kiteworks by Accellion is in the process of becoming FedRAMP-certified.

What is FedRAMP? It’s a rigorous security assessment and authorization framework developed by cybersecurity and cloud experts from many government agencies, including the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO), and Council and its working groups, as well as private industry.

The goal of FedRAMP is to help the government quickly, rigorously, and consistently assess the security of cloud solutions for use by federal agencies. Assessments include in-depth examinations of a solution’s data security and data governance capabilities, as well as the security practices of the companies providing the cloud services.

Once certified, U.S. federal agencies will have validation that kiteworks is a superior content management and collaboration solution that enables their employees to securely access and transfer sensitive government documents.

Accellion has completed all the preparatory steps and is currently in the independent testing phase, having engaged a 3^rd Party Assessment Organization (3PAO).  Accellion is working with its sponsoring agency to coordinate this progress with the FedRAMP Program Management Office (PMO).

Once certified, the kiteworks FedRAMP (GovCloud) package will be available in isolated environments on Amazon Cloud and GovCloud. The kiteworks FedRAMP package features: 

• Separate customer virtual private cloud (VPC) for all processing
• Dedicated servers
• Data isolated from all other customers
• Encrypted file storage and transfer
• Remote wipe for all mobile clients
• Reporting and audit trails
• Continuous monitoring for intrusions and other threats

kiteworks has already received FIPS 140-2 certification for government agencies and is deployed at NASA and the SEC.

To learn more about how kiteworks enables secure and compliant file sharing for government agencies, visit our Government page. 

Status Helps Validate kiteworks as a Secure Cloud Content Solution for Federal Agencies

Accellion, Inc., the leading provider of private cloud solutions for secure file sharing and collaboration that ensures data security and compliance, today announced it has received “in process” certification for FedRAMP and anticipates full certification in 2016.

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Initiated to increase cloud adoption across the Federal Government, FedRAMP is a rigorous security assessment and authorization framework developed by cybersecurity and cloud experts from a number of government agencies and private industry. The goal of FedRAMP is to help the Government quickly, rigorously, and consistently assess the security of cloud solutions that are used or are being considered for use by federal agencies. 

“We are very excited to have reached this important milestone,” commented Yorgen Edholm, CEO of Accellion. “This achievement demonstrates to our many current and prospective government customers that we take cyber security and the authenticity of their data extremely seriously. We are actively pursuing and progressing toward full FedRAMP certification so that we can further support government agencies in their pursuit to protect sensitive data.”

The FedRAMP certification assessment process includes an in-depth examination of a solution’s data security and data governance capabilities, as well as the security practices of the technology companies providing the cloud services. Accellion has completed all the preparatory steps and is currently in the independent testing phase with a Third Party Assessment Organization (3PAO).  Accellion is working with its sponsoring agency to coordinate this progress with the FedRAMP Program Management Office (PMO).

Once certified, federal agencies will have validation that kiteworks is a superior content management and collaboration solution that enables their employees to securely access and transfer sensitive government documents. At that time, the kiteworks FedRAMP (GovCloud) package will be available in isolated environments on Amazon Cloud and GovCloud.

Accellion is FIPS 140-2 validated and currently compliant with a number of industry and government regulations including: SOX, HIPAA (with signed BAA), ITAR, SOC2, and PCI DSS Level 1.

To learn more about how kiteworks enables secure and compliant file sharing for government agencies, visit: www.accellion.com/government.

For more information about Accellion and the kiteworks secure content platform, please visit: www.accellion.com.

Accellion recently announced a number of key integrations with Microsoft Office Online that enhance productivity for enterprise employees editing, sharing and collaborating on Word, Excel and PowerPoint files, whether they are stored on-premises or in the cloud. The end result? Employees are more efficient and productive and data security and compliance are enhanced. 

Rob Howard, Director of the Office 365 Ecosystem for Microsoft had this to say about these value added integrations: “We want to give Office customers the best possible experience when working with Office files, regardless of how they are accessed or where they are stored. Microsoft is excited that Accellion has joined the Cloud Storage Provider program, enabling our joint customers to be more productive when accessing Office documents on the web or in the cloud.”

I spoke with our CEO, Yorgen Edholm, about this interesting development and here’s what he had to say:

What features did you announce and how do they add value to enterprise employees using Office 365?

We announced three key integrations. The first is streamlined access to files stored on on-premises servers, including SharePoint servers, which are still found in 77% of enterprises, according to Gartner. Users can now create or access any Microsoft Word, Excel, or PowerPoint file from the Web, their desktop or mobile device without having to save or upload files back to where the file resides. This not only saves time but also avoids having multiple versions of the same document. And because you don’t have to copy or email the edited file, the risk of a data leak from malware or sending a file to an unauthorized user is also negated. 

The second feature is similar to the first but addresses those files that are stored in the cloud. Users can leverage Office Online to find, create, edit and save changes made in Microsoft files stored in the cloud. This feature is enabled by Accellion’s recent addition to the Microsoft Cloud Storage Partner Program, of which only a few companies belong. A key capability of this partnership is collaborative editing, or co-authoring, which allows enterprise employees to collaborate with one another on Microsoft files in real time.

The third feature is full text search. With a typical enterprise storing thousands of files in dozens of content systems on-premises and in the cloud, searching for content can be frustrating and time consuming. With full text search, users can now quickly locate files stored in popular content systems like Microsoft SharePoint and Windows file shares, making them more productive.

Why did Accellion add these features?

One of the challenges for Office users is that there are an overwhelming number of content systems in any given enterprise. The typical enterprise in fact runs over 1,100 different cloud services. Microsoft has several: Windows Files Shares, SharePoint servers, SharePoint Online, and OneDrive. There are a number of non-Microsoft platforms in any given enterprise, too: Box, Dropbox, Documentum, Google Drive, and Open Text, to name just a few. There are also lots of unapproved Shadow IT applications, like Evernote, that are used as well. Ultimately there isn’t an efficient way to access the content stored in these systems and finding, sharing, collaborating on and saving files without running into version control or data security and compliance issues are major concerns for organizations. We solve this complicated problem with these new features and our unique single pane of glass view of content stored across the enterprise and the cloud.

Is this a big deal for Accellion? Why?

Yes, and here's why. More than 1.2 billion people use Microsoft Office in 140 countries. Also, in the past few years, Microsoft has placed more emphasis on the cloud and currently 80% of the Fortune 100 is on Microsoft's Cloud. In addition, over 18 million subscribers use Office 365, Microsoft’s cloud-based Office applications and file storage solution. Lastly, Office has been downloaded over 340 million times on iPhones, iPads, and Android devices. These are very big numbers so if Accellion is going to enable secure file access and transfer for the enterprise, it’s very clear that we need to be involved with Microsoft and its Office suite. In total, we have an incredible opportunity to help Microsoft users be more efficient and productive and, as a result, this is a huge market opportunity for us.

Does Microsoft see this opportunity the same way?

I genuinely believe that they do. We are adding serious value to the fastest growing cloud platform and helping Microsoft customers derive more value from an extensive installed base of on-premises SharePoint servers. By offering connectivity to multiple data sources via a single pane of glass that would otherwise be out of reach, we are providing Microsoft Office users convenient and secure access to files, regardless of where they are stored. This is a huge value add for Microsoft and its billions of users.

These new capabilities complement the many Microsoft integrations already supported by kiteworks, including:

•  Microsoft Office for iOS and Android – open, edit and save files to kiteworks using iOS and Android devices
•  Azure Cloud – access enterprise content systems in real-time, enabled by Microsoft Azure’s private cloud deployment option
•  Windows 10 – securely create, access, and collaborate on enterprise content via a mobile device or PC running Windows 10
•  Windows File Shares (CIFS and DFS) – connect to files stored in Windows File Shares
•  Microsoft SharePoint (2007, 2010, and 2013) – connect to files stored in Microsoft SharePoint
•  Microsoft SharePoint Online – connect to files stored in the cloud on Microsoft SharePoint Online
•  Microsoft OneDrive for Business – connect to files stored in the cloud on Microsoft OneDrive for Business

To learn more about our Microsoft announcement, visit our Office 365 solutions page.

To learn more about single pane of glass, watch this brief video.

Enterprises continue to leak data either through carelessness or falling victim to hackers who have become increasingly sophisticated and effective. Unfortunately, there is no silver bullet that will protect an organization’s data. Rather, organizations have to set up many barriers to thwart the many different ways their most sensitive data can be compromised.

Accellion’s secure content platform, kiteworks, boasts a number of capabilities that enable enterprise employees to access, edit and share data securely. Recently, we announced several new security features that we’re particularly excited about. These, combined with the many existing security features already within kiteworks, serve to further mitigate the risk of a data breach. Here's a breif overview.

Desktop Remote Wipe

Remote wipe is a great feature that allows IT administrators to remotely delete sensitive data from stolen or lost devices. Typically, file-sharing and content management platforms have only had the capability to remote wipe data stored on smartphones and tablets.

With this latest release of kiteworks, we’re making remote wipe available for laptops and desktop systems, as well. This capability is an industry first and an important addition to enterprise security against data breaches and other forms of data loss.

Restricted Folders and Leak-proof Editing

Another first for file sharing and content management platforms: restricted folders and leak-proof editing. Restricted folders allow authorized users to read and edit content, but not to download or forward it. Leak-proof editing means that while editing content, users can’t save files or duplicate content to new, unauthorized locations. kiteworks enforces these security measures across all devices and locations.

Why are these features so important? Sometimes users don’t realize that they shouldn’t save files to a local, unprotected location or share confidential content with people outside the organization. Other times, they might forward confidential content accidentally (e.g., not realizing external users are on a cc: list), even though they know that unauthorized distribution is prohibited.

Restricted folders and leak-proof editing prevent these types of unauthorized data leaks but also ensure that authorized users can work on the content needed for doing their jobs, anywhere, on any device. It’s a win/win for IT security and employee productivity.

Secure Email Messages

We’re also introducing a new secure email feature that enables users in kiteworks or Microsoft Outlook to secure the body of their email messages. Attachments are still encrypted, as they were in earlier releases of kiteworks, but now the email body itself is secured by requiring email recipients to click a link and authenticate themselves before reading an email’s text. This adds another important layer of protection to enterprise employees and the sensitive content they handle.

Other New Security Features

There are several other security features we recently announced in addition to the above. These include:

• Collaboration Permissions for User Profiles
  Enable or disable user permissions to ensure that users in specific roles do not accidentally share confidential information outside the enterprise.
• File Type Exclusions
  To reduce the risk of malware infection, administrators can prevent the uploading into kiteworks of file types that are popular with malware authors like .exe, .mov, and .mp4. And kiteworks does more than simply check the file extension; it also evaluates the MIME type of the file itself to prevent users from renaming a file with a different file extension.
• Sign-On Using Kerberos
  kiteworks extends its support for single sign-on technology with support for Kerberos, a popular, industry-standard network authentication protocol.
• Touch ID
  kiteworks now allows iOS users on Touch ID devices (iPhone 5S or later) to authenticate themselves using their device’s built-in fingerprint reader.
• Multi-Branding
  Another first for the industry: kiteworks enables large enterprises to brand their kiteworks solution not just at the company level, but down to the subsidiary level. Multi-branding ensures a consistent user experiences and reduces concerns about phishing.

These new features complement a long and substantial list of security features that are already available in the kiteworks platform—features such as encryption of all content in motion, in use and at rest; customer ownership of encryption keys; complete audit trails of user actions; integration with Data Loss Prevention (DLP) systems; support for eDiscovery; support for data sovereignty; app whitelisting, and much more. (For a complete overview of kiteworks' extensive security features, read our kiteworks Security White Paper.)

To learn more about how kiteworks can help your organization communicate and collaborate more easily and securely, please contact us.

Mobile devices and cloud computing were supposed to simplify life for enterprise employees. But there’s at least one area of IT where life has become more complex: file access.

A decade ago, the files an employee accessed might have been distributed across just a few content systems, such as a local drive on a PC, a Windows File Share, an on-premises SharePoint server, and perhaps a non-Microsoft Enterprise Content Management (ECM) product such as Documentum or OpenText.

Today, that same employee’s content is likely distributed across a much more diverse collection of content systems, including on-premises file servers and cloud services such as Office 365, SharePoint Online, Box, Dropbox, and Google Drive, to name just a few. The list most likely also includes insecure and unapproved “shadow IT” cloud services. All told, the typical enterprise is now running over 1,100 cloud services, most of which have not been tested and approved by the IT department. [1]

Content that’s distributed across all these different systems creates complexity and confusion for employees. Here’s why:

• Multiple login credentials
  Some, but not all, of IT-approved content systems might support the enterprise’s Single Sign-On (SSO) service. All the other, i.e. non IT-approved content systems, including all the shadow IT systems, will require their own login credentials and login interfaces.
• Inconsistent user experiences on mobile devices
  Despite the popularity of mobile computing, many enterprise content systems still rely on interfaces that were originally designed for desktops. Even content systems that tout their support for mobile devices may offer discordant user experiences from platform to platform: for example, a system’s interface might differ considerably from an iPhone to an Android tablet. These differences create a cognitive drag for mobile workers, who are typically using at least three mobile devices - usually a smartphone, a tablet, and a laptop.
• Difficulty locating information
  Without a unified content repository, employees have to perform multiple searches to track down the files they need.
• Manually copying and collecting files
  An employee working on a project that requires a product specification stored in SharePoint, images posted to Google Drive, and notes distributed across Office Online and Box, has to log in and out of all these different systems, copying files, perhaps emailing files, and putting together an ad hoc local collection of files. This process is inefficient to say the least and makes document version control extremely challenging.
• Increased security risks
  Copying files and distributing them by email leads to greater security risks, as files can be infected with viruses or malware that can affect the entire network if undetected.

The Solution: File Access Unified and Simplified

To increase worker productivity and improve content security, enterprises need a straightforward, unified approach to accessing files that makes all content readily available at any time on any device.

Accellion has solved this problem. The kiteworks solution provides secure, real-time access to enterprise content stores located on-premises or in the cloud, allowing users to securely view, download, edit, share, and upload files without having to duplicate files into a new content system or expose them to a virus or data breach.

Enabled by Accellion’s unique content connectors that link kiteworks to an enterprise’s multiple content systems, a single pane of glass view provides:

• A single interface and central location for accessing all content, regardless of where it is stored
  Employees get secure universal access to content stored in ECMs, file shares, home drives, and cloud storage services such as Microsoft OneDrive for Business, Google Drive for work, Dropbox, and Box.
• Consistent user experiences across devices
  The kiteworks user interface features a mobile-first design that works with the limited screens and gesture-centric interfaces of mobile devices, while also working equally well on traditional desktop systems.
• Simplified searches
  Employees can use kiteworks to conduct file name and full text searches across multiple content systems at once, saving time and eliminating guesswork about where content resides.
• Increased productivity and reduced busywork
  Because kiteworks users can access files directly from multiple content systems, and can edit and save those files back to the same content systems, users don’t waste time copying or emailing files or worrying about version control.
• Improved security and reduced risk
  Because files are accessed, edited and saved using kiteworks, rather than through local copies or email, the risk of data leakage is greatly diminished. A central source for accessing files also enables IT administrators to regain control over the distribution of sensitive content without worrying about users incorporating unapproved applications, i.e. shadow IT.

For a great overview of single pane of glass and the value it provides enterprise employees and organizations, watch this brief video.

You can learn more about single pane of glass by clicking here.

When we speak with prospective customers about their technology pain points, a lot of them mention FTP. 

Most of these prospective customers acknowledge the fact that FTP isn’t a perfect file sharing solution but justify using it because it’s a familiar solution. As a result, they tolerate FTP’s clunkiness and other shortcomings, including the IT resources required to manage it. This tolerance however only lasts for so long. When employees start using unsecure shadow IT solutions as an easy (or easier)-to-use alternative, they put sensitive enterprise information at risk. When this happens, data security is compromised and organizations—particularly those in highly regulated industries—can’t pass a compliance audit. It’s at that time that we find organizations are ready to talk to us.

This was the case last year when a leading provider of inflight entertainment solutions (they asked that their name be withheld) turned to kiteworks. The organization’s employees struggled with FTP when sharing large files or accessing files while out of the office. “FTP was what we had always used and known, but we knew there was a better way,” according to the organization’s Manager for Business Systems. The organization selected Accellion’s secure content platform, kiteworks, to address these concerns and hasn’t regretted its decision.

Not only did kiteworks prove to be a more efficient solution, it also provided core security and auditing capabilities that FTP wasn’t able to deliver. For example, with kiteworks, the organization could now manage access to specific files and folders to ensure confidential files stayed confidential. This proved particularly valuable with respect to the organization’s customer communications efforts. With kiteworks, customers were able to log in and access confidential files and because those files were stored in secure containers, they were isolated from other proprietary content.

With mobile file sharing among engineers enabled and customer collaborations enhanced, the organization is able to be more productive and secure. That’s bound to make any IT staff happy.

The organization’s manager for business operations sums it up pretty succinctly, “the fact that I don’t have to worry, that’s a rare thing for an IT professional. The bottom line with kiteworks is it just works.”

To read this case study, please click here. 

To learn more about kiteworks, Accellion's on-premise, private cloud secure content platform and how it helps organizations be more productive and secure, please visit our Solutions for Enterprise IT page.

Enterprises are increasingly moving their data to the cloud. In fact, the typical enterprise hosts over 1,100 cloud services on average. With respect to enterprise content management (ECM) systems, it’s not uncommon for an organization to have data stored in: SharePoint, SharePoint Online, Documentum, OpenText, File shares, Dropbox, Google Drive for Work and Box.

Why so many? Wouldn’t it make sense to pick one ECM system and consolidate all enterprise data onto one or two systems? Wouldn’t it be convenient to have all enterprise data in one location, making it easier to search, edit, collaborate and store?

Well, as the old saying goes, all that glitters is not gold. There are a number of drawbacks to this strategy that can drastically impact an organization’s operations, budget, data security, data privacy and the ability to demonstrate compliance with industry requirements. Let’s take a closer look:  

What’s at stake?

Budget
As businesses grow, they generate more data and therefore need more places to store that data. They may outgrow some legacy ECM systems, adopt new systems as a result of merger or acquisition, or trial a new system as part of a larger software deal. Complicating matters further, that data needs to be backed up or, in many regions in the world, stored locally. It makes sense therefore that there’s a trend to move data to the cloud where it’s easier to manage. Nevertheless, all of these ECM systems cost money to deploy and maintain.

Investing in a data consolidation initiative would likely include significant professional services fees and could increase an enterprise’s IT budget by six or seven figures. This would be a significant expense for most organizations. As a result, it will be imperative for CIOs to deliver considerable ROI to justify this kind of an investment. If the migration stumbles or fails, it could be a career-limiting move for most CIOs.

Operations
Migrating enterprise data isn’t as easy as cutting and pasting files and folders. It’s not out of the ordinary for large organizations to generate petabytes or more of content and data. For example, with hundreds of sensors being installed in aircraft engines, one Boeing 737 engine generates 10 terabytes (TB) of data every 30 minutes in flight and a twin-engine aircraft on a transatlantic flight produces 240 TB of data. To store one terabyte of data would require approximately 1,400 CD-ROMs, 220 DVDs, or 40 single-layer Blu-ray discs.

As the volume of data increases at an alarming rate, consolidating that data would be an enormous undertaking that is sure to prove disruptive to operations. In addition, shutting down a legacy system could have repercussions for the larger ecosystem given how integrated these systems are to an organization’s broader IT infrastructure. The traditional “rip and replace” practice isn’t so cut and dry in today’s IT environment.

Data Security
In this current threat environment, a data breach isn’t a matter of “if,” but “when.” Security concerns are heightened when data is stored in a public cloud, as credentials and permissions are typically poorly managed and activity monitoring is often weaker.

By contrast, a private cloud deployment ensures full availability, integrity and confidentiality of an enterprise’s data as servers, storage, application service, meta-data and authentication are all managed within the firewall. A public cloud storage provider cannot make these claims. CIOs are well aware of the security limitations of a public cloud deployment and are choosing private or hybrid cloud deployments as an alternative. It’s just not worth the risk.

Data Privacy
A data breach isn’t the only way in which an organization’s data can be compromised in the public cloud. If a U.S. law enforcement or intelligence agency wants access to an organization’s data, a public cloud storage provider must comply. It doesn’t matter if the data is encrypted because the public cloud storage provider either manages the encryption keys or shares access to them. With data stored in a private cloud, there is only one set of encryption keys and they belong to the owner of the content.

Data privacy is considerably more complicated when the data involves EU citizens. While Privacy Shield may still not be ratified, the requirement to store European customer data locally appears non-negotiable. In fact, the EU has already fined companies not in compliance. While some public cloud storage providers have negotiated agreements with European partners to store European customer data, it is still under debate who would have jurisdiction over that data: the European partner housing the data or the U.S. company that owns the customer relationship. This debate makes many EU regulators and privacy advocates both suspicious and uneasy. Is it in any European company’s best interest to challenge the EU’s authority or raise the ire of EU citizens?

Compliance
With the increase in the number and severity of data breaches, industry compliance requirements that verify data security are becoming more prevalent and more important. The compliance landscape is a veritable sea of acronyms in which no industry is immune.

Can organizations be absolutely certain that by consolidating all of their data into a public cloud that they will be compliant with all corporate and industry compliance requirements? While public cloud providers support a number of industry compliance requirements, the fact that it stores customer data in the public cloud makes it non-compliant with many organizations’ internal compliance requirements. The lack of faith in public cloud security is a big driver behind the emergence of hybrid clouds; some companies simply cannot or will not store sensitive content in the public cloud.

Why migrate hundreds of thousands or millions of files onto a single platform if you don’t have to?

In any enterprise, each ECM system has its own unique purpose and, from a technology perspective, each has its own unique set of strengths and capabilities. As a result, enterprises should be able to choose a best of breed ECM solution based on system strengths and corporate requirements rather than having to choose, adapt to and accommodate just one system.

If an organization had a unified view into content stored across the enterprise, regardless of whether that content was stored on-premises or in the cloud, there wouldn’t be a need to consolidate enterprise data. kiteworks by Accellion offers enterprise organizations this single pane of glass view. With kiteworks, enterprise employees have a unified view into on-premises ECM systems such as Microsoft SharePoint, Windows File Shares, Documentum, OpenText, as well as cloud solutions including Microsoft OneDrive for Business, Google Drive for Work, Dropbox, and Box.

Not only is access to content simplified with kiteworks, but workflows are too. Files can be opened, edited and shared securely from any type of device. Also, employees don’t have to recall which file is stored in which ECM system. Users can search from kiteworks and, once a file is edited or revised, it doesn’t have to be duplicated or uploaded back to the ECM system of origin. This enables end users and system administrators to more easily track and manage draft versions to maintain the integrity of the document of record.

And because kiteworks is an on-premises, private cloud deployment, there is no co-mingling of data. Organizations also have complete ownership of their encryption keys to enable full control over the availability, integrity, and confidentiality of their content. Lastly, IT departments enjoy centralized audit and reporting capabilities to ensure enterprise security and compliance.

Consolidating data just isn’t worth the cost or risk, particularly when kiteworks by Accellion provides a more efficient and secure alternative.

For a great overview of single pane of glass and the value it provides enterprise employees and their organizations, watch this brief video.

To learn more about how kiteworks can help your organization communicate and collaborate more easily and securely, please contact us. 

Mitigate risk of a data breach with DLP and AV scans while sharing files stored in various systems of record

Accellion, Inc., the leading provider of private cloud solutions for secure file sharing and collaboration, today announced several new, powerful security features in the kiteworks content platform that further enable enterprises to keep their critical enterprise data secure while extending compliance with rigorous industry requirements.

These new features provide added protection to an enterprise’s various content management systems by scanning all sent and received files to identify any viruses or malware that could lead to a data breach. Whether the files reside in on-premises or cloud-based enterprise content systems, the data within the files can now be scanned with data loss prevention (DLP) and antivirus (AV) capabilities to further safeguard enterprise content.

Because kiteworks seamlessly integrates with existing content management systems, employees can access, edit and share all enterprise content from a single pane of glass without having to duplicate or upload edited files back to the system of origin. Now with DLP scanning of every downloaded file and AV scanning of every uploaded file, employees can collaborate securely with external partners across the enterprise ecosystem while enterprises can be assured that their most critical content will stay secure, regardless of where it is stored or from which device it is accessed.

Accellion’s new security features include the following key capabilities:

• Antivirus Scans on File Upload– perform an AV scan automatically on any file that is uploaded through kiteworks to an on-premises or cloud based enterprise content management system like SharePoint, SharePoint Online, Documentum, OneDrive, Dropbox, Box, and others. If a user attempts to upload an infected file, the action will be suspended and the user will be informed of the failure.
   
• Data Loss Prevention Scans on File Download– perform a DLP scan automatically on any file that is downloaded through kiteworks from an on-premises or cloud based ECM system. If the file is infected and fails the scan, both the recipient and sender will be informed.

“The core value of kiteworks is its ability to protect enterprise data and ensure rigorous industry compliance,” remarked Yorgen Edholm, CEO of Accellion. “These new features, in combination with our many existing capabilities, further demonstrate that kiteworks is singularly qualified to keep enterprises and their most valuable content safe.”

Accellion will be hosting a webinar to introduce these and other new features today, Wednesday July 27^th, at 11:00 am PDT. To register for the webinar, please click here.

For more information about Accellion and its kiteworks secure content platform, please visit: www.accellion.com.

People by and large like having options. If you’re buying a car, you want to be able to choose which make and model, which color, and which options. While having a number of options to choose from is always preferable, having too many choices can be problematic.

In the case of Gemalto, a world leader in digital security, the Company had too many options when it came to file-sharing solutions. This proved to be cumbersome for employees and a compliance concern for Gemalto’s IT department. The Company decided it was time to streamline their file-sharing solutions and processes and began looking for a single solution that was enterprise-grade, user friendly, and suited their unique business, security and compliance needs. 

As one of the world’s largest manufacturers of SIM cards, smart cards, tokens and secure modules, Gemalto’s security and compliance requirements weren’t to be taken lightly. As a result, they did not make their EFSS solution in haste. Accellion was brought in and underwent a rigorous three month trial to ascertain whether or not it could meet their stringent requirements.

Over the next three months, Gemalto put Accellion’s file sharing solution and its many security features through their paces. Security and compliance, however, weren’t the only requirements Accellion had to meet. Gemalto also required Accellion to demonstrate its file sharing solution could be deployed on-premises and integrate with the Company’s existing Atos infrastructure – both without disrupting operations.

At the conclusion of the trial period, Vincent Laluque, ISS Core Services Manager at Gemalto, summarized the Company’s decision this way: “we chose Accellion because it was the best suited solution to meet our very rigorous security requirements and help improve productivity.”

Additional considerations that tipped the scale in Accellion’s favor was the fact that Accellion could accommodate Gemalto’s global workforce and workflows that frequently involve sharing large files. While Gemalto is headquartered in the Netherlands, the Company employs over 14,000 people in 46 different countries. Collaborating on files exceeding 80GB in size is not uncommon however, before Accellion, the ability for Gemalto to share these files efficiently was indeed rare. With Accellion deployed, Gemalto’s employees are not only able to work and collaborate more efficiently but also within the Company’s strict security and compliance standards.

To read this case study, please click here. 

To learn more about kiteworks, Accellion's on-premise, private cloud secure content platform and how it helps organizations be more productive and secure, please visit our Solutions for Enterprise IT page. 

When we talk about security, we mean securing content and keeping enterprise data safe from malware and other forms of data loss.

One of our customers (they asked that their name be withheld) also talks about security but they secure US troops, civilians, military installations and critical infrastructure. Specifically, this aerospace and defense company deploys field service professionals in remote locations to operate and support unmanned aircraft systems.

Given the remote and inhospitable nature in which this Company operates – not to mention the classified nature of its business – makes communications and collaboration between field technicians and their command centers difficult, to say the least. The Organization’s field technicians need a reliable way to access new and frequently updated training manuals and other technical documents in order to do their jobs effectively. Accessing and downloading these documents, in addition to uploading and sending progress reports, was extremely difficult as technicians were often times, literally, in the middle of nowhere.

Therefore, the Organization had two critical needs: a file sharing and collaboration solution that demonstrated the highest levels of security; and a solution that was reliable in extremely harsh and isolated conditions.

After a thorough vetting process, the Company selected Accellion’s kiteworks solution for its unique ability to accommodate the Organization’s critical security and functionality requirements – all of which were “must haves.”

The Company chose the private cloud, on-premises deployment of kiteworks and promptly rolled the solution out to its field service technicians. The implementation was straightforward, with employees up and running quickly and with no training required. With kiteworks now deployed, field service technicians are able to securely access and share encrypted training and certification materials that are further protected by a secure mobile container that keeps content isolated from all other content stored on their devices.

Because the Organization’s field service technicians work in remote and inhospitable environments, Internet access and device failure are quite common. With kiteworks, if Internet access is disrupted or not available, technicians can still access the documents they need in kiteworks, leveraging an offline PIN.

When securing people and territories is your job, it’s very reassuring to know the tools you need to be effective work, work consistently, and work securely.

To learn more about how kiteworks enables this organization to operate securely and efficiently, download the case study here.  

To learn more about kiteworks, Accellion's on-premise, private cloud secure content platform and how it helps organizations be more productive and secure, please visit our Solutions for Enterprise IT page.

The United Kingdom’s (UK) exit from the European Union (EU), more popularly known as “Brexit,” will have broad ramifications for IT organizations on either side of the Channel. Among those ramifications are new challenges regarding data sovereignty and data privacy involving the Personally Identifiable Information (PII) of UK and EU citizens.

Brexit and Data Sovereignty

Data sovereignty is the idea that digital data is subject to the laws of the location where it is stored. When data is stored in an EU member nation, it is subject to EU laws—in particular, the General Data Protection Regulation (GDPR). Since the UK is currently a member of the EU, data in the UK is subject to EU laws and regulations.

Once the UK leaves the EU, however, their respective data storage laws may not be compatible with one another. In fact, the Information Commissioner’s Office (ICO), an independent body established by the UK to uphold information rights, has confirmed that the GDPR will have to be adopted into UK law in order for data to be transferred between the UK and the EU.

In order to comply with the GDPR, the UK will have to establish an international agreement with the EU, similar to the US-EU Safe Harbor Agreement in 2000 and the Privacy Shield Agreement in 2016.

Let’s look at three unique implications Brexit will have for IT organizations based upon where an organization conducts business and whose data it is handling:

• For Organizations Operating Solely in the UK

Data privacy and data sovereignty regulations are likely changing. Most likely they will be similar to the EU GDPR, but if the new regulations are stricter or in any way different, businesses in the UK will need to adjust their data policies and practices accordingly.

• For Organizations Operating in the UK and the EU But Not the US

For now, it’s business as usual – comply with the GDPR. Once the UK formally exits the EU and adopts its own regulations, however, companies operating in the UK might need to establish data centers in the UK and the EU in order to accommodate EU data sovereignty requirements. Naturally, these companies will now have to establish, manage and audit different data policies and practices for each location.

• For US-based Organizations Transferring Data between the US and the EU

For now, US-based businesses handling EU data can comply with EU data regulations either through model contracts (assuming these withstand the ongoing scrutiny of regulators) and the new Privacy Shield Agreement, which was recently ratified by the EU. After Brexit, US- and UK-based companies might need to negotiate separate agreements with one another, since any US-UK data transfer will no longer be covered by Privacy Shield.

Common to all these scenarios is the requirement for companies to pay attention to where the PII of residents of specific countries are stored, and to ensure that data is always handled in compliance with the appropriate regulations.

Further Complications and Potential Uncertainty

As complicated as this situation sounds, it may become more complicated yet. Consider the following variables:

• Scotland May Leave the UK and Rejoin the EU

Scotland held a similar referendum to exit the UK last year (citizens ultimately voted to remain) and in the Brexit vote, Scotland voted resoundingly to remain in the EU. Disappointed by the Brexit outcome, the Scottish government is now considering holding a second independence referendum to leave the UK in order to remain in the EU. If Scotland does rejoin the EU, the UK would be required to comply with the GDPR when processing the personal data of Scottish citizens.

• Northern Ireland may also decide to Leave the UK and Rejoin the EU

Weary of political partition and strife, Northern Ireland might want to eliminate the need for a guarded border between a non-EU region and the Republic of Ireland, which remains a member of the EU. (The Good Friday Peace Accords were premised on both countries being members of the EU and the border remaining open.) In addition, Northern Ireland’s economy is strongly linked to the EU – about 55% of its manufacturing goes to the EU, principally the Irish Republic. As with Scotland, if Northern Ireland returns to the EU, then on behalf of any Britain-based organizations storing PII belonging to a Northern Ireland resident, the UK would need to adopt GDPR or some other data protection law that the EU recognizes as giving adequate protection to personal data.

• Companies Will Move Staff and Perhaps Even Headquarters to Remain in the EU

If a UK address no longer provides tariff-free access to the EU market, manufacturers may close or relocate their operations. For example, Toyota, which produced nearly 200,000 cars last year in its Derbyshire plant, expects to pay 10% higher duties on cars as a result of Brexit. Those duties would not apply if Toyota’s factory was in the EU. Banks and financial services firms are also considering leaving London for Dublin, Paris, or Frankfurt. Vodafone, a telecommunications giant and the seventh largest company listed on the FTSE 100, has also announced it might move its headquarters outside the UK. These moves could have drastic ramifications on the UK’s tax revenues and unemployment rate.

Regardless of the scenario, Brexit is going to make the IT function a lot more complicated. UK-based businesses will have to, at bare minimum, adopt GDPR and devise new practices and policies to comply with a different set of data privacy and data sovereignty requirements.

kiteworks and Post-Brexit Data Sovereignty

Despite all of these shifting alliances and trade rules, businesses need to keep operating efficiently and securely. Their mobile workforces still need access to data and that data needs to be secure as it’s transferred from device to device and from region to region. Data security therefore needs to be policy-driven, detail-oriented, and highly configurable.

kiteworks offers enterprise organizations a secure file sharing and collaboration solution that enables secure internal and external sharing of enterprise information, and a development platform for designing and deploying custom enterprise applications to increase productivity, while ensuring data security and compliance.

The Advantages of a Tiered Architecture

The kiteworks platform features a flexible tiered architecture that enables Web, application, and data storage tiers to be deployed and scaled separately as needed. Any or all tiers may be deployed as private cloud services, giving enterprises full control over the security and locality of their data. This is critical for businesses that need to comply with the shifting data privacy regulations prompted by Brexit as well as the ratification of Privacy Shield.

The diagrams below show various deployments of these tiers, which can be configured to not only meet location-specific requirements for data sovereignty compliance but also to optimize performance.

The first diagram shows the kiteworks architecture with its separate tiers for web presentation, application logic, and storage. All three tiers are present whether the kiteworks platform is deployed as a virtual appliance or on physical servers in a data center or a cloud service.

In the next diagram, a company based in the post-Brexit UK needs cloud services for the UK and the EU. UK data is stored in the UK, and EU data is stored in the EU. Both locations benefit from a local, highly responsible web tier. But the company benefits from a common application tier, enforcing business policies and operational rules.

Any tier can be scaled independently to address demand.

The diagram below shows even more flexibility. Data is stored on-premises in Germany and Italy. As in the first example, a centralized application tier enforces business rules for the entire organization. And all three locations—the UK, Germany, and Italy—benefit from a locally hosted web tier, ensuring that mobile and desktop users in each location benefit from high performance.

Conclusion

To adapt to a post-Brexit world, organizations operating in the UK will need to be flexible. The multi-tiered architecture of kiteworks provides the flexibility they need, along with best-in-class content management services for today’s mobile workforce.

To learn more about how the kiteworks platform can benefit your company’s international IT requirements, please contact us.

High fashion is big business. Ask Randa Accessories.

Established in 1910, Randa is the world’s leading men’s accessories company, creating and marketing soft goods including ties, belts, hats, gloves and much more. The Company has operations in 11 countries on five continents—and continues to grow.

Given Randa’s size and reach, the Company generates and transmits lots of data: financial information, legal contracts, product photos, sales forecasts, marketing material, personnel files and lots more. Employees had traditionally relied upon email to send this information to employees and trusted external partners, knowing all along there had to be a better option. 

“We wanted to maintain [Microsoft] Outlook for its primary purpose—a messaging server—and find a more efficient way to securely share files as a company,” shared Charlie Townsend, Randa’s Chief Technology Officer.

In its search for a solution, Randa learned of kiteworks and, upon seeing its streamlined dashboard, numerous administrative capabilities, and ease-of-deployment, the decision was clear: kiteworks fit Randa’s needs like a glove.  

The kiteworks installation was quick and seamless. While initially rolled out to a select number of departments and end users, rumors of the solution’s many capabilities and ease-of-use spread to other departments. As a result, the number of users has almost doubled since the solution was deployed last year. Townsend confirms, “a clear indicator of kiteworks’ ease-of-use is its widespread popularity across so many of our departments. The user count keeps going up—climbing every day.”

Today, kiteworks plays an integral part in the daily operations of nearly all of Randa’s departments. For example, Finance uses kiteworks to share corporate development materials for the Company’s many M&A transactions. US and UK-based employees who work in Design share product photos with one another. Members of the Product Marketing team use kiteworks to send sales and product presentations—some exceeding 100MB in size.

Townsend summarizes the value kiteworks brings to Randa poignantly: “kiteworks makes our teams stronger, enabling our associates to better share and edit information and work together as groups.” 

To learn more about how kiteworks is helping Randa Accessories collaborate and work more efficiently, please click here.

A recent data leak at the FDIC provides a cautionary tale about the risks removable media creates for data security.

Friday, February 26 was an FDIC employee’s last day at the agency. As she packed up her office, she downloaded what she thought were her own personal files such as family photos onto a USB drive. Unfortunately, she also accidentally downloaded the personally identifiable information (PII) of 44,000 bank customers.

By Monday, March 1, the IT team at the FDIC had detected the breach, contacted the employee, and promptly retrieved the disk. As far as anyone can tell, the data never reached the black market and it would appear the incident was nothing more than a close call and a cautionary tale.

The FDIC did several things right in this case. They had already implemented data loss protection software that was able to detect the data leak automatically. When that software alerted the data security team to the breach, they acted quickly.

There’s a question, though, whether the employee should have been able to download the data to a USB drive in the first place. Removable media such as USB drives and data sticks account for a high percentage of data breaches. The American Dental Association in fact inadvertently distributed USB drives infected with malware to its members late last year, potentially compromising millions of protected health records (PHI).

At some financial institutions, computers have their USB ports disabled specifically to prevent this type of breach. That’s a prudent precaution but it doesn’t address the risk of employees illicitly accessing confidential data in other ways and jeopardizing an organization’s data security.

Public Clouds: The New Data Transfer Technology of Choice

Instead of transferring data with a device such as a USB drive, employees can simply copy files to a public cloud file storage service like Dropbox, Google Drive or Evernote. Once the files are uploaded, the service automatically copies them to all the devices linked to the user’s account. Within seconds, files are duplicated—possibly across dozens or hundreds of devices if folders have been shared with other users—without any need for removable media.

Public-cloud file sharing creates a critical challenge for any organization concerned about preventing or discouraging the unauthorized distribution of confidential files. Not only is it easy for employees to copy files carelessly or maliciously to public cloud services, most organizations have no idea how many or which cloud services their employees are accessing. A study by Cisco found that while CIOs typically estimate that their organizations are running on average about 50 cloud services, the real number of active cloud services is closer to 730. Most of these cloud services operate as “shadow IT,” meaning outside the scrutiny of the IT department. IT administrators cannot monitor these services since they don’t know they are in use.

IT organizations could try blocking all cloud-based file-sharing, but most would acknowledge that at least some of the time employees are copying files for legitimate, work-related reasons. For example, the typical mobile worker today is carrying three mobile devices: a laptop, a tablet, and a smartphone. For an employee to be productive, all these devices need access to files an employee is working with. Syncing files through a cloud service makes file access automatic and helps ensure that employees always have the latest copies of the files they need, regardless of where they happen to be working.

But the productivity benefits of file sync and share services do not eliminate the security risks inherent with those services, especially for organizations like the FDIC that handle lots of PII. Unauthorized sharing of PII can take many forms: employees might misconfigure permissions, making content available to unauthorized users, or employees might forget that they have shared a folder in which confidential information has been recently added. For many public cloud file-sharing services, there is no administrative control for tracking, monitoring, or curtailing the distribution of files. Confidential content might be leaked routinely for weeks or months before the IT department discovers that a problem exists.

Making Cloud-based File Sharing Secure with kiteworks

To give employees a convenient file sync and share service that boosts productivity but also protects confidential data such as PII, organizations should deploy a solution like kiteworks by Accellion. kiteworks is a secure content management platform that allows users to access, edit, share and collaborate on files stored across an enterprise, from any location, using any device.

With kiteworks, employee productivity is significantly enhanced and organizations are enabled to meet the highest standards for data security, data governance and regulatory compliance. For example, secure containers within kiteworks protect content from unauthorized access by other applications or malware. Employees get access to the data they need, while ensuring that confidential data remains safe and continuously under the control of the IT department.

To ensure that employees have secure, convenient access to all the files they need, kiteworks provides Enterprise Content Connectors that create secure, fully integrated connections to leading Enterprise Content Management (ECM) platforms such as EMC Documentum and Microsoft SharePoint. The platform also provides connectors for public cloud services such as Box, Dropbox, and Google Drive. Files from all these sources are presented in a single, consistent, and mobile-friendly user interface. Whether employees are using SharePoint, Google Drive, or Dropbox, kiteworks monitors file activity and enforces the security controls required by organizations in financial services, healthcare, and other highly regulated industries.

The kitworks platform also integrates with data loss protection (DLP) solutions, enabling enterprises to enforce existing DLP policies automatically for all employee devices.

Recommendations for Protecting PII and Other Confidential Data

To protect against data leaks involving removable devices like USB drives or the careless copying of files to cloud services, enterprises should do the following: 

1. Establish clear guidelines on data sharing and storage standards for employees and partners.
2. Forbid or discourage the use of removable media such as USB drives.
3. Implement full-disk encryption on laptops, so if laptops are lost or stolen, data remains safe.
4. Deploy a solution like kiteworks to affordably implement policy-based content management across all cloud services and content systems.

To learn more about kiteworks, please contact us.

Pleasanton is a city of 78,000 people in the Tri-Valley area of the San Francisco Bay Area. The City is also home to about 4,000 businesses, including offices for companies such as Clorox, Oracle, Safeway, and Workday. It’s a full service city, meaning that it has its own police department, fire department, and library. The City employs 500 people year round, plus another 200 workers for seasonal work. A single IT organization serves all City departments.

As the City’s IT Director, Allen Hammond pointed out in a recent Accellion webinar, Tips and Tricks from the City of Pleasanton, email poses problems for city governments, which are legally required to keep tight control over the distribution and storage of important files.

For many years, the City relied on email for file sharing. But Hammond encountered many problems with email attachments, including:

• Big files. Employees need to send big files to vendors, citizens and neighboring city governments. For example, the SWAT team needs to send maps and tactical plans to their colleagues in the City of Livermore.
• Different file size limitations imposed by different email providers. Senders cannot be certain that recipients receive their files. Some email services accept files larger than 10 MB. Some don’t.
• Frustration that tempts employees to adopt “shadow IT” (unauthorized IT services). File size limitations can tempt users into using public cloud services such as YouSendIT and Dropbox, a compliance no-no for government agencies.
• Loss of control once confidential files are sent to outsiders. The City’s IT organization had no way to monitor or control the distribution of files emailed to external users.
• Lack of support for record keeping. Pleasanton and other city governments are required to keep complete records of public communications, but that can be difficult when employees are using different services to send files.

For a while, Hammond and his team relied on FTP for transferring large files. They quickly discovered that FTP had its own set of problems:

• High overhead. IT engineers had to spend time creating, supporting, and deleting FTP accounts as projects started and finished.
• Lack of security. Anonymous FTP—which dumps files into a shared hierarchy of folders—wasn’t secure. But because it was so easy to use, employees preferred it instead of more secure accounts.
• Headaches with version control. IT engineers were spending valuable time keeping track of the latest FTP clients and browser plugins and troubleshooting problems caused by incompatible software.
• Reputation as old, cumbersome technology. Many young tech workers expect IT services to be Web-based and easy to use. They considered FTP hopelessly old-fashioned.

To address the shortcomings of both email and FTP, Hammond and his team began looking for a file-sharing solution that was easier to use than FTP and more secure and manageable than email.

Document Sharing, Collaboration, and a Mobile Workforce

In addition to addressing the logistics, compliance, and security problems of email and FTP, Hammond wanted a collaboration solution that would:

• Make collaboration easier than sending files back and forth in long email threads. Email should be used for notifications about project updates, not for project updates themselves.
• Support SharePoint, even for people who don’t have SharePoint accounts. The City needs to make files available to non-SharePoint users (such as City residents) without duplicating content or losing control over sensitive content.
• Give field workers, such as public works inspectors, access to large files without overwhelming the limited storage capacity on their mobile devices. Field workers were issued 16 GB iPhones therefore files such as forms and site plans need to be easily accessed but not require downloading.

kiteworks: On-Premises Security and Control

After evaluating various solutions, Hammond and his team selected kiteworks by Accellion.

The kiteworks content collaboration platform provides secure content storage and file sharing for users anytime, anywhere, and on any kind of device. “One of the great things about kiteworks is its connectivity,” says Hammond. The platform integrates internal content repositories such as SharePoint without duplicating content or requiring external users to have accounts.

At the same time, it enforces rigorous access control policies and logs all user activity so that it complies with stringent record-keeping requirements. “We need to maintain the chain of custody on shared documents, and kiteworks totally addresses this,” says Hammond.

One critical advantage of kiteworks over public cloud solutions like Dropbox and Box is that it runs on a private cloud. The City of Pleasanton runs kiteworks in its own data center, keeping full control over the location and storage of the City’s data. In addition, kiteworks gives Pleasanton control of the encryption keys used for encrypting content. Many public cloud storage providers keep these keys themselves, and therefore have access to their customers’ data.

The kiteworks platform meets all of the City of Pleasanton’s requirements:

• Supports file sharing and collaboration that is fast, easy, and secure.
• Accesses files stored in Microsoft SharePoint—anytime, anywhere.
• Enables employees to restrict certain files as “view only,” ensuring they won’t be copied or shared.
• Complies with the City’s legal Chain of Custody and Public Records Act requirements.
• Gives mobile workers secure anytime access to confidential documents and large files to improve operations.

To Learn More

To learn more about kiteworks and how it helps the City of Pleasanton share files and collaborate securely, download the case study.

Secure external collaboration with doctors, specialists and facilities also improves patient care

Accellion, Inc., the leading provider in external content collaboration, today announced continued performance in the healthcare industry, enabled by the unique security and collaboration capabilities of its industry leading kiteworks platform.

The need for secure collaboration has never been greater. Nearly 90% of healthcare organizations (HCOs) have suffered a data breach in the last two years, according to a survey by the Ponemon Institute. Legacy systems, strained budgets, undertrained employees, and sophisticated malware and ransomware are all contributing factors. Because protected health information (PHI) can contain social security numbers, prescription histories, employer details and family information, its value on the black market can exceed the value of a stolen credit card by as much as 50 times.

With medical devices capturing and transmitting increasing amounts of health data, HCOs need to be able to securely store and share PHI to ensure patient privacy and improve patient care. As a result, a number of healthcare companies have turned to Accellion to ensure their patient data stays private but also to enhance the way doctors, specialists and administrators access and collaborate on patient data.

“We needed a way for staff to easily share important documents but with watertight security,” commented David Hayes, IT Operations Manager for South Devon Healthcare NHS Foundation Trust. “We have senior executives who now do 95 percent of their work on an iPad, and Accellion ensures this is done in a safe and secure way. In fact, with Accellion, we’ve empowered users to work in different ways, in a manner that makes them more productive, and it’s allowing us to shift how we deliver services – all for the better.”

Accellion is singularly qualified to protect HCOs and their patients’ PHI. With kiteworks, HCOs avoid risky content migrations and workflow disruptions because patient records stay in their legacy content systems, lessening the risk of data loss. Key security capabilities of the kiteworks content collaboration platform include:

• Antivirus and DLP scanning
• Restricted folders and leakproof editing
• File and folder expiration
• Encryption keys ownership
• LDAP/AD, SSO integration
• Remote wipe
• IP restriction
• Offline PIN
• App whitelisting

Accellion's healthcare customers include: University of Pittsburgh Medical Center (UPMC); Phoenix Children’s Hospital; Horizon Health Network; University Hospitals of Leicester; University of Wisconsin Hospital and Clinics Authority; Penn State Milton S. Hershey Medical Center; Trinity Health; Partners HealthCare System; NSW Health Support Services; Center for AIDS Research Education and Services; and many more.

Accellion will be demonstrating kiteworks at the Healthcare Security Summit, presented by ISC2, on September 27^th in Boston, MA. During the conference, Ajay Nigam, Senior Vice President for Products at Accellion, will lead a discussion entitled: “Enable Secure Collaboration while Meeting Data Privacy and HIPAA Requirements.”

For more information about how kiteworks helps secure PHI, please visit: www.accellion.com/healthcare.

This month “Snowden,” Oliver Stone’s movie about NSA whistleblower Edward Snowden, opens in theaters around the country. It’s as good an occasion as any to look back at what’s changed in the three and a half years since this computer prodigy leaked information about global surveillance programs, shaking up political alliances and business relationships, and reigniting a very contentious data privacy debate.

Beginning in May 2013, Snowden’s disclosures to the media revealed that intelligence agencies were broadly monitoring the communications of ordinary citizens, not just suspected terrorists. “When Edward Snowden took four laptops and got on a plane, the world started to change,” said Brad Smith, president and chief legal counsel for Microsoft. “We started to learn things we didn’t know and ask questions we were not asking.”

As a result of the Snowden disclosures, the world has changed in these ways: 

• Intelligence agencies were asked to defend their practices.
  In the US, leaders in the intelligence community were called to testify before Congress. And because the Snowden documents revealed that NSA surveillance often involved the participation of other members of the “Five Eyes” alliance (Australia, Canada, Great Britain, New Zealand, and the US), those countries, too, demanded answers. 
   
• Some foreign governments and businesses shunned US technology.

  Recognizing that US tech companies and service providers were compelled to cooperate with the government’s mass surveillance activities, several foreign governments and many foreign enterprises canceled contracts with US-based companies and switched to non-US vendors. Verizon, Cisco, Google and even Boeing, among many other businesses, were impacted. The exact amount of lost revenue is difficult to quantify, but one industry analyst estimated that between 2013 and 2016, the US tech sector could lose up to $35 billion because of the sudden but profound distrust of US companies.
   
• Cloud computing projects embraced data sovereignty. 

  Instead of uploading data to cloud services that shuffled data among virtual machines and data centers automatically to optimize performance and cost savings, organizations began requiring that data be stored locally so that it remained subject to local laws. Enterprises and technology providers such as IBM began investing heavily in local data centers to maximize control over data privacy and moving data into regions under the jurisdiction of the US. 
   
• Courts ruled that some aspects of the surveillance programs were illegal, leading governments to make adjustments.

  In February 2015, the Investigatory Powers Tribunal (IPT), which oversees Britain’s intelligence agencies, ruled that the joint bulk data collection and sharing between the UK and the US breached human rights law. In May 2015, a US federal appeals court in New York ruled that the NSA’s bulk collection of US citizens’ phone records was also illegal. The following month, Congress passed the USA Freedom Act, which renewed authorization for most surveillance provisions established in the USA Patriot Act, while imposing some limited restrictions on bulk data collection.
   
• International treaties were renegotiated.
  In October, 2015, the European Court of Justice, the highest court in the EU, ruled that US mass surveillance practices violated EU privacy laws, nullifying the Safe Harbor Agreement and, in doing so, making the flow of EU personal data to US companies and to data centers in US territories for fifteen years now illegal. US and EU officials worked quickly to establish a new agreement, Privacy Shield, which gives EU citizens the right to question how their data is being used. Whether the new agreement can withstand legal challenges about privacy violations remains to be seen.
   
• IT vendors began advocating for customers’ right to privacy.
  Recognizing that customers no longer trusted them keeping personal data private, IT vendors began advocating for privacy. Facebook, Google, and other leading tech companies formed an alliance called Reform Government Surveillance. Apple and Microsoft argued forcefully against weakening security features to create “backdoors” to aid in government surveillance. Companies also argued for more transparency about security requests and subpoenas. This advocacy is ongoing.
   
• Enterprises re-assessed the security of their IT solutions and services.
  “The Snowden stories raised enough concerns about US government spying…that it became a smart business decision for companies with a global customer base to increase the use of encryption,” wrote Orin Kerr, a professor at George Washington University Law School. Indeed, the Ponemon Institute has found that while interest in encryption technology has been growing worldwide, it just experienced in largest growth in the past year. Some of that growth may be in response to the increasing frequency of data breaches, but some of it is also likely due to concern about intelligence agencies and nation states generally poring through data.

Looking Ahead: What Enterprises Should Expect

Given all these changes, what should enterprises do, going forward? 

• Assume that intelligence agencies are still interested in collecting data.
  It’s true that the USA Freedom Act curtailed the NSA’s bulk collection of telephony metadata, but other intelligence agencies remain interested in collecting vast amounts of data about ordinary citizens. For example, in the UK, the Data Retention and Investigatory Powers Act of 2014 requires telecommunications companies and ISPs to store email and telephone contact information for 12 months. The Investigatory Powers Bill (also known as the “Snooper’s Charter”) would expand the types of data stored to include records of websites visited. It would also require ISPs in the UK, upon legal request, to remove any encryption provided by their services to the data of specific users.
   
• Be wary of vendor technology that accommodates governments but creates new vulnerabilities.
  Several governments have requested that Apple and other technology vendors include “backdoors” in their products that would allow intelligence agencies and law enforcement agencies to access what would otherwise be protected data. Most technology companies have balked at this idea, in part because they fear that once a backdoor is created, it could be exploited not just by legal authorities but also by criminal syndicates and other nation states. While the Apple/FBI saga earlier this year pertained to accessing data stored on a mobile device, the crux of the debate was whether technology companies should engineer backdoor access for law enforcement.
   
• Pay attention to data sovereignty—IT support for data sovereignty will likely be critical for years to come.
  The nullification of the Safe Harbor Agreement called attention to the importance of data sovereignty and the location of data centers. Nations outside the EU, such as Canada and Russia, are drafting or have already passed their own data sovereignty laws. IT strategies and cloud architectures need to take into account that in a growing number of cases, PII will need to be stored locally and managed to accommodate the data privacy rights and laws of local citizens and governments, respectively.

How kiteworks by Accellion Can Help

Accellion's kiteworks content collaboration platform helps enterprises secure critical content, including PII, while making it easy for authorized users to access and share content securely from any type of device. Designed to support the content security and productivity needs of global enterprises, kiteworks features a highly scalable, flexible tiered architecture that enables enterprises to protect content while adhering to local data sovereignty requirements.

An important differentiator with kiteworks and its private cloud, on-premises deployment is the fact that customers maintain sole ownership of encryption keys. If a government agency contacts Accellion seeking access to a customer’s data, Accellion is unable to decrypt those files. All files are encrypted with 128‐bit or 256‐bit SSL to protect data in transit and secured with 256‐bit AES encryption while at rest. In addition, all data transactions are also logged by user/IP address and significant metadata is captured for each transaction.

To learn more about how kiteworks helps with data security and data governance, please contact us.

Accellion recently released a security patch, FTA_9_12_110, that allows IT administrators to disable TLS 1.0 and 1.1. (Accellion released a similar patch, kw_2016.02.00, for kiteworks customers in May.)

TLS, or Transport Layer Security, is a cryptographic protocol that provides communications security over a computer network. More simply, TLS provides the underlying security of an https connection. Similar to SSL (Secure Sockets Layer), TLS and TLS 1.0 are more current and have, until recently, been considered more secure.

Serious security issues however have emerged when TLS 1.0 is used. Specifically, a vulnerability was discovered in late 2014 that enabled a man-in-the middle exploit nicknamed POODLE (Padding Oracle On Downgraded Legacy Encryption). Researchers discovered they only needed to make 256 SSL 3.0 requests in order to reveal one byte of encrypted messages and that TLS 1.0 could also be exploited.

Concerns over the vulnerability were enough for the Payment Card Industry (PCI) Standards Council to declare TLS 1.0 no longer secure and established a deadline for compliance with TLS 1.2. As a result, after June 30, 2018, any organization using the TLS 1.0 protocol that accepts, transmits or stores any credit card number or cardholder data will no longer be PCI compliant. (It should be noted that the initial deadline was June 30, 2016 however so few companies were able to demonstrate compliance—Accellion was one of the few—that the deadline was extended two additional years.) 

With Accellion’s latest security updates, IT administrators are able to disable TLS 1.0 and 1.1. This ensures that all client connections use the secure and approved TLS 1.2 protocol. Despite the fact this is the new security standard, the disabling capability remains an administrative function (read: optional) in order to support older clients that do not support TLS 1.0 and above.

For customers using either the Accellion kiteworks or Accellion File Transfer (aka “Classic”) solution, we strongly encourage you to update your system with these patches in order to comply with this new standard. 

If you have any questions or issues, please contact Accellion Support:

Email: support@accellion.com

Phone:

• (Toll Free North America) 1-888-654-3778
• (International) 1-650-485-4350

Web: https://support.accellion.com

Microsoft Azure’s Global Customers Gain Access to Market Leading Content Collaboration Solution

Accellion, Inc., the leading provider in private cloud content collaboration, today announced kiteworks is now a certified solution in the Microsoft Azure Marketplace.

Microsoft Azure customers all over the world now have access to kiteworks to access and collaborate on files internally and externally from the web, a desktop or mobile device. Accellion customers can now take advantage of the scalability, high availability and security of Azure, with streamlined deployment and management.

This solution provides enterprise users secure VPN-less access to content stored in SharePoint, Windows File Shares, OneDrive, and Office 365, among others. With a universal, single pane of glass view into these and other content systems, users can extend their legacy content systems  by accessing, editing, sharing and collaborating on content without having to migrate that content to a new platform.

With a private or hybrid cloud, enterprise employees can also collaborate more securely with external colleagues, clients and suppliers. By utilizing kiteworks’ secure mobile container, users can share files securely to mitigate the risk of data breach, and also demonstrate compliance with industry regulations including HIPAA, SOX, PCI, and GLBA.

Key kiteworks benefits and features include:

• Seamless interoperation with numerous existing content systems to create or access any Microsoft files from the Web, a desktop machine or mobile device.
• Customer ownership of encryption keys to help secure data in transit and at rest.
• Enhanced productivity with co-authoring of Office Online documents, unlimited file size sharing, and file, folder and full text search.
• Granular control over all enterprise data with features like watermarking, file tracking and reporting, file locking and more.

“Accellion is delighted to be a part of the Microsoft Azure Marketplace,” commented Yorgen Edholm, CEO of Accellion. “Microsoft continues to find new ways to bring value to its customers, and the Microsoft Azure Marketplace is a prime example. Similarly, Accellion continues to find new ways to integrate with Microsoft, and having kiteworks available on the Microsoft Azure Marketplace is an excellent example. The combination of Microsoft’s unique platform, with Accellion’s market leading content collaboration solution, kiteworks, presents a very compelling offering. As a result, this is an exciting opportunity for Accellion and we look forward to working with Microsoft.”

Steve Guggenheimer, corporate vice president and chief evangelist, Microsoft Corp. said, “We’re excited to offer Accellion and its award winning kiteworks content collaboration platform in the Microsoft Azure Marketplace. With kiteworks, Azure customers have the ability to connect and collaborate with content stored on-premises and in the cloud without requiring a VPN solution. Having a single solution that provides universal access to content stored in SharePoint, SharePoint Online, Azure, OneDrive for Business and many other on-premises and cloud content stores improves collaboration and streamlines workflows. With this ease of access and what it means for employee productivity, we see kiteworks enhancing Office 365 and driving adoption and penetration of SharePoint and we're excited about that.”

To learn more about kiteworks and its many integrations with Microsoft products and services, including Microsoft Azure, please visit www.accellion.com/solutions/microsoft.