The Bring-Your-Own-Device (BYOD) trend and fast-increasing workforce mobility means that IT administrators must ensure seamless and secure access to data, inside as well as outside the corporate network boundaries. At the same time, IT must also make sure that there are no compliance and data loss issues. All this boils down to the control (and monitoring) of the following:
- who can access the data
- from where can the data be accessed
- when can the data be accessed
- what data (or parts of it) can be accessed
- how the data can be accessed (that is, the actions on the data)
Vaultize makes these controls and tracking possible through its patent-pending Access Control capabilities. IT administrators can define who, where, when, what and how corporate data can be accessed using Access Control policies, for individual users, groups or the entire organization. Vaultize's Access Control capabilities allow IT administrators to do the following:
- Geo Fencing (boundary for the data based on geography)
Different countries (or regions) have different data access, compliance and privacy laws (or methods). If an organization wants to restrict its employees from accessing certain data from a specific geography (and may be in a certain way), administrators can define geo-fencing policies.
- Network Fencing (boundary for the data based on network parameters like IP address)
If IT wants to allow or restrict accesses from certain IP ranges or based on other network parameters, they can define a network fence within the Access Control policy. For example, if an organization has defined IP address ranges or WiFi SSIDs for its offices and wants to restrict access within its office network, it can define the network fence accordingly.
- Time-based Access
With Vaultize Access Control policies, administrators can also define when the data can be accessed. For example, if the company wants to block data access over the weekend for some employees, then, its admin can exclude Saturday and Sunday using the policy.
- Access Rights
Access Control policies allow administrators to define access rights for data being accessed through a Vaultize app or through its web interface. Access rights include View, Download, Upload and the like (more rights are being added with every release). For example, a company can give only upload permission outside the fence, which effectively blocks users from downloading or viewing any corporate data when she is outside the fence.
- Access Tracking
In addition to controlling the accesses, Vaultize also tracks them (who, when, where, how etc). Administrators can get these tracking details using reports or through the admin console.
- Automatic Wiping
In addition to Vaultize's on-demand remote wiping capability (driven from the Vaultize server or cloud), administrators can automatically wipe corporate data if the user or the device moves outside the geo/network fence or, if the user/device hasn’t connected for a long time. Wiping will be done even if the device is not connected to the network.
- File-level Rights and Tracking
In our upcoming release, Vaultize administrators will be able to control and track activity at the file level. They would be able to set access rights, fences, time-outs, alerts and reports on individual pieces of data.
This post is written by Praneeth Ponaka, the primary developer of Vaultize Access Control. He’s a Principal Engineer at Vaultize and works in our Pune India R&D Centre.