Seclored: The Data Security News Blog

Seclore Classification-Driven Data Protection Just Got Even Better

This October, we released Seclore 3.15 that significantly enhances Seclore Classification-Driven Data Protection, an integral component of the Seclore Data-Centric Security Platform. The Seclore platform integrates and automates best-of-breed data-centric security to discover, classify, protect, and track sensitive data.

What is Seclore Classification-Driven Data Protection?

Seclore Classification-Driven Protection enables organizations to automatically attach data protection to Data Classification tools that identify and label a document or email’s sensitivity. Seclore’s seamless integration can automatically attach the appropriate usage controls to a file, email, and email attachment based on the classification label selected by the end-user. With just one click, organizations can classify, protect, track, and change permissions on their sensitive information wherever it travels or resides.

What’s New in the Release?

Scanning and retaining classification metadata can be a challenge when a document or email is encrypted. Seclore’s new release overcomes this issue by ensuring discovery systems (DLP, CASB, SEG, etc.) can scan classified labels and metadata in files and emails classified and protected. Encryption is no longer an obstacle for discovery or reason to bypass security.

Highlights include:

  • Classification metadata retention for endpoint SDK: Classification metadata outside the encrypted content is retained, enabling any endpoint security tool to protect files and retain metadata on a file for downstream discovery.
  • Retaining classification metadata for protected files: Classification data saved outside encrypted content is retained after protected files are opened and modified.
Why are these Enhancements Important?

The enhancement to Seclore Classification-Driven Data Protection strengthens the partnership with Data Classification and Discovery tools, providing transparent and comprehensive security to an organization’s sensitive data. Organizations can claim compliance with regulations as DLP and CASBs can discover, track, and audit classification labels and metadata in unprotected and protected files. There is no end user dependency or enablement and is integrated seamlessly with all security solutions.

How Does It Work?

Here is how Seclore Classification-Driven Data Protection and discovery tools such as DLPs, CASBs, and SEGs work:

Step 1: When a file or email is classified, it is automatically protected with the appropriate security permissions. The classification label applied is available for discovery by DLP, CASB, or SEG for reading and taking action.

Step 2: Next, the classified and protected file is share across various channels like endpoint cloud, email, network, etc. Discovery solutions scan the classification label before the file is moved or uploaded to a destination location and takes the relevant decision (allow or block).

Now discovery solutions can work seamlessly with encrypted (Seclore protected) documents to decide the appropriate action.

blog 20201103 img2

Let’s Dive into Use Cases

Here are how DLP, CASB, and SEGs can work with Seclore Rights Management and Classification-Driven Data Protection to address security and compliance challenges better.

Use Case 1 Data Loss Prevention
Challenge DLP cannot read classification labels on protected files shared across various channels like endpoint, network, email, cloud, etc. This challenge results in bypassing DLP security.
Solution Seclore allows DLP to read classification labels across all mediums even if the file is protected, ensuring end-to-end security.
Benefit DLP systems can continue to work with the same efficiency and accuracy while removing the security risk.


Use Case 2 Cloud Access Security Broker
Challenge A document is classified and protected as ‘confidential’ by a user and uploaded to an unsanctioned cloud application. The CASB cannot read the classification label to decide whether the confidential document should be uploaded or not uploaded.
Solution With Seclore, CASB can discover the classification label in the protected documents and emails and allow/block them from being shared with unauthorized locations.
Benefit Ensures organizations have end-to-end security and tracking of information on all security systems, including CASBs.


Use Case 3 Security Email Gateway
Challenge SEGs cannot discover classification labels and decide whether to allow/block an email to be sent when an email is classified and protected.
Solution Seclore allows SEGs to discover classification labels in protected emails and block them if shared with unauthorized users.
Benefit Organizations can leverage their existing security investments, reduce overall security risk, and track information from end-to-end.


Seclore’s enhanced Classification-Driven Data Protection provides organizations a truly secure data-centric security strategy by overcoming the challenge of discovery tools reading classification labels in encrypted documents and emails. While Data Classification, DLP, CASB, SEG, and Rights Management each have their strengths; however, together, they ensure emails and files are appropriately discovered, classified, protected, and tracked wherever they travel for the most comprehensive security. The best part is the process transparent and requires zero-intervention.

Check out Classification-Driven Data Protection for more information.

Dipen Shah e1678718536211

Dipen Shah is data-driven product manager, building innovative enterprise security products and applications. An analytical thinker who loves to work with various enterprise security products with an approach to provide the best of data security which customers are looking for.

Related Posts