The advent of globalization created opportunities for advanced and modern business models and provided unprecedented benefits for the global economy. The IT industry has been booming with this growth and has been providing the world innovative products and processes towards further development. But this growth has also heralded unforeseen challenges for the industry, namely in the area of data security and privacy. Increased connectivity also leads to a variety of data security threats and attacks, that can hamper processes, halt production, damage brand reputation, and impose financial liabilities.

Today, IT firms, including BPOs, ITeS, software development firms, etc., face security challenges from both external and internal elements. Personal data security breaches are being reported regularly and there have been numerous examples of hackers accessing corporate computers and compromising computer systems or stealing vital corporate data including personal information such as Social Security, credit card, and driver’s licence numbers. Breaches often occur because of careless business practices, mismanaged data and unsecured endpoints. With most companies using web-based processes in storing, accessing and processing of data, completely safeguarding this data has become more difficult, making information open to leakage. Such data leaks can lead to frightening outcomes, since a single instance of information security breach can tarnish the entire industry’s image.

The data security scenario is constantly developing, as the threats, consumer perceptions and legislative and regulatory strategies keep changing. Smaller companies lack the resources to effectively handle security issues and need cost-effective approaches. There is an urgent need to provide a protected environment for data and privacy for the IT and ITeS sector, through the establishment of processes that provide security without compromising on efficiency, productivity, and ethics.

Pawaa Software has addressed the above issues faced by the IT industry, with the introduction of its patented innovations – pawaaWEBB and pawaaFILE.

PawaaWEBB addresses some of the basic security issues that are part of any web based application. With pawaaWEBB, the IT/BPO industry can achieve better security for company data as well as for their customers’ data. The software goes beyond traditional authentication and access controls, and provides complete visibility into users’ behavior regarding how confidential and sensitive information is handled.

By using pawaaWEBB, companies can enforce the same IT and security policies on both managed and unmanaged computers, whether they are within or outside the network, thus ensuring uniform security. The user can only visit the URLs that are permitted by the policy. Also hardware such as USB, Bluetooth, CD/DVD are safeguarded so that data leaks cannot be created while in the session.

Detailed logs follow the user’s activities such as applications launched during the pawaaWEBB session, clipboard activities, screenshots, bandwidth usage, print, URL clicks, etc. These are sent back to the server for audit trails, forensic analysis and report generation. Apart from monitoring and controlling user activities and the computer hardware, pawaaWEBB can also mask certain parts of the web pages for certain user groups without having to modify the back end applications and database.

PawaaFILE is a patented Intelligent File Format which is completely secure and addresses some of the basic security issues that exists with the normal file format. It fills several security gaps including the safety and control of the files downloaded from the web and the reports generated from web applications. Any file downloaded or reports generated from pawaaWEBB are automatically converted to the pawaaFILE format.

PawaaFILE provides the IT industry complete control over files through its Information Rights Management policies. The policy maker of the company decides who can create the pawaaFILE, from which application, where it can be circulated, what type of authentication mechanism is required to consume the file, when it expires, Information Rights Management policies such as print, save as, edit, screenshot, time bound policies, and much more. So when a pawaaFILE leaves the organization accidentally or maliciously, it is of no use to unintended users outside the organization, or outside the organization's network, based on the policy. Only intended users can use the file, for the time allowed as defined in the policy.

The format of the pawaaFILE requires up to three keys to open the file, making it literally impossible for the hackers to break into it.

The combination of pawaaWEBB and pawaaFILE makes a powerful data leak prevention solution. Together they offer IT companies an extremely high level of web and file security, while ensuring that the solution is practically usable. They also help organizations in being compliant with industry regulations.

IT organizations store a lot of information online. Apart from personal employee or customer data, organizations have a wealth of vital corporate data on the web such as source code, design documents, sales related information, and competitive intelligence. The prime reason for the information being available online is to ease processes. However, it is also accessible to a large number of employees, making it susceptible to leaks. To prevent this from happening, a complete audit trail is required, in addition to visibility on who is accessing the information and how the information is being handled. The files downloaded and reports generated from these applications should only be used by intended users, hence preventing any types of data leaks and compliance violations. Through this powerful combination, IT companies can now,

PawaaWEBB and pawaaFILE help IT companies secure their data without having to make major changes to their IT infrastructure or applications. Together they offer complete control, protection and freedom. Control over user behavior, Protection from data leaks and Freedom to enforce policies without privacy violations.