Safe Harbor, Privacy and Sovereignty Elements in Enterprise File Sharing

Posted by Anand Kekre on October 20 2015

Consumerization of information technology and enterprise mobility have given rise to end-users’ demand for anywhere, anytime access to corporate data. While ignoring such requests is turning out to be risky for enterprise IT because of Shadow-IT, many businesses have implemented enterprise file sharing (Enterprise File Sync and Share – EFSS) solutions as an alternative to Dropbox.

safe harbor, data privacy and data soverignity elements in enterprise file sharing
But just implementing a secure enterprise file sharing solution is not the end to the IT decision makers’ woes. Recently the Court of Justice of the European Union declared that the US Safe Harbor is invalid, directly affecting the companies in European countries that use public cloud file sharing vendors. It was an eye opener for other geographies as well.

For those new to Safe Harbor, it is the policy agreement established between the United States Department of Commerce and the European Union (E.U.) in November 2000 to regulate the way that U.S. companies export and handle the personal data (such as names and addresses) of European citizens.

Following recent instances of data leakage and data breaches – particularly after Edward Snowden’s revelation about a surveillance scheme operated by the National Security Agency (NSA) called Prism - authorities and regulators across the world are strengthening Safe Harbor, Data Sovereignty and Data Privacy laws. The aim of such initiatives is not limited to protecting citizen’s personal information but also acting in the interest of local businesses and national security. In the process, many times these regulatory guidelines and laws are unclear, inconsistent and often subject to interpretation. Information Technology leaders need to work closely with their compliance and legal teams to understand these regulations, as the impact of such rulings on their businesses may be severe.

At Vaultize, we have always been sensitive to security, privacy and regulations. This is what makes us a popular vendor in highly regulated and security conscious industries like Banks, Financial Services and Insurance (BFSI) providing end-to-end enterprise file security – but without compromising end-user experience.

The following features enable our customers to comply with such laws and guidelines:

  1. Deployment Flexibility

We are able provide deployment flexibility because Vaultize has been architected to be agnostic to any cloud platform, storage, infrastructure and operating environment. This includes on-premise (single server or private cloud), public cloud (hosted on AWS or Vaultize’s MSP partner data center) and purpose-built Cloud-in-a-box appliances. Those in the European Union and other geographies with strict data sovereignty and residency regulations prefer our on-premise or private cloud deployment – keeping everything in their control and relieving them from the risks of changes in regulations.

  1. Unmatched Encryption

Vaultize leaves no gap in the security and protection of corporate data. Vaultize’s secure file sharing comes with the guarantee of encryption throughout the life cycle of documents and across all end-user devices. The files are encrypted on the user device itself before being sent over the wire – ensuring the security and privacy. The biggest part of the data security solution is achieved using encryption of data – in-transit, at-rest and in-use. Vaultize uses and offers various encryption technologies including US patented Vault KNOX (for in-transit and at-rest data), endpoint encryption (for at-rest data) and plugin-free enterprise digital rights management (aka EDRM, for in-use, in-transit and at-rest data). Everthing is with 100% security required by IT while ensuring freedom to end-users. The secret of end-to-end file security is unleashed here.

  1. Control of Encryption Keys (Data Privacy Option)

In regions with tight data sovereignty regulations, such as the European Union, data is not permitted in third-party clouds unless it’s encrypted, and the encryption keys are not allowed to leave the jurisdiction. So even in the Vaultize public cloud hosted on AWS, we allow our customers to retain full control over the keys and manage them the way they want. Additionally, our private cloud and on-premise deployments give enterprise IT full control over the deployment – and over the encryption keys as well.

You can see how Vaultize’s key management together with its client-side encryption is superior to key management of public cloud file sharing vendors like Box.

  1. Enterprise Rights Management for Information-centric Access Controls

Vaultize provides control over sensitive documents throughout their life cycle – even after they are shared with third-parties. The Vaultize enterprise file security platform is information-centric which focuses on content and not on devices. Vaultize’s Enterprise Digital Rights Management (eDRM or information rights management or IRM) allows IT departments to define granular access control over corporate data once it gets shared with an outside party.  Enterprise DRM makes the access rights travel with the files such that a file is only usable by the authorized recipients in compliance with DRM-protection settings. It also provides the ability by IT and document owners to revoke the access to files even after they have been downloaded by the third-party.

Also, Vaultize ensures that rights management seamlessly works across the channels employees use for sharing the files, including email attachments (through Microsoft Outlook and Lotus Notes), FTP (through Vaultize’s FTP alternative), file sync and share and mobile collaboration.

With increased workforce mobility, there is a huge risk to data sovereignty when the end-user devices leave the jurisdiction. The Mobile Content Management (MCM) feature of Vaultize allows corporate IT to prevent data loss, security and compliance breaches by controlling how corporate data can be accessed from personal devices that are allowed through BYOD policies.  All this happens without controlling the end-user device through Mobile Device Management (or MDM) product. Vaultize’s mobile content management also seamlessly integrates with rights management such that files shared through BYOD devices also stay DRM-protected even after they go to a third-party.

Vautlize’s secure file sharing comes with robust MCM and enterprise DRM controls such that IT teams can define access rights to company information.  These rights can be based on a number of parameters, including how long the shared documents can be accessible, how many times they may be accessed, who may access it and what (edit, copy/paste, print, forward) may be done with it.

  1. Multi-Dimensional Access Rights

Vaultize ensures multi-dimensional, robust, granular access rights over corporate files. This includes controls like who can access what files, from where access is granted, how and for how long access is granted, and more. You need to have the complete picture of your end-users’ access rights. This means employing access rights controls such as geo-fencing to control physical regions where file access is granted, as well as IP-fencing to control file access across a range of IP addresses within your network. Defining access rights based on timing might be another necessity for your business. For instance, if you want a file sent to a client for review to expire after one view or seven days, you should have that control.

Whitepaper 5 Ways Enterprise DRM Helps The BFSI Sector Avoid Costly Data Leaks - Download Here

Topics: Mobile Content Management (MCM), file security, enterprise file sharing, Enterprise File Sync & Share, Dropbox Alternative, endpoint encryption, enterprise digital rights management, Data Privacy Option (DPO), Access Control, encryption, safe harbor, Data Soverignity, Data Privacy, Deployment Flexibility, Key Management

Subscribe To The Blog