and etcetera, et cetera. So to enable recovery, et cetera, but let's say there's a document on the key ending up in an encrypted document with associated access control. So then you have an application or the system level, it might not necessarily be the application.
It might be also enforced at the system level, which that sure that when once document is decrypted, so the application can decrypt or a system level two can DEC for that application and it can enforce the access control. So this is basically the idea. The part is that the security settings, in fact, do not apply to server such as with the security settings as a, at a file server. They do not apply at an particular endpoint where we might say, endpoint security, security, prohibits sending out an information. They apply at the level of the document.
It says, so what you protect is what you really want to protect. It's the information, it's the document. As you say, this is a document and this can be used only that way and to enforce and forces encrypted, because if it were not encrypted, everyone could use it easily. So this is basically in a, in a very cost grain and abstract view. What happens in this area of rights management information rights management is not the only way to are not the only technology where when promise that they can securely share information. So there's information, right management.
The good thing is through, through the integration with either the system level or the application level, it isn't first at rest motion and usage really is the one technology which works across the lives. Like, yes, you can argue, oh, but if someone was looking above your shoulder on your screen, he might still see that without having, without being permitted. Okay.
Yes, there are always limitations, but basically this is what do else do we have? We have secure data rooms, which are in fact only secure at a specific rest place, sort of in the data room, which protect information transfer to it. When it's about in use, usually they are limited to some viewers applications, but they don't provide a full flexibility secure file transfer. It's about in motion there, some industry collaboration network, which typically also support some restrictions.
But again, if you don't know something, you're outta scope, but you might enhance this by RN technologies. So you might combine these things. The same is true for secure email, and you might then use IM protected documents and via secure email. Then you have in some areas sort of a double protection, others, you still have the IRM data leaks prevention is rather limited. And I'm honestly not the very biggest believer in, in the value of data leakage prevention only because it doesn't fully solve the trust, the problem.
So rights management of the fact, the only approach to protect information seamlessly across the entire life cycle addressed in motion in use, it should be a standard approach. You might complement it by additional solutions, faster, over security SSL, but it's really about starting with the central approach, which helps you really to protect your information in every situation don't think about where do you need more for specific use cases, et cetera. It should be part of any identity access management, GRC initiative. It's really a key element of the entire security.
However, there are challenges and that's something where you have to look at the various technologies and look how they handle this, how good they are in these areas, what you need. And you also have to be just aware of where, where sort of the limit of the type of technology. So one is key management. So at the end of the day, it's about encryption and encryption ever is easy. Most implementations requires can be somewhat challenging in, in administration. So key management is clearly one of the bigger challenges you, we are facing user management.
If you want to say, to manage access for different users, you need to manage the user system sales, which is, or quite easy for the internal ones, which might be more challenging for external ones. So how do you deal with registration Federation, et cetera, application support. So how do you deal with applications? How can you enforce the access rights, the entitlements within an application? So there's no standard standard way to do it from the application side, but you might intercept that level. You might create enhancements of applications.
There are various ways, depending on the technology you're choosing granularity, it's a focus on the entire document. So it's not that you say, usually not that you say this part of the document has different access rights and the other part of document usability. It can be challenging. So for the user, it's always a challenge to understand which information do I have to protect in which way, et cetera. And it's focused on unstructured data.
So on documents, not on structured data with databases as a standard challenge we are facing on the other hand, technologies are here and there are a number of technologies that truly can address the problem challenge for secure information sharing across the entire life cycle. What are success factors you should support various fail file formats that, that are really important ones and applications either by direct integration into the applications or by relying on more system level approach, the user interface. And also the use management should be both simple.
So how to do this policies, classifications, cetera, make it simple. Don't create inhibitors for your uses here. And usually you should start this defined use cases. So where equipent scenarios, where can you really create visibility for the value of the type of technologies? So what is our advice on that rights management is key for information security and has to become parts of a type of information security strategies. This is really a key element of what you are doing. It's the way to start really at the core of the problem. That's how can I protect information?
And this is the te technology, which is really here. It can be deployed successful in defined use cases, start there. So don't try the big bang at the beginning. It's more promising to start at a specific use case. It has to be simple and non intrusive. We clearly expect it's seeing gaining momentum due to the increasing pressure for information security across which all industries.
Clearly there are some industries which are the logic uses go and the military with their sensitive information, finance with a lot of challenges here, defense in aerospace, highly sensitive information shared across the supply chain, automotive and manufacturing or healthcare and farmer. All of these are examples, but are clearly more industries. And in fact, everyone needs to protect information. So it's time to look at how to securely share information.
And now on the second part of this webinar, Zalman will talk about where is customer use cases and explain the customer requirements for secure information sharing. So I will making percenter now and then Z C Hello. Hi everyone. My name is Zach Hoffman. I'm a CTO and founder for tic just shared my screen. So I'm today, we're going to go over very few cases that we are seeing in tic tic is an M LP type of player, protecting documents, then files for a customers in a variety of, of areas.
And we are going to look first observe the various hurdles of various problems that organization today facing. Then we are going to, into several use cases and, and just talk about important things that you need to consider when you are at the solution or what should be on your short list of things to, to monitor when you are evaluating such products. So the first part is you can see these are the usual consumers of data within the organization.
Any, any one of these consumers has different needs, different requirements, which the solutions should address. And part them are based might be based on agents that are install. And some will be based on agents, depending on the kind of solutions that they're looking for. So we are seeing more and more in our customers requirement to support, to provide the board management with access to the most sensitive file, to a strategic file. Those organizations, which will be consumed on any kind of device, usually outside of the organization.
Now, these guys are usually would like to view it on their iPads or under Android tablets. And they have legal time for confusing logging or a credential. So you need to provide an easy system, easy infrastructure for them to be able to view this files, consume it, collaborate, add remarks on this file while not complicating. The consumption of this file. Internal internal employees are something that are users that usually have access to the file. And will, will define three types of internal user that you have, or three types of group that you have within the organization.
You have the owner of the data. And Don of the data is not the actual employee that the organization service it's shareholders or the owner of the company, internal company, the users of the data itself, they would like to be able to get protection profile, but in a manner that will not disturb their daily routine. So you need to make sure that when you are putting your protection in place, you will not change how they're doing their daily job. You not change their application, they'll just do whatever they need to do.
And the software, the protection, the ER, M software will take care of the security. The third party, the third part of the internal employees are your administrator will need access to the files, but not to its content, which means that they can do a backup and restore the data, but they cannot see what's in the file itself. So you would like to search for a solution that can provide you with this segregation of duties in our organization. I would look at consultants and still part together. These are parties that you share data with.
There are outside of your organization, you don't have access to their identity system. And, but you still would like to share with them data still have a shared data based on specific user or specific organization while you are always in control. So even when you share the data with them, you always know what they're doing with the data. You can always revoke for them access to this data in case that your contract is up or you think, or you, they love the data. You can always revoke access to the data. Looking at the various devices that currently has, that users are using at the time.
And I think that it was Jerich group from five years ago that talked about the troubling perimeter of the organization. Data was not, not as long ago, confined within the building or within the office of the organization, but today data is spread around all over the place.
So you, and now we have seen a, a lot of cloud storage like Dropbox box, Google drive, which organization are using their daily daily to exchange data with external parties, even with their own peers in the same company that are in different offices, worldwide, these storage devices, even though they're providing excellent way of sharing the data, provide great security risk for the organization because hackers can hack into this data. And you don't know what happens when the data is shared.
On the other side, single goes with the amount of mobile devices that we see today, like iPads, Androids phones, users would like to have access to the, to files on these devices as well. But these devices when lost a great, a great problem for the organization, Gmail, even though that's not a new infrastructure, it is in fact, the first sharing platform that is out there, right? Because everybody is using Gmail and we are sending files using Gmail, but we need to look at how we protect files even when you is Gmail. And the last thing that we need to take care of is the apt is cyber threat.
This is something that some organizations are facing. Some in that some countries that are attacked by other countries to get a, to get intimate data on the plan or of this country or organizations that are, have designed. And they would like to get access to their competitors. They used to look at the garbage of their competitors, but now for a very low sum, they can have higher hacker that will penetrate the other organization and, and will get the designs for them. So it becomes real easy to get a hold of design from another company.
So when we are, when we are looking at, when we are asking ourselves, what is that we are looking for, or what are the problems that I should be, that I should ask that I'm facing internally? What, the question that I need to ask myself when I'm evaluating an urine solution, or why do I need an urine solution? So if you are, if you have your proprietary information and we are going to verticals in just one slide, but if you have your, you have proprie information, it is either confidential or regulated.
Then this is something that you need to consider how you're going to stay up to date with the regulation or how you are sharing this proprietary information with external parties, or even in journalism, you would like to see something that will not distract your business flow. So, and that's a major thing, because this is not something that you consider your top priority when you come to evaluate such solution solution. But when you are going to implement such a solution within organization, it will become a, a clear issue. If you are not handling it correctly.
And same goes with how the organiza, how the users are going to behave. When you implement such a solution. And going back to the, beyond the perimeter of sharing data, you would like to be able to share this data in a variety of manners pending on the use case that you have in mind.
Like, would you like to share data with your lawyers and you'd need them to actually work on the documents that you are sharing with, or do you just need to share data with external party, just for view on just for their information. So they'll have access from any kind of device and you can always revoke active. These are part of the industries that cores are handling each one of them has their different needs.
I'm going, I'll give several examples for some, for this industries. And then we are going to build use cases that we have in the healthcare we are working. We are working with the techn largest HMO worldwide. And one of the issues is that they need to transfer transfer EMR, electronic medical records from one branch to another. And some of these branches are not connected through their internal networks. So they would need to send it by Ky or by mail or by Dropbox. And that's the way that they use use they are using today.
The problem is, of course, that these networks are not secured or the infrastructure is not secured enough. So they were, they came to converts to help them maintain the way, the same way that are moving EMR from place to place. But this time in a secured manner, the legal, the legal arena are a, is something that we are handling a detail with ethical walls that you have within your, within the law firms. When you have a law firm and you have some lawyers that are exposed to data, which other lawyers in the same firm should not have access to.
If these documents are not protected, then these documents might go to the wrong lawyer. And then you have a major issue with your customers. So this is something that we are currently doing with implementing with an HP product, which is called I manage, which is the leading legal document management system. And we have it integrated within again to help perform the ethical walls while still a using the same infrastructure for them. Constructions companies, educational are, are using some of the examples. Retail banking, insurance manufacturing is a very nice example.
Many manufacturers are doing the design within the, within the print, but the actual manufacturing is something that is done on other countries. The thing that they had issues with is that once they are sending the designs outside, they have no control anymore on who is going to use this design and who is going to copy this design. So we covered it. What we're doing is that, trust me, Go ahead. Which what they did is that we are encrypting and protecting the design before they are living the factory.
And we are a allowing these designs to be open on a specific machine on the target manufacturer type. And then only this device does only this machine can open the file and work on the file and it to a different place. It will be blocked and they will not be able to use it. So going to two use cases, data I talk about is going on how you are controlling and protecting files that you have like intellectual property from pulling into the wrong hands. And of course, no matter how the data is shared and pulling into the wrong hand, it might be internal to your organization.
It might be external to your organization, and you need to make sure that you're doing it in a way that the user will just work on the file and you are doing do protection. So for covers, what we are doing is that you need to employ some way for you to identify what is the sensitive data. So what is the data that you need to protect? And then based on the information that you gain on what that you identified, that this data is sensitive, you will want to protect those relevant data.
You would like to be able to move these files on any kind of platform by mail or bar this key, and making sure that the file will be always protected with COIC are what we are doing in marking show that very nicely before that we are in fact wrapping the file, and we are embedding our logic engine within any kind of file. And that, by the way, goes back to your supporting any kind of application, which is very important for many organizations. So what we are doing is that we embed within the file. We embed a logic engine.
Now the file is one entity that travels within either internal or external organization. And whenever the user tries to consume the data, it now evaluate the ver the various content and content that the file is currently located in. And it decides on the fly, what is the allowed operation to, to be done on the file? And what's not. So for instance, if I'm a administrator, I have a many documents with IP and my organization invest heavily in security, but I'm sending a very protect, a very sensitive Excel file to one of my external auditories that may, might be an accountant.
Now, this firm is not investing too much insecurity like I did. So, and what we are doing, because the file is protect and has the logic engine in it. When I'm sending the file on the way is protected because it's encrypted and on the target, external audit firm, when they're opening it, I can target which user on the other side can open the file for how long it can open the file and what can do with the file and both retain my organization. So you have your M or your protected wrapping around your file, the travel with the file.
And now it is outside your organization, and you're controlling what can be done with the file and to see the benefits that you get from it. So the solution is fits with your, within your enterprise. So you have all access to your keys. There's nothing that needs to be exposed externally.
And we, and the solution will explore and drug analyze your digital data. And by the way, going back to what Martin said, you have neuro several places you need to search for data. You have your data address, which we have, which you are going through crawlers or S or other devices that will look for sensitive data that are sitting on in your projectories. You have data on the move when you are moved. When you're copying file, you are sending it outside.
When you need to identify that this is something that needs protection and something that users actually using currently the document, which you need to evaluate. If the document, the currently has no sensitive data in it, but the, the minute that I entered a credit card in it, or I wrote an IP or PII within the file, I'll provide the appropriate protection for the file. It's important to be able to integrate into your existing infrastructure. And then we gave two examples here, and I'll mention several more. First of all, is a documents management that many outer, it might be SharePoint.
It might be, I manage, it might be documental again, whatever depends on the type of solution that you need. We have one customer, one customer that is a security oriented company that we are protecting the source code for them. So we are integrating with their source code system in order to project while they are working on the source code itself, DLP environment might be in place, but DLP is, but DLP is something that will only provide you protection.
When the file is inside organization with you can have protection outside organization, or if you want to provide protection with another thing that we are seeing quite a lot is the need for compliance or regulatory. As I mentioned before that, and the need for organizations to know what is happening with the file and have a detailed forensic report on, on the file step. And we are looking on, we are looking at companies that needs to share data with a or secure data that is in their internal system.
For instance, sub sub software, many, many organizations when they have, when they need to maintain PCI compliance, they're using sub and everything is fine, but they don't realize that when they are copying credit card information from and file and they're facing is into an Excel file, are violating the PCR regulations. So we, we converted, what we are doing is that we are protecting the files once the, once the credit card information reaches it after it was copied from top or I, or other solutions on top of that, because we are offering an extensive reporting facilities.
We enable the organization to know exactly where all the files are. And part of the part of the stocks for the us for example, is, is talks about your knowledge on where our or sensitive information is. For instance, your end of year balance sheet. You need to be accounted for that.
You know, where all the copies of the balances are located and with Ted, because we are monitoring every copy of the file, and you have, you get a, a trail of any copy that was made, even if the file name was changed. And even if it was copied to this, you always know where your copies are. So we are helping you meet this regulation.
Same goes with PCI data that you will need to make sure that every time that you have a file with certain amount of credit card information, if this file is lost, and this file was protect, was encrypted, then you are meeting the regulation, which we are doing that for you automatically, why you are working on the file. So Cove just in just ensure Cove offer four types of product. The first one is an prise product, which enabled you to control and protect files within your organization.
We offer the collaborator, which helps you share data with external parties in a very easy and transparent, transparent manner. Mobility is our solution for an agent list. When you want to share and collaborate data with someone that with your external appears or your board of management, you don't want them to install agent. They just need to view the document and maybe annotate and remarking documents. So that's our solution for that. And the files, our ability to provide protection profile that are host of a cloud day environment like Dropbox box etcetera.
So that's just part of the integration that we are currently offering like Citrix. We are, we are Citrix ready partner, which we are sitting on the ZenApp server, providing protection for any device that is using SharePoint integration, providing protection profile that are posted on SharePoint while still maintaining the indexing and search capabilities of SharePoint, Siemens tech, DLP, a integration, which provides protection profile that are sent outside of the reach of the DLP.
Like when they're sent outside of the organization box and Dropbox and Google drive a seamless integration, you just work with the, with those environments, you will place your files as you always did. You're just uploading your files into drop into the online sharing. We'll take care of the protection, putting the right policy in place.
So that's, that's phone that for me. If you have any questions, I would like to approach me my details appear in the button left of the slide. Okay. Thank you. So perfect. And as I've said, we will share the slide so that you can download the slide if you want afterwards. And also we'll find on details to contact here. So I will make me present her again, and then we can directly into the U a session. So if you have any questions, please enter them using the questions to let me go to webinar control panel through, find on the right side of your screen.
I might already have two questions here I want to pick up. And one is so, so what is, what is the unique part in your technology? So I think the basic concept of attaching a policy to a document that is part of rights management, but you say you can do it seamlessly for any type of application, because you really embed the policy into the document, sort of. So maybe you can go a little bit more in detail on that. So what is the unique part pretended what is advantage organizations can take from better? Sure.
Excellent, great. There are several things that makes our system very unique.
The first part that we didn't discuss is that the actual implementation within the organization, because when you are coming into organization, it's first, we would like to, they need better understanding data, how easy is using the data, and you need to help them realize or collect this information before they are actually enforcing policies and encrypting files, because encrypting file is very strong, but if you're doing that in a minute, that you're not familiar with what the actual business score or data for within the organization might create a problem.
So COIC offers a stress, a step approach, which, which first we are helping. You just do monitor to your file without encrypting them. So collect, helping you collect data and understand exactly what I just mentioned. He's using the data point is using the data. What is is doing with the file internally, externally, etcetera, based on this information, the organization can now build the policy and will, and they, and this policy will then be enforced on these files. And then we are going to encrypt the files. But now the policy is based on actual usage of the organization.
Then the file that you showed earlier, Martin, by the way, are extremely correct. That some not a lot of, of the applications are actually providing IRM capabilities. So tics is operating in multiple layers within the operating system to provide you with protection, for any file, any kind of file. And that's very important. We have a very big client abroad that he's, he has over 4,000 applications.
That's 4,000, that's a lot of applications and we are moving with them slowly to be able to protect all these applications. And so we are doing it in, based on the actual OS layer, which we are looking at a operation that is done for the, within the application itself, monitoring and reacting accordingly. And we are working in the lower layer to provide seamless encryption at the file system. So everything for the end user will work without anything they need needs to change and it needed need to work really quick. Martin. Okay.
Another question is so, so when, when you compare to other technologies in the space, where do you see your, your sort of greatest advantages? I think that it's quite clear today that the only way that, that the only way that you can actually protect your data is if you are with your data, wherever this data is located, wrapping, trying to close your organization from all or from all leaking holes or from any or closing with, from, with all gates, that impossible. Even not that, not just that don't know all the active points to your organization, you actually want to share data.
You actually, part of your daily routine is that sharing data with your peer, with your files, with, with your lawyers, with your customers. So the only way that you are going to be able to do that while maintaining the security level that you want is to actually be with the data and the M the M player as productive is the right solution for you to be able to do that and feel, and feel control the data when it reaches your external parties.
Okay, perfect. It looks like there are no further questions. So I think we had a very interesting webinar and the one thing I really can recommend to any organization is look at technologies for security information sharing. Cause this is really about solving the cause and not dealing with just some symptoms and information security. So thank you Zach, for participating this cooking a cold webinar, thank you to the attendance for taking part, have a look at upcoming webinars in the next few weeks and months and other could cold events. Thank you for your time and have a.