Guardium is the first pseudo-anonymizer for data in MS Word © and MS Excel © formats which is developed as an easy and effective cloud or on-premise solution. The product is intended to provide the necessary security of the personal data in documents and spreadsheets so that they can be safely stored, distributed and used, in compliance with the GDPR requirements. Guardium encrypts and stores personal and sensitive information on our guardium.eu server, which can later be retrieved. Guardium can be used both inside the organization and for sharing personal and sensitive data with other organizations, registered with guardium.eu.
The philosophy of Guardium is to secure the personal data rather than the documents themselves. The user can select which information to protect, after which she can securely encrypt and store them on guardium.eu with a single push of a button. Later on when she needs the data back she can retrieve and decrypt the data just as easily with a single push of a button. The encryption needs a public key, and the decryption - a private key. Guardium provides tooling to generate robust asynchronous 2048 bit RSA key pairs, which are used for the operation. Guardium supports multiple data keys, meaning the organization can decide different people or departments to share encryption keys, so data can be stored compartmentalized on guardium.eu. Each user needs to have assigned one key pair for encryption and decryption, but may have access to multiple private keys for decryption, so that information can be managed in a flexible ways inside the organization. Here are some advantages to our approach:
Guardium allows you to take control of personal and confidential information, that is stored in MS Excel© and MS Word© formats. After encrypting the data it is replaced with Guardium ID's, which make it pseudo-anonimized for people with access to the corporate tenant account and the private key, but also fully anonimized for anyone else. This gives a completely new way of managing personal or sensitive information - one may easily share with partners the content of a file for processing with Guardium encrypted personal and confidential data without violating GDPR or confidentiality agreements.
GDPR EU Regulation posts a lot of challenges for companies when dealing with personal information. Importantly much of such information in any company remains stored in office documents. There are solutions addressing compliance for ERP systems, databases, etc., but compliance on document level continues to be a substantial risk. With Guardium we diminish this risk very significantly by making the data pseudo-anonimized for within the organization and completely anonimized for all external users. Guardium can also be used to send securely encrypted personal information to other companies, who are registered with guardium.eu.
Guardium replaces your personal and confidential data with Guardium ID's, while storing the data in robust 2048 bit RSA encryption on guardium.eu. The system is designed with security in mind:
Access to the system requires access to a global company private key.
Access to the data requires valid Guardium token.
Retrieving data requires access to the Guardium ID, that should be decrypted.
Decrypting the data requires access to the private key, corresponding to the public key, with which it was encrypted.
After installing and setting the system, the end user needs to select the data that needs to be encrypted in MS Excel© and MS Word© directly in the open files, containing personal or confidential information.
Encryption of the data happens with a click of a button. Behind the scene Guardium encrypts the data on the user device, transfers the encrypted records to guardium.eu, returns a Guardium ID of the record and replaces the personal or confidential data with the Guardium ID. Guardium is not meant to encrypt all data in the file - just the parts which are personal or confidential (e.g. names, etc.)
The encrypted files can be handled as completely anonimized for all external users and pseudo-anonimized within the organization. Files designed for transfer to another company can be encrypted with their key and become anonimized for anyone but the company receiving them.
Decryption of Guardium handled files can only happen if the person trying it has the company private key, access to guardium.eu with access token, the file containing the Guardium IDs, as well as the private key from the key pair that was used to encrypt the data.