Data security is enforced through the Knowledge Fabric's centralized policy layer, which maintains consistent access controls across all data sources regardless of their native security implementations. The fabric acts as a unified security enforcement point that understands data lineage and relationships, propagating user permissions and tenant context to all underlying systems. When a user or service requests data, the Knowledge Fabric evaluates metadata-level access policies before allowing queries to reach the database, business logic, or application layers, applying encryption and anonymization rules defined in the Galaxy interface based on data sensitivity tags. Encryption and anonymization steps are configurable per data element through Galaxy, allowing business users to define which fields require masking, tokenization, or encryption at rest and in transit without IT intervention. This defense-in-depth approach means security policies, encryption rules, and access controls are defined once in the fabric and automatically enforced across all layers, eliminating the complexity and risk of maintaining inconsistent security controls at different technical levels.

LegalFab manages legal hold and retention policies through metadata-level tagging in the Knowledge Fabric, enabling customers to define custom retention policies and execute them with dedicated agents or pipelines. Sensitive data, such as personally identifiable information (PII), is tagged and classified at the metadata level, allowing retention and legal hold policies to be applied centrally without touching the actual data in source systems. These sensitivity tags propagate through data lineage, ensuring that derived data and relationships inherit appropriate retention requirements automatically. For GDPR compliance, the system can identify all instances of specific data subjects across sources through metadata tags, enabling right-to-be-forgotten requests and data minimization without manual searching. Policy Enforcement rules trigger based on these metadata tags—for example, automatically applying extended retention to legally privileged documents or flagging personal data for review when retention periods expire. The execution agents handle the operational aspects of retention (archiving, deletion, anonymization) according to your defined policies, all managed through the fabric layer rather than requiring changes to each source system.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.