Consumerization of information technology and the rise in enterprise mobility have made end-users demand for anywhere, anytime access to corporate data creating data governance and compliance challanges. Ignoring end-user requests is turning out to be risky for enterprise IT as end-users are resorting to freely available consumer file sharing solutions like Dropbox.
With the explosive growth of Shadow-IT from consumer file sharing services, enterprise IT is finding out the hard way that their employees have been sharing valuable data with external parties with little or no security measures in place. Being able to identify what information was shared and to whom it was shared may prove difficult in times of legal or internal investigations.
To mitigate such risks, it is important for a CIO/CISO to not only implement an enterprise file sharing (Enterprise File Sync and Share – EFSS) solution such as a Dropbox alternative, but also ensure that such a solution meets data governance, security and compliance requirements.
In a previous blog post we covered the Top 10 data governance capabilities your enterprise file sharing solution should have. In this post, we cover the data governance capabilities Vaultize provides to minimize data loss and ensure that compliance requirements and data security are met.
- Retention
Vaultize provides two types of retention – File versioning and File History.
File Versioning maintains versions of data as it goes through its life cycle – being created, modified and deleted by end-users. Some enterprises may require each and every version of a data item be retained so that any version of the data from the past can be retrieved at any time. This may come as a compliance measure or may also be an endpoint data protection objective. With Vaultize, an IT administrator can define the Retention policy to control the retention period and the other parameters like how many versions are created, how long they are stored and how versions for data deletions are treated.
Meta-data Retention or File History provided by Vaultize preserves the history of all meta-data of a data – this includes creation, modification, sharing, download, upload and so on.
Vaultize performs policy-based endpoint backup with version controls for a defined retention period. Even beyond the endpoint backup capabilities, all the data that is being shared by your end-users - internally through collaboration or with external third-parties - is versioned and retained by Vaultize for compliance purposes.
- eDiscovery
Through the data and meta-data retention, Vaultize provides Audit Trails or Logs for electronic discovery purposes. There may be such requirements for legal eDiscovery including complying with data storage and retention laws/regulations or being able to reproduce data as evidence (e.g. in case of a litigation or court cases).
- Enterprise Rights Management for Information-centric Access Controls
In today’s world, perimeter based security is not enough. The Vaultize file sharing platform is information-centric which focuses on content and not on devices. Vaultize’s Enterprise Digital Rights Management (eDRM or information rights management or IRM) allows IT departments to define granular access control over corporate data once it gets shared with an outside party. Digital rights management of Vaultize makes the access rights travel with the files such that a file is only usable by the authorized recipients in compliance with DRM-protection settings. It also provides the ability by IT and document owners to revoke the access to files even after they have been downloaded by the third-party.
Also, Vaultize ensures that rights management seamlessly works across the channel employees use for sharing the files, including email attachments (through Microsoft Outlook and Lotus Notes), FTP (through Vaultize’s FTP alternative), file sync and share and mobile collaboration.
- Mobile Content Management for BYOD
The Mobile Content Management (MCM) feature of Vaultize allows corporate IT to prevent data loss, security and compliance breaches by controlling what end-users can do with corporate data on their personal devices that are allowed through BYOD policies. All this without controlling the end-user device through something like a Mobile Device Management (or MDM) product.
Vaultize’s mobile content management seamlessly integrates with rights management such that files shared through BYOD devices also stay DRM-protected even after they go to a third-party.
Vautlize’s secure file sharing comes with robust mobile content management and enterprise digital rights management controls such that IT teams can define access rights to company information. These rights can be based on a number of parameters, including how long the shared documents can be accessible, how many times they may be accessed, who may access it and what (edit, copy/paste, print, forward) may be done with it.
- Online Document Viewer and Digital Watermarking
Vaultize provides a web-based Online Document Viewer for the viewing of files within the web browser itself such that things like copy-paste, printing and email can be restricted. This is very useful when sharing highly sensitive information in a situation where you may not want recipients to download these sensitive documents on their own devices. It also provides a watermarking feature to discourage illegitimate reproduction and hence deter data leakage. An IT administrator, by policy, can enforce watermarks to display the email address, IP address and a time stamp from the external recipient. Watermarks can also be enforced through DRM policies such that all documents downloaded by a third-party would be presented as a watermarked PDF.
- Integration with Data Loss Prevention
Vaultize helps businesses in security-conscious and regulated verticals with the integration of file sharing and DRM with content-aware data classification. This may be required for compliance as it ensures that the information that requires the highest security is locked down automatically, while information that does not need securing passes without any control.
Vaultize integrates with popular content-aware Data Loss Prevention (DLP) solutions (like Symantec, McAfee, Websense) such that files are subject to content filtering and any sensitive documents can be blocked or DRM protected to ensure security and prevent data leakage.
- Encryption
Vaultize’s US-patented technology called Vault-KNOX provides 100% security required by IT while ensuring freedom to end-users. Vaultize’s secure file sharing comes with the guarantee of encryption throughout the life cycle of documents and across all end-user devices.
- Multi-Dimensional Access Rights
Vaultize ensures multi-dimensional, robust, granular access rights over corporate files. This includes controls like who can access what files, from where access is granted, how and for how long access is granted, and more. You need to have the complete picture of your end-users’ access rights. This means employing access rights controls such as geo-fencing to control physical regions where file access is granted, as well as IP-fencing to control file access across a range of IP addresses within your network. Defining access rights based on timing might be another necessity for your business. For instance, if you want a file sent to a client for review to expire after one view or seven days, you should have that control.
- Deployment Flexibility
Vaultize provides deployment flexibility which includes on-premise (single server or private cloud), public cloud (hosted on AWS or Vaultize’s MSP partner data center) and a purpose-built Cloud-in-a-box appliance.
- Data Privacy Option (Data Sovereignty / Data Residency)
In regions with tight data sovereignty regulations, such as the European Union, data is not permitted in third-party clouds unless it’s encrypted, and the encryption keys are not allowed to leave the jurisdiction. Vaultize allows you to retain full control over the keys and manage them any way that you want.
Click to edit your new post...