Based on the vendor's original BitArmor Security Suite, BitArmor's core product offering is BitArmor DataControl and it provides a centralized and policy-based means to control access to and the modification/availability of classified information on end point machines. Such policies are enforced primarily via the automatic management and/or delivery of encryption keys. For example, to remove access to particular data the encryption keys necessary for the decrypting of that data (which themselves can be delivered based on real-time definition and examination of access control policies) are denied to the requesting agent.

BitArmor DataControl is an agent/server platform, wherein each machine that will need access to DataControl managed data will need to have a software agent component (the BitArmor Control Agent; supports Windows machines) loaded onto it. The DataControl agent communicates with the central server of the platform (the BitArmor Control Server; an active/passive pair of customer-supplied appliances, with failover), within which administrators can define access control policies; including who is allowed to access what data (both standard and two-factor authentication mechanisms are supported) and how long that data will be available for access (retention policies). The Control Agent automatically classifies data as it is created and encrypts it via encryption keys supplied by the Control Server. From then on, access to the data is based on the availability of the encryption key from the server; with the server providing or denying said keys to the agents based on the currently defined administrator access policies for the data.

As mentioned, classification of data is automatic and based on such metrics as the identity of the user that created the data, the machine on which the data is created, the directory location of the data, and the data creation time. The actual policies and categories for classification are defined by admins at the Control Server console.

A key architectural feature of the platform is its ability to stamp within the data itself "BitArmor Smart Tags," which provide the policies for that data (encryption, access, retention, etc.) and remain with the data should it be copied or moved from location to location (or should a machine with an active agent be disconnected from the Control Server). Agents can continue to enforce access control policies on the data even if it (the data) is stored on tape or copied to removable storage and transported to other end points; functionality that is made possible in part by Control Agent caching and in part by the Smart Tag technology itself. Additionally, administrators can control which end points are allowed to access data while disconnected from the Control Server, and can also apply time limits as to how long a mobile user may access data while disconnected (i.e., users may access data for a set length of time while disconnected, but must then "check in" with the Control Server to continue accessing the data).

When retention periods for specified data expire (retention periods can be defined for a set length of time from the initial creation of the data, or to a specified date), access to the said data is effectively denied by blocking the delivery of the necessary encryption keys. Administrators at that point are allowed to continue accessing the data if need be; or they can elect to refuse all logical access to the data via the permanent deletion of the encryption keys themselves and/or physically delete the data on the endpoint.

Additional features of the platform include:

- Each agent can encrypt data at the file, folder, volume, or full disk level. Removable media can also be encrypted, and read-only settings are additionally supported.

- Central auditing, including data accesses (and data access attempts) and administrator activities including data deletions. The audit log is stored on the Control Server, and agents on disconnected machines will automatically store and forward the data to the Control Server when next possible.

New to the BitArmor product offering is support for drag-and-drop password-based encryption; wherein a user can encrypt a file directly using a specified password. These password-encrypted files can then be decrypted and viewed by any user who knows the password, via the new BitArmor Control Sentry, which is a free, downloadable utility..

BitArmor DataControl is available now. Pricing begins at $75/seat (suggested retail) and scales based on volume and configuration.

Visit the vendor's Web site for further information.