A computing environment security agent is provided for automatically determining whether to grant access to an asset, deny access to the asset, or grant access to a transformed asset responsive to an asset request by a user of the computing environment. The security agent includes logic for authenticating a user for computing environment access, for receiving a request from the authenticated user to access an asset, and for determining whether the authenticated user is authorized to access the asset, and if so, for determining whether to transform the asset responsive to the request to access the asset by the authenticated user. The security agent can further include logic for transparently transforming the requested asset or for defining at least one transformation rule for the requested asset and saving the at least one transformation rule in a transformation list accessible by the authenticated user.