Healthcare data breaches are increasingly common—that’s one of the stark conclusions from the Ponemon Institute’s sixth annual study on the state of security and privacy in the healthcare industry. Drawing on a detailed survey of healthcare organizations (HCOs) and their business associates (BA), the Ponemon study found that in the previous 24 months:

•        89% of healthcare organizations had experienced at least one data breach
•        79% of healthcare providers had experienced two breaches
•        45% had experienced five or more data breaches

The sources of data breaches varied, but criminal actors, either inside or outside the HCO, played significant roles. When asked about the root cause of data breaches:

•        50% of healthcare organizations cited criminal attacks
•        41% cited errors by third parties
•        39% cited stolen computing devices such laptops
•        13% cited malicious insiders

Criminals clearly understand the value of stolen medical records for perpetrating medical fraud and other forms of identity theft. Stolen medical records can be used to illicitly obtain prescriptions, medical equipment such as electric wheelchairs, and medical care worth thousands or even tens of thousands of dollars. Experian reports that the average incidence of medical fraud ends up costing the victim over $22,000. It’s not surprising therefore that, on the black market, a stolen medical record sells for 10 times the price of a stolen credit card.

Since medical fraud is so lucrative, HCOs and BAs should expect the attacks on medical files and billing records to continue.

The Importance of Data Security for Business Associates and Other Third Parties

This year’s Ponemon healthcare data survey was the first to include business associates as respondents. Broadening the focus of healthcare data security to include the business associates of healthcare organizations makes sense. In 2009, the Health Information Technology for Economic and Clinical Health Act (more commonly referred to as the HITECH Act), expanded the scope of the HIPAA Data Privacy Rule to cover an HCO’s business associates such as third-party administrators, medical transcriptionists, law firms, CPA firms, and other parties providing services such as data analysis, practice analysis, and billing. Given the nature of their work, these organizations inevitably end up handling protected health information (PHI) like medical records, and unfortunately, their systems can be compromised. As a result, the HITECH Act requires these organizations to meet the same standards for data privacy and data security used by HCOs themselves.

HCOs seem to recognize the risks posed by BAs and other third parties. According to the Ponemon survey, about a third of HCOs believe that BAs are not vetted carefully enough, and about two thirds (61%) of HCOs are now paying more attention to the data security practices of the BAs they work with.

Solving the Problem of Data Breaches in Healthcare

To reduce the frequencies and scope of data breaches, HCOs and their business associates need new data security and data governance solutions that work with their existing IT systems. Specifically, HCOs and BAs need:

• Comprehensive data security - Data should be secured across the enterprise, regardless of whether it is stored on-premises or in the cloud. How it is accessed (e.g. desktop, laptop, tablet, mobile or wearable) must be considered as well. Ensuring that the data is encrypted in transit, in use and at rest is a great start.
• Comprehensive Antivirus (AV) protection - Anti-malware screening that stops rootkits and other software tools used by attackers should be in place. On mobile devices, sensitive content should be stored in a “secure container,” a protected area of memory and storage that minimizes the risk of contamination from malware that might reside elsewhere on a device.
• Support for secure collaboration - Because healthcare is inherently collaborative work, content management solutions that support common collaboration tasks such as task management, threaded discussions, and more should be equipped with security features to ensure healthcare providers can collaborate securely.

The kiteworks Solution for Healthcare Data Security

kiteworks by Accellion is a secure file sharing platform that enables secure access to enterprise content sources to allow HCOs and BAs to share, send, sync and edit files on any type of device, from any content store. 

Designed to reduce the risk of data breaches while supporting compliance and collaboration, the kiteworks platform:

• Encrypts data in use, in transit, and at rest.
• Provides controls and monitoring tools for IT administrators to enforce security policies and monitor the distribution of PHI.
• Integrates with a broad range of ECM platforms and data storage services, including Microsoft SharePoint, EMC Documentum, OpenText, Box, Dropbox, Google Drive, and others. Through this integration, kiteworks enables HCOs and BAs to enforce security policies consistently across all content systems, including public cloud data services.
• Enables healthcare providers to share content securely with trusted partners outside the HCO. Secure collaboration features include digital watermarking, restricted admin and files and folders expiration, among others.
• Provides built-in AV scanning to stop malware from infecting mobile devices and their content.
• Enables “remote wipe” or remote deletion of data on devices once IT administrators know a device is missing or an employee has left the organization.
• Supports task management and threaded discussions to ensure mobile employees have access not only to content but also the context for content.

To learn how kiteworks is helping leading HCOs such as Kaiser Permanente, Seattle Children’s Hospital and Indiana University Health protect PHI while supporting collaboration, please visit our healthcare page.

In this day and age, if you want to rob a bank, you can dispense with the overcoat, the wig, the cheap sunglasses, and the note slid across the counter to a blanching teller. According to numbers from the FBI, the yield from robbing bank branches is relatively low—$7,500 on average, even if that number is up from $4,300 several years earlier.  The risks of getting caught are also high—60% of robbers are caught, often on the same day as the robbery.

By contrast, your yield would be 10,000 times higher if you targeted the communication system that banks rely on to conduct transactions internationally. And the risk of getting caught, so far, appears low. (Don’t do this, of course. We don’t condone theft of any kind; we’re just making conversation.)

In February of this year, hackers, possibly acting on behalf of a nation state, infiltrated the SWIFT network and attempted to execute a series of transactions that would have robbed the Bangladesh Central Bank of nearly $1 billion. A typo in their transactions alerted a security officer, and the Federal Reserve Bank of New York was able to block 30 of their transactions, totaling $850 million. Still, the thieves made off with $101 million, of which only $38 million has been recovered. The thieves remain at large.

SWIFT in Name But Not in (Security) Practice

Founded in 1973, the Society for Worldwide Interbank Financial Telecommunication, more commonly known as SWIFT, is a secure international messaging network for conducting financial transactions. Over the past few decades, the network has grown from 239 customer banks to over 11,000 financial institutions across 200 countries. Banks rely on SWIFT to conduct financial transactions, including multi-million dollar exchanges. In 2015, the network transmitted over 6.1 billion messages.

But security is uneven, and in some cases, hopelessly substandard. In the Bangladesh Central Bank heist, the bank was operating without a firewall and using $10 second-hand network switches. Until a few months ago, the network did not require two-factor authentication (2FA) or additional authentication checks for high-value or anomalous transactions. Not surprisingly, SWIFT credentials were easily compromised without detection. Considering the vast wealth that the network ultimately controls, its security standards have been shockingly low.

SWIFT argues that’s not its job. Although the network advertises itself as “the world’s leading provider of secure financial messaging services,” some SWIFT board members such as Arthur Cousins have maintained that SWIFT is simply a network; SWIFT customers therefore, are responsible for ensuring that security practices and tools are implemented correctly. If institutions fall short, regulators should penalize the institutions, not SWIFT. 

Other board members agreed that the organization did not necessarily consider security their responsibility. And the organization’s security guidelines, limited as they were, were sometimes undermined by the limited budgets and resources of the smaller institutions they served. "The difficulty is always to keep the security system very effective when you deal with little banks and emerging countries," according to former SWIFT board member Alessandro Lanteri. "There, it is very difficult to be sure that all the procedures of security are managed in the correct way."

Leonard Schrank, CEO of SWIFT from 1992 to 2007, has a different opinion. Schrank believed security was part of SWIFT’s job. He told Reuters: “The board took their eye off the ball. They were focusing on other things, and not [on] the fundamental, sacred role of SWIFT, which is the security and reliability of the system.”

The attack on the Bangladesh Central Bank was not an isolated incident. There have been other successful attacks on the SWIFT system in recent years. In January 2015, thieves siphoned $12 million from Ecuador's Banco del Austro. In December, thieves almost managed to steal $1.4 million from Vietnam's Tien Phong Bank.

Clearly, something must change.

In May 2016, 14 months after the attack on the Ecuadoran bank, SWIFT management took action. The organization announced a new Customer Security Program comprising five initiatives that will be rolled out over time:

• Improving information sharing among SWIFT customers
• Improving SWIFT security tools for customers
• Improving guidance and establishing an assurance framework for measuring customer security capabilities against best practices
• Automating pattern recognition for transactions and introducing Daily Validation Reports
• Improving support for third-party providers

As part of this initiative, SWIFT is raising the security requirements for software interfaces to the SWIFT network. It will now require customers to implement two-factor authentication (2FA) solutions

These attacks on SWIFT should be a wake-up call—not only to the SWIFT management team and the financial institutions that make up SWIFT’s customer base. It should remind providers of critical services in all industries, from financial services to energy to healthcare, that hackers will attack if they perceive value in attacking. Multi-layered security is essential to protect any IT system or resource of value.

The biggest threats today don’t come skulking through the front door demanding a teller to empty the cash drawer. Instead, the threat is working around the clock in unknown locations, and will quietly take advantage of any IT oversight to abscond millions, even hundreds of millions of dollars. Be ready.

Money isn’t the only valuable commodity moving in and out of banks. Content like loan applications and account statements with personally identifiable information (PII) are frequently transmitted between banks and their customers, as well as between banks with little attention paid to security.

Accellion provides financial institutions such as Needham Bank, Middlesex Savings Bank, National Credit Services, Finance Factors, and others a solution to share sensitive information securely. With kiteworks, Accellion’s private cloud content collaboration platform, financial service professionals can seamlessly process loan applications with customers and third parties, collaborate on documents with colleagues in real-time, and improve productivity across all devices, while mitigating data breaches.

__

To learn more, please visit our solutions page.

Insurance companies are facing two big challenges, and both have to do with content. The first challenge is making content available to an increasingly mobile workforce, despite the fact that it is distributed across multiple content silos and protected by rigorous security controls. The second challenge is content security—keeping personally identifiable information (PII) safe from malicious or careless insiders, and dangerous outsiders like hackers and criminal syndicates. In this blog post, we will focus on the first challenge.

Challenge #1: Employees and Independent Contractors Need Convenient Access to Content

At the same time that companies need to make content more secure, they need to make it more accessible to employees and independent contractors.

Content accessibility has long been a challenge in the insurance industry. One example: insurance companies often grow through mergers and acquisitions. Combining companies often produces disparate IT systems, which can be difficult and expensive to integrate. All too often, insurance company employees and independent contractors have to make do, accessing information in “stovepipes,” un-integrated enterprise content management (ECM) systems, such as Windows File Shares, Microsoft SharePoint, Box, Open Text, etc., managed with their own access controls and usage policies.

The “stovepipe” approach to content management makes access and management more complex, and often impedes efforts to leverage content for Big Data analysis. Consultant and author Joe McKendrick described the problem this way in a column for Insurance Networking:

The issue may be too many stovepipes across the industry. I've spoken with many insurance CIOs . . . who had five or more policy administration systems under their domain, the result of acquisitions and new product line launches. These separate systems continue to function for their narrow product lines. This also reflects the challenges in getting to a single enterprise view of these applications and data sets, to facilitate analytics.

The typical knowledge worker is spending 1.8 hours per day looking for information. In the insurance industry, this number might be even higher because of the unusually high volume of content (e.g. documents such as forms and claims) in a typical insurance organization.

But distributed ECM systems are just part of the content access problem facing insurance companies. Distributed devices are another critical component.

The typical mobile worker is now carrying three mobile devices: a smartphone, a tablet, and a laptop. For 40% of these workers, at least one of these devices is personally owned rather than provisioned by the company. To be useful, all of these devices need access to the data that employees create, review, and manage every day. Synchronizing data across devices can be difficult, though, if that data is locked away in different ECM systems with different passwords and permissions. Accessing those content systems remotely through VPNs only compounds the difficulty, especially on mobile devices where VPN access is notoriously cumbersome and slow.

To improve productivity, insurance companies need a way to give authorized employees and independent contractors convenient, secure access to the content they need, across all their devices, all the time. Integrating all of an organization's content silos to achieve this universal access seems unlikely. Such a project would cost millions of dollars and take years to complete, disrupting existing workflows in the process. It would also be extremely risky given how integrated these systems are with other IT systems. Employees and independent contractors need access to information now, and IT organizations need a way of providing that access without depleting their budgets or introducing unnecessary risk.

The Solution: Private Cloud Content Collaboration

Fortunately, technology is currently available to address the challenges of data access.

To improve productivity, insurance companies should implement a content collaboration solution that spans ECM systems and provides uniform content access for employees. A content collaboration solution makes it easier for employees and independent contractors to find and use the content they need, whether they’re in the office or working remotely.

kiteworks, Accellion’s enterprise-class, private cloud content collaboration platform securely extends legacy content systems, without requiring any migration of content. By keeping enterprise content in their systems of record, employees and independent contractors can maintain their existing workflows and processes, while IT organizations can avoid risky and costly migrations.

More than 15 million business users and 2,500 of the world’s leading enterprises—including insurance companies such as Pacific Life, Kaiser Permanente, Tower Group, Sequoia, and many more—trust kiteworks to securely connect people to enterprise information from any device. 

To help insurance companies and other enterprises address the challenges of content access, kiteworks provides:

• Single Pane of Glass View Employees and independent contractors gain universal access to content stored in ECM platforms such as Microsoft SharePoint and Documentum, file shares, home drives, and cloud storage services, including Microsoft OneDrive for Business, Google Drive for Work, Dropbox, and Box. Employees and independent contractors can easily access content from all these systems through a common interface that enables the ease of access IT organizations have long needed.
• Seamless External Collaboration Insurance companies can extend their existing ECM systems to external users to enhance collaboration with consumers, agents, adjusters, inspectors, brokers, and other third party partners. With kiteworks, employees and independent contractors can find, share, edit, and collaborate on content from any location, using any device. Features such as activity view, task management, notifications, and others enhance collaboration with partners, enabling projects to be completed quickly and efficiently.
• Secure Access Across All Devices Insurance companies can enhance user productivity, without compromising security with native mobile apps designed for their business units. A mobile-first user interfaces enables users on smartphones to perform file and folder operations quickly and easily.
• Leverage Private Cloud Whether on-premises or in a dedicated hosting facility, private cloud content collaboration helps ensure the security, confidentiality, integrity, and availability of enterprise content. kiteworks customers have full control over their content and the encryption keys used to encrypt it.

Enterprises of all sizes will continue feeling pressure to increase productivity and operational efficiency. External content collaboration—delivered through kiteworks—can help insurance companies address both these challenges and make their employees more productive and successful.

To learn more about the kiteworks solution, please contact us.

We recently announced that our private cloud content collaboration platform, kiteworks, is now available on the Microsoft Azure Marketplace.

For the uninitiated, Microsoft Azure is an enterprise-grade public cloud platform and infrastructure that offers numerous integrated cloud services including: analytics, computing, database, mobile, networking, storage, and web that enable users to save time, money and storage space when building, deploying and managing enterprise web and mobile applications. Not surprisingly, the Microsoft Azure Marketplace is Microsoft’s online store for thousands of certified, open-source software applications, developer services and data, all pre-configured for Microsoft Azure.

With the availability of kiteworks on the Microsoft Azure Marketplace, Azure customers all over the world now have access to kiteworks to access and collaborate on files internally and externally from the web, a desktop computer or a mobile device. In turn, Accellion customers can now take advantage of the scalability, high availability and security of Azure, with streamlined deployment and management.

So what can Azure customers do with kiteworks? The easy answer is: enhance collaboration and employee productivity while achieving and maintaining the highest levels of security and content management.

More specifically, kiteworks provides enterprise users secure VPN-less access to content stored in SharePoint, SharePoint Online, Windows File Shares, OneDrive, Office 365, Documentum, Open Text, Box, and Dropbox, among others. With a universal, single pane of glass view into these and other content systems, kiteworks users can extend these legacy content systems by accessing, editing, sharing and collaborating with internal and external partners on content without having to migrate any of that content to a new platform. The result is a workforce that can collaborate more securely, efficiently and effectively, which in turn makes employees more productive and successful.

The best endorsement for kiteworks and the value it brings to Microsoft Azure comes from none less than Microsoft’s corporate vice president and chief evangelist, Steve Guggenheimer:

We’re excited to offer Accellion and its award winning kiteworks content collaboration platform in the Microsoft Azure Marketplace. With kiteworks, Azure customers have the ability to connect and collaborate with content stored on-premises and in the cloud without requiring a VPN solution. Having a single solution that provides universal access to content stored in SharePoint, SharePoint Online, Azure, OneDrive for Business and many other on-premises and cloud content stores improves collaboration and streamlines workflows. With this ease of access and what it means for employee productivity, we see kiteworks enhancing Office 365 and driving adoption and penetration of SharePoint and we're excited about that.

As more enterprise organizations transform into a digital workplace, they will inevitably embrace the cloud and Microsoft Azure and look for ways to collaborate with colleagues. With kiteworks now integrated with Microsoft Azure and available on the Azure Marketplace, Accellion can help more customers extend their existing content systems to enhance their data security and productivity. And that’s something we’re excited about.

To learn more about kiteworks and its many integrations with Microsoft products and services, including Microsoft Azure, please visit our Solutions for Microsoft page.

Once a rare form of malware found primarily in Eastern Europe, ransomware is becoming more common, more stealthy, and more costly. In 2015, there were about 1,000 attacks per day, according to Symantec. In 2016, there have been days with 4,000 attacks. Most attacks are against individuals and feature demands for about $300. But attacks against corporations, including healthcare organizations, are increasing. In a recent HIMSS survey, about 75% of hospitals said they had either been attacked by ransomware or were not sure if they had been. 

The story of Hollywood Presbyterian Medical Center shows what’s at stake when healthcare organizations become victims of ransomware. In February 2016, the hospital was hit by a ransomware attack that shut down critical systems for patient care. “The disruption was so severe that the hospital's central medical records system was largely unusable for 10 days, and some patients were transferred to other facilities for treatment,” according to the LA Times. 

The attackers demanded $3.4 million to release the systems. The hospital countered with a smaller offer—40 Bitcoins or about $17,000—which the attackers eventually accepted. That agreement demonstrated to the world that ransomware against healthcare organizations pays.

As Kim Zetter, writing for Wired, points out:

Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.

Hospitals also make an attractive target for ransomware because they are filled with specialized medical equipment, much of which is running old, unpatched software with no protection against malware. Once connected to the network, this equipment can become infected. Attackers can shut down the equipment in order to demand a ransom or use the equipment as a base for launching attacks against other IT resources in the hospital.

Ransomware was profitable long before attackers began targeting hospitals. For example, the FBI has estimated that in just six months in 2014, the authors of CryptoLocker ransomware earned $27 million from extorting victims. Now that attackers are targeting hospitals and other enterprises, the revenue from ransomware is only going to increase.

How can hospitals and other healthcare organizations protect themselves?

Four Steps for Preventing Ransomware Attacks

It’s important to remember that ransomware is simply a form of malware—malicious software that spreads the same way that traditional malware spreads, namely through phishing and other network-borne attacks. To defend against ransomware, enterprises can begin by ensuring that basic anti-malware controls are in place.

To minimize the risk of a ransomware attack, healthcare organizations, pharmaceutical companies and other enterprises should follow these steps:

1. Deploy rigorous network security controls, including state-of-the-art firewalls and intrusion detection systems to block malware and other network-borne attacks.
2. Ensure that end user devices, including desktops, laptops, tablets, and smartphones, include anti-virus (AV) technology that scans for malware and stops it if/when it’s identified.
3. Train employees to be wary of clicking on links and attachments in suspicious emails. Again, most ransomware is spread through phishing attacks. Teaching employees not to click on an unexpected invoice file or spreadsheet is an important part of defending against ransomware and other forms of malware.
4. Ensure that every important file is regularly backed up, and that these backed-up files are routinely scanned for malware so that restoring files does not retrigger a ransomware attack.

Hospitals and other HCOs can keep their patient data and other enterprise content safe by deploying a secure content management platform such as kiteworks by Accellion. kiteworks is a critical solution for top HCOs like Kaiser Permanente, Seattle Children's Hospital, Indiana University Health, Trinity Health, and many others as it provides comprehensive security and visibility over the files that healthcare employees use everyday. kiteworks provides these specific features to counter malware:

• AV scanning on mobile devices and for all files uploaded through kiteworks to any Enterprise Content Management (ECM) platform, such as Microsoft SharePoint, Documentum and OpenText being managed through kiteworks.
• Secure containers, restricted area storage and memory that isolates and protects content from other content, including personal content, on mobile devices.
• Controls to block employees from uploading suspicious content types to any ECM platform or cloud service, such as Google Drive, being managed through kiteworks.

In addition to these anti-malware features, kiteworks has an exhaustive list of data security and data privacy features that help hospitals and other healthcare organizations comply with HIPAA.

To learn more about kiteworks, please contact us.

Insurance companies are facing two big challenges, and both have to do with content. The first challenge is making content available to an increasingly mobile workforce, despite the fact that it is distributed across multiple data silos and protected by rigorous security controls. The second challenge is content security—keeping personally identifiable information (PII) safe from malicious or careless insiders and dangerous outsiders, like hackers and criminal syndicates. Last month, we addressed the first challenge. In this blog post, we will focus on the second challenge.

Challenge #2: Data Breaches Are Common and Costly

The headlines tell the story–along with retailers and hospitals, insurance companies are under attack from hackers and criminal syndicates. Successful data breaches against insurance companies have yielded private data on hundreds of millions of consumers and led to regulatory penalties and costly lawsuits. In a few cases, hackers did not have to break into company networks at all; security lapses exposed unencrypted data to the public.

Here are some recent example of data breaches affecting insurance companies:

• When hackers breached Anthem’s network using a simple password hack, they were able to steal unencrypted personally identifiable information (PII) for 78.8 million current and previous customers and employees. The breach, which affected approximately one in four Americans, was the largest in healthcare history. Mitigation costs are projected to exceed $100 million—the amount covered by the company’s data security insurance through AIG. The company is still facing a fine that could reach $1.5 million for violating the data security rule of the Health Insurance Accountability and Portability Act (HIPAA). In addition, several class action lawsuits are pending. They could end up costing the company billions of dollars.
• Centene Corporation lost six unencrypted disk drives cumulatively storing customer records for approximately 950,000 members. Announcing the loss in January 2016, the company noted that the disk drives “contained the personal health information of certain individuals who received laboratory services from 2009-2015 including name, address, date of birth, Social Security number, member ID number and health information.” The company is offering free healthcare and credit monitoring to consumers affected by the breach. Regulatory investigations are pending.
• Excellus Blue Cross Blue Shield was probably breached sometime in 2013. Over the next two years, hackers stole PII of over 10 million consumers, including some Social Security numbers and credit card information. Information about the cost of the breach is still pending. The Ponemon Institute has estimated that the typical cost of a data breach in the healthcare industry is $363 per record. Were this estimate to apply to the Excellus breach, the total cost could approach $4 billion.
• Premera Blue Cross Blue Shield was hit by a data breach affecting 11 million customers, the company announced in March 2015. For the previous year, hackers may have had access to “claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other data.” The breach was the largest to date involving patient records.
• WellPoint failed to protect over 600,000 medical records from Internet access. For this violation of Health and Insurance Portability and Accountability Act (HIPAA) Security Rule, the U.S. Department of Health and Human Services (HHS) fined the company $1.7 million.
• Zurich Insurance lost an unencrypted backup tape with PII for 46,000 customers in 2010. The UK Information Commissioner’s Office (ICO) fined the company £2,000,000, then the Financial Services Authority hit the company with a separate fine of £2,275,000.

The risks here are obvious. Hackers are targeting insurers for valuable PII. On the black market, healthcare records now sell for 10-20 times as much as credit card records, in part because EMV technology is making credit card fraud more difficult to perpetrate.

But PII can be divulged even without hackers. Removable media like the unencrypted disk drives used by Centene Corporation create their own content security risks. In its annual report on data breaches, Verizon noted 9,701 incidents of laptops, backup tapes, or other media being lost or stolen in 2015. The problem is most widespread in government and healthcare. (For more about the data security risks of removable media, see our blog post: Keeping Enterprises Safe from Risky Removable Media.)

Clearly, insurance companies need to redouble their efforts at data security. Strengthening password protection, encrypting data, using secure cloud storage instead of removable media—these and other security best practices would greatly reduce the chances of a company succumbing to a data breach.

The Solution: Secure Content Collaboration

Fortunately, technology is available to address the challenges of content security.

To prevent costly data breaches, insurance companies should implement a secure content collaboration solution that spans ECM systems and provides uniform, secure content access for employees. A secure content collaboration platform protects PII and other content from data breaches by enforcing state-of-the-art security controls to protect that content wherever it is—in the cloud, in transit, on a desktop, laptop, tablet or mobile device.

kiteworks, Accellion’s enterprise-class, private cloud content collaboration solution enables secure collaboration among employees and authorized external parties. The kiteworks solution also enforces data sovereignty for global deployments, ensuring that data governance complies with local laws and regulations.

More than 15 million business users and 2,500 of the world’s leading enterprises—including insurance companies such as Pacific Life, Kaiser Permanente, Sequoia, and many more—trust kiteworks to securely connect people to enterprise information from any device. Accellion has been named a leader in the Enterprise File Sync and Sharing category by Forrester Research and won top awards for security and knowledge management.  

To help insurance companies and other enterprises address the challenges of data security, kiteworks provides:

• External Content Collaboration with Private Cloud
kiteworks improves collaboration by providing enterprise users, project teams, and virtual data rooms with powerful, secure file sharing. Users can easily share files with other authorized users. Threaded discussions in workspaces give mobile workers instant access to the context of content so they can understand how and why files have changed.
• Secure Access Across All Devices kiteworks enables employees to access content and collaborate securely from any mobile device—without a VPN. kiteworks protects PII and other confidential data by storing it in secure containers (protected storage areas and protected memory) on mobile devices, and includes automatic malware scanning to ensure that on-device data is always safe.
• Enterprise Data Security and Compliance Insurance companies can protect sensitive information and intellectual property with enterprise-grade security features, including encryption of data in transit and at rest, granular access controls, monitoring of content distribution, digital watermarking, secure editing on mobile devices, and integration with other enterprise IT solutions, such as single sign-on and Data Loss Protection (DLP).
• Leverage Private Cloud Whether on-premises or in a dedicated hosting facility, private cloud content collaboration helps ensure the security, confidentiality, integrity, and availability of enterprise content. kiteworks customers have full control over their content and the encryption keys used to encrypt it.

The risk of data breaches will continue. And enterprises of all sizes will continue feeling the pressure to secure their most sensitive content while increasing productivity and operational efficiency.

Secure content management—delivered through kiteworks—can help insurance companies address both these challenges and make data access both rigorously secure and convenient.

To learn more about the kiteworks solution, please contact us.

Receives high marks for secure content collaboration in private cloud

Accellion, Inc., the leading provider in private cloud content collaboration, today announced that it has been positioned for the third consecutive year in the “Leaders” sector of the 2016 Aragon Research Globe^™ for Mobile Content Management report. The Aragon Research Globe is a market evaluation tool that graphically depicts Aragon Research’s evaluation of a specific market and its component vendors.

This year, the report examined 17 providers in Mobile Content Management who were judged on three sets of criteria: strategy, performance and global reach. Based on the evaluation, companies were placed into one of four sectors: Leaders, Contenders, Innovators, and Specialists.

“Accellion has continued its push to make its flagship offering kiteworks one of the most secure on the market, and has continued its innovation march with the ability to monitor documents that are stored in Microsoft SharePoint, OpenText, Documentum, and other cloud-based and on-premise ECM Systems,” said Jim Lundy, CEO and Lead Analyst, Aragon Research. “That, combined with the ability to offer a private cloud deployment and advanced security features make kiteworks an ideal solution in high consequence industries.”¹

Aragon Research recognizes content plays a critical role in many business processes and transactions and mobile content management is accordingly becoming one of the “go-to” applications to help enterprises share content faster, both internally and externally. These organizations are increasingly selecting Accellion and its private cloud content collaboration platform, kiteworks, to enhance secure collaboration between employees and their external partners without requiring a costly content migration that disrupts workflows and jeopardizes data loss.

“Leading enterprises globally are embracing the transformation to the digital workplace to enhance collaboration, workflows, and overall productivity,” commented Hormazd Romer, Vice President of Marketing. “kiteworks plays a critical role in enabling organizations to achieve this digital transformation with a content collaboration platform that not only streamlines collaboration with external partners but also extends existing content systems without a risky and costly migration.”

Click here to receive the newly published 2016 Aragon Research Globe^™ for Mobile Content Management report.

¹ "The Aragon Research Globe™ for Mobile Content Management, 2016 – Transformation Unleashed,” Jim Lundy, December 5, 2016

Aragon Research does not endorse vendors, or their products or services that are referenced in its research publications, and does not advise users to select those vendors that are rated the highest. Aragon Research publications consist of the opinion of Aragon Research and Advisory Services organization and should not be construed as statements of fact. Aragon Research provides its research publication and the information contained in the “AS IS,” without warranty of any kind.

About Aragon Research

Aragon Research is the newest technology research and advisory firm. Aragon delivers high impact interactive research and advisory services to provide enterprises the insight they need to help them make better technology and strategy decisions. Aragon Research serves business and IT leaders and has a proven team of veteran analysts. For more information, visit http://www.aragonresearch.com. 

An enterprise IT department, regardless of size or industry, has a number of responsibilities. That said, the mandate for any IT department boils down to one critical, albeit complicated, task: manage and secure enterprise content, devices, and connections. Without data security, nothing else matters.

Securing enterprise content is unfortunately more easily said than done. With the proliferation of personal devices, i.e. employee-owned laptops, tablets, smartphones, and even wearables in the workplace, IT departments have struggled. In short, the rise of Bring Your Own Device (BYOD) computing has essentially consumerized IT. Therefore if you work in enterprise IT and your mandate is to keep content, devices and connections secure, the consumerization of IT is not a welcome change.

Today, sensitive content travels everywhere employees go, even after hours and on weekends—all outside of the purview of IT. With employees doing work on their own devices, they are inevitably using cloud-based consumer services to share and collaborate on enterprise content. That’s a big problem. There are a number of risks inherent with consumerized IT:

• Data breaches on unsecure networks.
• Data breaches from lost or stolen devices.
• Data breaches from consumer cloud File Sync and Sharing services.
• Mobile malware infections.
• Compliance violations for lack of data security, data governance, and/or data sovereignty.

To minimize the exposure to data breaches, enterprise IT organizations need to re-take control of enterprise content. But employees are not about to give up their personal devices. Besides, many enterprises are interested in preserving the productivity gains those devices and even some shadow IT solutions have enabled. Therefore, retaking control means adjusting and refining IT’s approach to consumerized IT, not replacing it.

With that in mind, enterprises should do the following to regain control of their enterprise content:

1. Embrace private clouds as a path to secure hybrid clouds.

By incorporating both private and hybrid clouds into the IT infrastructure, IT departments significantly enhance their data security and mitigate the risk of a data breach. Private clouds give enterprises full control of their content; content is not co-mingled on multi-tenant public clouds. As a result, they enable enterprises to enforce encryption and other security controls, such as role-based content and device policy enforcement – many of which public cloud service providers cannot or do not provide.

By comparison, hybrid clouds are increasingly popular because they allow enterprises to create the secure environment they want in private clouds, but then can scale those environments as needed using trusted, carefully vetted public cloud resources. A truly hybrid solution provides organizations with 100% flexibility to configure a deployment that meets their unique business needs. For example, they can minimize infrastructure costs while integrating with on-premises systems; keep the most sensitive content on-premises while moving most compute costs to the cloud; provide elastic capacity to handle bursts of demand; leverage existing infrastructure in their primary data center but use hosted capacity for remote offices; and other scenarios.

One additional consideration: private clouds and hybrid clouds are not only more secure than public clouds; research has shown they also deliver better ROI.

2. Balance security and convenience with BYOD use.

Mobile devices that are used for work and play are taken everywhere. They are storing enterprise content and login credentials to even more enterprise content. As long as these devices are unprotected, enterprise content is at risk.

Personal devices don’t have to be banned; they have permeated the workforce and do wonders for employee collaboration and productivity. What enterprises can change and control is how business content is handled and secured. This new generation of services combine the ease-of-use of consumerized IT with the rigorous security and control of traditional enterprise software.

kiteworks by Accellion

Accellion’s private cloud content collaboration platform, kiteworks, helps enterprise IT departments regain control of their enterprise content. kiteworks enables enterprises to provide their employees with a consumer-like user experience but with enterprise-grade security to ensure data security and compliance. kiteworks boasts a number of security features and capabilities, including but not limited to:

• Sole ownership of encryption keys
• Integration with leading Data Loss Prevention (DLP) providers
• Anti-virus (AV) protection
• File locking
• File tracking and reporting
• Two-factor authentication
• File/folder expiration
• Secure, single pane of glass access to on-premises and cloud-based ECM systems
• User-friendly Digital Rights Management (DRM)
• Secure containers on mobile devices
• Remote wipe
• Access controls for content on desktops and on mobile devices
• Data sovereignty

With kiteworks, IT organizations are better equipped to manage enterprise content in a world of consumerized IT. Enterprise organizations such as Procter & Gamble, KPMG, Kaiser Permanente, Pacific Life Insurance, Cargill and many others view kiteworks as the critical component in preserving the productivity gains of today’s mobilized workforce while re-establishing the security and compliance practices essential to any well-run enterprise.

To learn more about the consumerization of IT and how Accellion addresses this critical business problem, download a copy of “Regaining Control of Enterprise Content: Bringing Governance to Consumerized IT” by clicking here.

The Pharmaceuticals industry depends on three things: data, collaboration and security. Okay, perhaps four things, the fourth being drugs that work but that’s by and large dependent upon the first two things. Data includes bioinformatics, medicinal chemistry data, in vitro testing data, clinical trial data, marketing data, New Drug Application (NDA) data, and other regulatory and financial filings. Collaboration involves working with third parties such as research firms, contract research organizations (CROs), law firms, marketing organizations, as well as with individual patients, physicians, and others. Security entails protecting intellectual property like formulas, clinical trial data, patent and FDA applications and other proprietary information that would destroy a pharma company should this information ever be lost or stolen.

Increasingly, Pharma professionals and clinical trial patients are using personal devices to access, share and collaborate with one another on data. With the typical mobile worker carrying three devices: a laptop, a tablet, and a smartphone, mobile device use (commonly known as “BYOD” or “bring your own device”) is occurring whether pharma companies allow it or not. As a result, they may as well embrace the practice. But pharma companies shouldn’t despair – there are a number of benefits to BYOD.

3 Reasons Why Pharma Companies Need BYOD

1. BYOD helps Pharma employees collaborate more effectively. 
   Successful collaboration requires that the right people have the right data at the right time.  Mobile devices give employees access to data wherever they are and whenever they need it. And since they facilitate collaboration through email, messaging, and file-sharing, mobile devices can help employees work together efficiently and effectively.
    
2. BYOD saves organizations money. 
   In a recent IDC survey, 69% of IT departments polled saw a reduction in operational expenses (opex) or capital expenses (capex) as a result of implementing BYOD programs. These cost savings make sense. Allowing workers to use their own mobile devices for work make the organizations more agile. And when employees purchase their own devices, capex declines.
    
3. BYOD simplifies eClinical Outcome Assessment (eCOA) data collection. 
   For many years, BYOD has been used for market assessment and late stage assessments. Some Pharma companies however are now exploring the use of BYOD for Phase 2 and Phase 3 assessments. With the ubiquity of Android and iOS devices it’s now possible to collect data through secure apps, reducing overhead and streamlining trial management.

While the upside to BYOD use is increased efficiency, productivity, and getting drugs to market quickly, there is a downside – enhanced risk of data loss. As a result, pharma companies need advanced BYOD security to ensure the integrity of their data. 

5 Reasons Why Pharma Companies Need BYOD Security

1. Pharma companies must comply with laws and regulations. 
   Pharma companies must meet arduous data security and data privacy requirements established by the Health Insurance Portability and Accountability Act (HIPAA) as well as national and regional laws such as the EU Data Privacy Directive (EU 95/46/EC). Under these regulations and laws, Pharma companies must protect the Personally Identifiable Information (PII) and Protected Health Information (PHI) of their patients and customers. They cannot afford to have employees connecting personal devices holding confidential data to unsecure Wi-Fi networks. Similarly, they cannot afford to have employees lose their devices to theft or misplacement. Ultimately, a Pharma company endorsing BYOD must be just as secure as a Pharma company not endorsing BYOD.
    
2. Security attacks are becoming more sophisticated, frequent, and costly. 
   Protecting data is becoming more and more difficult. Data breaches and ransomware attacks are affecting enterprises in all industries, particularly healthcare. The Identity Theft Resource Center estimates that data breaches in 2016 are up 16% compared to 2015. As a result, protecting PHI is absolutely critical for pharma and healthcare companies to remain viable.
    
3. Mobile malware is on the rise. 
   Mobile malware poses a significant risk to mobile devices. In fact, malware targeting mobile devices has grown more than five times the rate that PC malware grew. To put this into perspective, in 2015, Trend Micro identified over 20 million infected apps for mobile devices. This malware includes ransomware, which has spread to critical IT systems and crippled the operations of thousands of organizations.
    
4. Hackers are targeting healthcare companies for healthcare records. 
   PHI can sell for 5, 10 or even 50 times more than credit card data on the black market. Even a little data can be profitable: An NPR story reported the offer of 10 stolen Medicare records for $4,700. A stolen medical record can be used to purchase medical equipment and drugs, which in turn can be sold for a profit. And stolen records might go undetected for months or years—far longer than stolen credit card data.
    
5. Hackers are targeting Pharma companies for industrial espionage. 
   The FBI estimates that industrial espionage costs companies between $2 billion and $400 billion annually. In its 2016 report on data breaches, Verizon’s security team reported that 89% of data breaches were motivated by espionage or some other financial gain. Because drug research is so complicated, time consuming and so valuable commercially, Pharma companies are considered high-value targets for hackers.

The kiteworks Solution for BYOD Enablement and Security

kiteworks by Accellion is a private cloud secure content collaboration platform that enables Pharma companies and other organizations to share their content with external partners seamlessly, with the highest levels of security and control.

With kiteworks, organizations can extend their existing content systems without costly content migrations or disruptions to workflows. Leading Pharma companies use kiteworks to provide BYOD security to their employees, partners, trial participants, and other trusted users.

The kiteworks platform, which supports both private and hybrid cloud deployments, provides the following essential security and collaboration features:

• Centralized Security and Management
  With kiteworks, Pharma companies can protect sensitive information and intellectual property, in transit and at rest, with enterprise-grade security and encryption to meet rigorous data security and compliance requirements.
• Single Pane of Glass View
  kiteworks provides centralized access to multiple on-premises and cloud-based content systems through a unified, “single-pane-of-glass” view, from any device and any location without requiring a VPN, providing employees easy access to enterprise information. For pharma companies, these systems typically include Documentum, SharePoint, OpenText, Windows File Shares, and others.
• Secure Access across All Devices
  kiteworks enables Pharma companies to achieve BYOD security and compliance while enhancing user productivity with native mobile apps designed for the enterprise. The kiteworks platform supports leak-proof editing on mobile devices to protect valuable enterprise content, leveraging a “secure container” that shields that content from unauthorized access or infection from malware.
• Seamless External Communication
  With kiteworks, Pharma companies can enhance business agility and accelerate time-to-value by enabling employees to collaborate with their partners, vendors, and customers easily and efficiently. With the cost and time required to develop drugs and get them to market, efficiency is critical.
• Private Cloud File Sharing
  Pharma companies can leverage kiteworks’ private cloud deployment architecture to meet stringent data security and data residency requirements. In addition, kiteworks gives companies sole control of their encryption keys to ensure that data is always in your custody.

To learn more about how the kiteworks platform helps Pharma companies and other enterprises to improve BYOD collaboration and security, contact us. 

We’re thrilled to announce Accellion has been named a Leader in Mobile Content Management by Aragon Research for the third consecutive year.¹

Mobile Content Management, or MCM, has evolved considerably in the last three years. Driving the evolution is the increased demand among organizations to enable access to content from any location using any device. As Jim Lundy, Lead Analyst at Aragon Research, sees it, “the Mobile Content Management market is maturing and growing as enterprises realize that content is at the center of Digital Transformation.” 

The ability to access content has always been a top priority for MCM vendors, however, content access alone is no longer sufficient. Digital transformation, i.e. deploying technology to enable customer and partner engagement across multiple channels with seamless access to applications and systems, is requiring organizations to have access to content stored in enterprise content management (ECM) solutions like SharePoint and Open Text as well as applications like Office 365 and salesforce.com. This shift stems from the growing need for employees to collaborate on content both inside and outside the organization. Aragon Research sees collaboration as the center of work and MCM providers have the distinct opportunity to make it easy for employees to collaborate and be productive. The more an MCM solution can integrate with these systems and applications and enable collaboration and productivity, the more value that solution provides.

Given MCM’s critical role in enabling collaboration, Aragon sees MCM (and MCM vendors) playing a central role in digital transformation. The MCM market is therefore well positioned for growth.

This year’s report examined 17 providers in Mobile Content Management who were judged on three sets of criteria: strategy, performance and global reach. Based on this criteria, companies were placed into one of four sectors: Leaders, Contenders, Innovators, and Specialists.

Aragon identified Accellion as a Leader, which Aragon defines as a vendor who possesses “comprehensive strategies that align with industry direction and market demand, and performs effectively against those strategies.” Accellion received high marks for data security, integration capabilities with platforms and processes without any content migration, and multiple cloud deployment options. Aragon also noted Accellion’s strengths in mobile application support and rights management.

“Accellion has continued its push to make its flagship offering kiteworks one of the most secure on the market, and has continued its innovation march with the ability to monitor documents that are stored in Microsoft SharePoint, OpenText, Documentum, and other cloud-based and on-premise ECM Systems. That, combined with the ability to offer a private cloud deployment and advanced security features make kiteworks an ideal solution in high consequence industries.” 

Click here to receive the newly published 2016 Aragon Research Globe^™ for Mobile Content Management report.

¹ "The Aragon Research Globe™ for Mobile Content Management, 2016 – Transformation Unleashed,” Jim Lundy, December 5, 2016

Please note: Aragon Research does not endorse vendors, or their products or services that are referenced in its research publications, and does not advise users to select those vendors that are rated the highest. Aragon Research publications consist of the opinion of Aragon Research and Advisory Services organization and should not be construed as statements of fact. Aragon Research provides its research publication and the information contained in the “AS IS,” without warranty of any kind.

Lately when businesses have discussed improving the customer experience, increasing efficiencies, attracting and retaining talent, and generally staying competitive, the term “digital transformation” has come up. Like Web 2.0, cloud computing, and social media, digital transformation can be the type of initiative that businesses discount or ignore at first. Those that are reluctant risk being left behind.

The increase in disruptive technologies – many brought upon by the emergence of cloud computing and SaaS applications – has created new business models and enabled opportunities for businesses and consumers in nearly every industry. As a result, competition has intensified and forced businesses to find alternative approaches to innovate processes and enhance customer experiences. In order to stay relevant and grow, businesses are required to undergo a digital transformation.

But what does “digital transformation” really mean? By definition, “digital transformation” is the reinvention of an organization through the use of digital technology to improve the way it performs and serves its constituents. (The term “digital” can be generally considered to mean technology that generates, stores and processes data.) Within these parameters, businesses need to enable customer and partner engagement across multiple channels – web, laptop and mobile – to seamlessly access and leverage applications and systems to achieve an end goal, whether it’s buying a product or accessing a service.

While most businesses operate in a digital workplace already: computers, software, hardware, email, VoIP, apps, mobile devices and so on, many of these tools and the infrastructure that hosts them are now required to deliver agility and speed with greater security. There is a growing need for businesses to use both legacy and new technologies to enable digital sharing and collaboration between employees and with their customers and ecosystem partners.  This introduces a new set of challenges involving security, privacy and data protection. Therefore, it is critical that businesses transform to a more modern, efficient and frankly secure workplace in order to enable digital collaboration and a superior customer experience. 

The need for agility demands that businesses deliver a digital experience now. But the process of transforming a digital infrastructure has its own challenges as every enterprise has to deal with a vast hybrid environment comprising legacy systems, and on-prem and SaaS applications. 

IT faces the following key challenges when it comes to digital transformation:

•       Extending legacy systems and custom workflows to customers and partners;
•       Allowing businesses to choose best-of-breed applications, such as Office 365, salesforce.com, Workday and others;
•       Delivering a “single pane of glass” experience to the end user by allowing access to a hybrid environment comprising on-prem and in-the-cloud apps across multiple channels of engagement;
•       Ensuring data security and compliance with rigorous industry standards.

Adapt or Perish

So, what must happen for an organization to digitally transform its business?

Simply buying and deploying technology solutions doesn't achieve digital transformation. A rip-and-replace approach to transforming an enterprise’s existing infrastructure could take anywhere from 3-5 years to reap benefits from digital transformation. That’s time that organizations just don’t have. The best approach to a successful digital transformation therefore must involve an agile and blended approach that extends legacy systems and enables new apps that leverage technologies such as SaaS, IaaS and PaaS. A blended approach will place organizations in a better position to enable digital interactions between employees and their customers and partners that rapidly deliver value, accelerate time to market, improve the user experience, and gain a competitive advantage.  

The banking industry is a prime candidate for digital transformation. Financial technology (fintech) organizations like Square, Lending Club, PayPal, Google Wallet, Apple Wallet and many more have disrupted the banking industry with a vengeance, significantly impacting customer loyalty and bank profits. While traditional banks have embraced digital technologies by moving from automated tellers to on-line and mobile applications, banks have not digitally transformed.  

In a study conducted by Oracle and Efma, a non-profit organization serving the global financial services industry, researchers learned the majority of banks surveyed are using technology-driven marketing triggers for customer focused campaigns and machine learning algorithms for better product targeting however very few of the banks surveyed (none in fact from the US) are using real-time location information or social media activities for marketing. In fact, only 6% of organizations surveyed indicated that they used social media insight for understanding their customers or engagement. These banks are essentially leaving money on the table.

If traditional banks wish to remain relevant (read: in business), they need to transform. Many financial institutions for example are forging partnerships with fintech organizations to offer additional products. A greater selection of products that are easily accessed increases stickiness.

What does a digital transformation look like for a banking customer? Gys Hyman of Deloitte Consulting, paints a vivid picture in a recent article on digital banking:

A potential customer who opens a bank account in a matter of minutes—on a smartphone in a coffee shop with a selfie and optical recognition for physical ID—already likes her new bank. When her out-of-state ID triggers a personalized message, “It looks like you’re moving to our state—welcome!”—and invites her to click for information on pre-approved home loans, the customer relationship deepens. At the airport on her laptop a week later, when the customer reads the real estate statistics you sent, she now values the relationship. On her daughter’s 13th birthday, you let her know she’s eligible for a teen money management course, and she feels like she’s gained more than a bank.

This is digital transformation. It highlights how an organization can use digital technology to enhance innovation, creativity and customer satisfaction. Any organization, banking or otherwise, would be foolish not to embrace true digital transformation.

Security – a Growing Concern

The Oracle/Efma research also revealed over half of the banks surveyed were not using real-time analytics and only 6% of banks were using real-time analytics on a daily basis. Banks admitted their hesitation stemmed from concerns over a potential conflict with the privacy of client information, which is a growing concern for banks.

It cannot be overlooked that the digital transformation is occurring at a time when data breaches are increasing in both severity and frequency. A digital workplace therefore must be a secure workplace. And this is no longer the sole responsibility of the IT department. A recent study conducted by BMC and Forbes Insights revealed 69% of executives confirmed that digital transformation is creating fundamental changes to their security strategies.

Brian Downey, senior director of Product Management, Security Operations and Automation at BMC, elaborates, “given the amount of risk out there in the world today and the amount of angles they're getting attacked from, businesses are demanding an increasing level of accountability. In my mind, the operations team is the one that has control over shutting and locking the windows. That's their role. More and more customers feel that way."

Bringing it All Together with Secure Customer Engagement

Embracing digital transformation to enhance customer engagement enables organizations to realize a number of key benefits, including:

•       Accelerate sharing of data and ability to communicate across multi-channel environments;
•       Improve customer satisfaction by removing friction and delays in how information is exchanged;
•       Protect customer data and adhere to compliance standards when sharing and collaborating on sensitive information.

One of the fundamentals of digital transformation is enabling organizations to collaborate on content – customer data, financial records, contracts, sales forecasts, marketing materials, multimedia, etc. Driving increased efficiency, policy enforcement and security to drive trust and value in the digital age especially in highly regulated and segmented industries like banking and healthcare, isn’t just beneficial but an imperative. 

Next Steps

To learn how CIOs can digitally transform their businesses by significantly enhancing the way employees collaborate on content with their customers, partners and other stakeholders, please join us on January 31^st at 11am PT for an informative webinar. You can reserve your seat by registering here.

Latham & Watkins is the world’s largest law firm by revenue. Headquartered in Los Angeles, the firm employs more than 2,000 attorneys in offices all around the world. With so many attorneys representing clients on a variety of legal matters, the firm generates a lot of content: contracts, affidavits, deeds and much more. Traditionally, these documents were shared with clients using Latham’s Microsoft Exchange server. While this was a better option than email, it wasn’t the most secure, which was understandably a priority for a law firm.

Concerns regarding content security were further exacerbated by the rise of shadow IT, namely Latham staff using consumer cloud solutions to share and collaborate on sensitive legal documents. Latham had already restricted the use of these consumer file sharing applications and services but recognized the need to offer an alternative that was both effective and easy to use.

Interestingly, transparency was also a priority. Legal teams needed insight into which files they had sent had been opened or downloaded as these activities provided valuable insight into whether projects were progressing in a timely manner. Having granular visibility into who accessed, edited, sent and received documents, both inside and outside of the firm, also provided Latham’s IT department an audit trail – critical for the firm’s compliance requirements.

Accellion emerged as uniquely qualified to address Latham’s secure content collaboration needs. Josh Gerson, Senior Enterprise Application Analyst at Latham & Watkins, elaborates, “Our attorneys, partners and clients all work on the go and were asking for us to support collaboration from anywhere. This tool was the logical next step for us, as it would give our employees the power to share, edit and sync documents from any device of their choosing.”

Gerson reports the Accellion solution was quickly embraced. Users reported the solution was easy to use and in fact had begun to rely on Accellion for their daily communications.

As the firm strives to be more collaborative with its valued clients, Gerson sees Accellion enabling support of internal and external collaboration through workspaces, shared folders and mobile editing tools. For example, Latham is currently using Accellion as a virtual workspace or data room for its daily operations. A staff member requests a digital workspace in which s/he can securely create, edit, store, share and collaborate on documents with stakeholders of their choosing. Staff is able to work securely and efficiently and IT can easily enforce an expiration date of all files (currently 90 days) in the data room, in adherence to the firm’s strict file retention policies.

“Accellion has become an extremely valuable tool for our attorneys, with 3,500 workspaces participating and 28,000 files being processed at any given time. In addition, kiteworks is poised to meet our firm’s future mobility, security and collaboration needs.”

To Learn More

To learn more how Accellion helps Latham & Watkins share files and collaborate securely, download the case study.

Criminal Justice Information (CJI) is data used in the practice of criminal justice, including the investigation and prosecution of crimes. Modern mobile and cloud technologies present law enforcement with new opportunities to capture and communicate CJI, potentially speeding investigations, building better cases, and handling more cases with limited staff. 

These technologies however create new risks: data breaches can put investigations in jeopardy and individuals at risk.  New technologies can also be difficult to use.  Law enforcement can’t be tasked with time consuming technical work or extra documentation to ensure or demonstrate the chain of custody. Information sharing therefore needs to be intuitive and efficient so officers can focus on their jobs instead of the technology.  Fortunately, standards and tools are keeping pace. 

Recognizing that CJI must be protected from tampering and data leaks, the FBI, as long ago as 1998, began work on a security policy for managing CJI and controlling any IT systems that store or transmit CJI. Over the years, the Criminal Justice Information System (CJIS) Security Policy has become more thorough and detailed, accounting for new types of security threats and for new technologies such as cloud computing and personal mobile devices (BYOD). The most recent version of the CJIS Security Policy, version 5.5, was issued in June 2016.

In the words of the FBI:

The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. This Policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.

While protecting CJI in compliance with the CJIS Security Policy, today’s law enforcement agencies need to: 

• Make CJI securely available to authorized users, including users in different agencies and users working remotely. While mobile devices provide users the ability to access information and capture photos and videos, law enforcement needs a solution that enables CJI to be exchanged efficiently from the field while meeting strict data security and compliance requirements.
   
• Ensure that data security and data governance best practices are followed in any scenario. The latest cloud and mobile technologies can improve data access and productivity, but they most do so without creating new challenges for data security and data governance. This can be a challenge when CJI is shared between agencies on different systems, or on mobile devices in the field.
   
• Enforce the CJIS Security Policy consistently, across all internal platforms and cloud services in use. This is all the more challenging as data is distributed across a variety of Enterprise Content Management (ECM) platforms and file storage services, such as Microsoft SharePoint, OpenText, Documentum, Windows File Shares, Google Drive, Microsoft OneDrive, Box, Dropbox, and other content sources.

The Accellion kiteworks Solution and CJIS

Kiteworks by Accellion is an enterprise-class, CJIS-compliant content collaboration platform that leverages a private cloud deployment to enable secure content sharing with internal and external parties. With kiteworks, enterprises and government agencies can seamlessly access, share and collaborate on content stored in legacy ECM platforms without having to duplicate or migrate files, which is costly, risky and creates a disruption to workflows and processes. 

kiteworks leverages a law enforcement agency’s existing investments in ECM and email platforms with a content access and collaboration layer that supports authoring, collaboration, and workflow, and implements data governance including enterprise search for all content under management.  In addition, all content is audited, and can optionally be held to collect information for use in industry-standard eDiscovery tools.

With kiteworks, law enforcement professionals can securely capture and transfer CJI with their mobile phones. For example, photos are secured and automatically uploaded to the kiteworks server, bypassing the phone’s camera roll entirely. With no evidence available on the device, the risk of data leaks is eliminated, however a complete audit trail of the chain of custody remains.  Similarly, officers can remotely access, view, edit and share content stored in on-premise and cloud repositories, without having to download any files onto their phones. Once again, with no CJI stored on the phone, a lost, stolen, or hacked phone doesn’t present any security issues. Lastly, staff can collect, organize and share content with other departments, jurisdictions and attorneys general through web, office and email tools, again without leaks and with a full audit trail.

Government and law enforcement agencies such as the City of Pleasanton, Abbotsford Police Department, South Carolina Attorney General’s Office, Texas Juvenile Justice Department, the County of Sacramento and others rely on Accellion to ensure maximum information security and compliance for internal and external information sharing from any location, using any device. Strong security controls and the industry’s broadest deployment options enable organizations to ensure the protection of CJI, intellectual property, and other sensitive information. In addition, comprehensive management and control over all information sharing activities allow for the highest levels of data security and compliance.

The kiteworks platform includes a number of capabilities for law enforcement agencies, including:

• Enterprise-class security and governance features, including FIPS 140-2 certified encryption modules.
• Compliance with industry and government regulations, including SOX, HIPAA (with signed BAA), ITAR, SOC2, and PCI DSS Level 1. FedRAMP accreditation is formally “in process.”
• Secure connectors to enterprise content, including content stored in on-premises and cloud-based ECM systems such as SharePoint, SharePoint Online, Documentum, OpenText, Box, and Dropbox.
• Microsoft Office 365 integration.
• Content collaboration and productivity.
• Secure email attachments, including an intuitive Outlook plugin.
• Mobile applications with a secure container that separates law enforcement content from the rest of the device. In addition, all kiteworks content can be remotely wiped by the administrator in the case of a lost or stolen device.
• Private and hybrid clouds enable IT to architect a system that meets their infrastructure strategy and budget, yet ensures full security and compliance.
• REST APIs for custom integration and development.

kiteworks currently meets CJIS security requirements in all applicable critical policy areas, including:

• Policy Area 4: Auditing and Accountability - Full auditing and accountability through reports accessible through Admin dashboards, as well as through Syslog and SNMP. Administrators can comply with legal requests to preserve and collect all relevant files and metadata, and set content retention policies to meet regulatory compliance requirements. 
   
• Policy Area 5: Access Control - Access Control through LDAP, SSO, 2FA, and local databases for external user authentication. kiteworks also provides granular permissions for individual folders for collaboration.
   
• Policy Area 6: Identification and Authentication - Authentication through LDAP, SSO, and 2FA.
   
• Policy Area 7: Configuration Management
 - Full administrative control over configuration management. It also provides access restrictions for changes.
   
• Policy Area 10: System and Communications Protection and Information Integrity
 - End-to-end encryption of data in transit and data at rest. The platform is available in FIPS 140-2 certified and compliant configurations. Customers also retain sole ownership and control of their encryption keys.
   
• Policy Area 13: Mobile Devices
 - Major mobile operating systems supported. Native MDM-light capabilities such as remote data wipe, secure encrypted containers, access PINs, token lifetime configuration, and mobile app whitelisting are all part of the kiteworks platform. The mobile productivity suite makes it easy for authorized users to create, edit, share, and collaborate on files on mobile devices.

In total, the kiteworks private cloud content collaboration platform enables law enforcement agencies to take full advantage of the latest advances in mobile devices and cloud computing, while meeting strict CJIS requirements.

To learn more about kiteworks and its features for CJIS compliance, please contact us. 

Abbotsford Police Department serves the city of Abbotsford, British Columbia. With over 200 police offers, supported by another 200 staff and volunteers, Abbotsford PD is dedicated to providing the highest quality service to its residents with the goal of making Abbotsford the safest city in British Columbia.

When one thinks about a police department, about the last thing that comes to mind is content. Content however is central to every activity police departments engage in: accident and arrest reports, traffic tickets, statements from eye witnesses, itemized logs of physical evidence, video footage, emails, press briefings, and more.

Naturally, most of this content needs to be shared – among staff, with other law enforcement agencies, with attorneys general and other political organizations, the media and members of the community. The Abbotsford Police Department (APD) traditionally relied on its FTP server to deliver this content, which often was in very large files. Setting up new accounts and administering those accounts however was a time-consuming process for the department’s small IT staff and often lead to delays in sharing content. This proved to be very problematic when content was time sensitive.

APD needed a collaboration solution that wasn’t just secure and easy to administer. “Our number one priority was ease of use,” shared Gord Boyes, APD’s Manager of Information Technology. “We wanted to train our people once and equip them with the means to share content efficiently and safely at any time of day, whether at the station or out in the field.”

APD evaluated several solutions but Accellion’s secure content collaboration platform, kiteworks, stood out. First, a private cloud deployment ensured the security of the department’s content. Second, an easy-to-use solution with an intuitive user interface ensured adoption and self-sufficiency. Finally, administrative functions such as file / folder expiry as well as visibility into when files were received and downloaded enhanced file management and compliance. In Boyes’ words, “kiteworks was the clear answer.”

Currently, kiteworks is being utilized by staff and investigators and even the Chief Constable and the Department’s board of directors. The solution is being used to support active criminal investigations and allows staff to easily share interview transcripts, video footage and PDF forms among all personnel involved in case work. Reams of evidence is now shared instantly and securely, making reliance on FTP accounts, USB thumb drives, DVDs and couriers all a thing of the past.

Boyes summarizes, “kiteworks is used across a wide-range of police activities and has proved its worth day in and day out.”

To Learn More

To learn more how Accellion helps the Abbotsford Police Department share files and collaborate securely, download the case study.

This Accellion customer (they have asked to remain anonymous) is a leading manufacturer of luxury wrist watches and is one of the world’s most recognizable brands.

A lot more goes into producing fine wrist watches than one would think. Sure, engineering, design, technology and craftsmanship are all critical elements. But so are hi-resolution photos for print and digital ads, design specs for product development, and budgets and sales forecasts for company growth. These aspects of the business may be more mundane however they’re just as important as the art and science of watchmaking.

While the Company’s watchmakers are producing fine timepieces, the corporate side of the business is producing content – lots of content. Typically, this information needs to be shared efficiently and securely to enable the business to run like a fine Swiss…well, you get the idea. Anyway, the Company’s sales and marketing employees relied on a third-party FTP solution to share and collaborate on product designs, advertisements, sales forecasts and other proprietary content with partners in other offices and retail stores.

FTP however was cumbersome to use and administer and did not have the adequate security features to comply with the IT department’s data protection requirements. The Company was open to a cloud solution but it had to seamlessly integrate with the Company’s existing content systems. A Systems Administrator with the Company elaborates, “we were sold on kiteworks’ ability to securely span platforms, providing universal and instant access to files in multiple enterprise content systems, including SharePoint – from laptops, desktops, tablets and smartphones.”

While seamless access to content from any device or location was going to make employees more productive, protecting the Company’s intellectual property was the absolute top priority. The Company therefore deployed kiteworks as an on-premise, private cloud deployment so that IT could have total control of its content, including sole ownership of its encryption keys.

The Company is currently utilizing kiteworks for a variety of projects and workflows. For example, sales managers in the field can photograph and instantly upload and share photos of partner product displays right from their smartphones, without a VPN. kiteworks is also being used by the Company to collaborate with project managers on blueprints and building plans for a large expansion project.

The Company has been very pleased with kiteworks to date and adoption continues to grow. The Systems Administrator concludes, “the beauty of kiteworks is that it just works. It’s a breeze to configure and customer support is excellent but its ability to keep our content secure is the best part and this alone makes the investment worth it.”

To Learn More

To learn more how Accellion helps this luxury brand watch manufacturer collaborate securely and efficiently, download the case study.

When it comes to the security of sensitive legal information, you don’t have to be a Panamanian law firm with star-studded clientele to have a huge target on your back. Recent breaches at some of the country’s most prestigious law firms, including Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, reveal the growing cyber threats facing the legal industry. 

Legal data is at risk because it’s valuable. What exactly is legal data? Legal data can include but is certainly not limited to: contracts, investigation results, patent filings, as well as corporate personnel and financial information. More often than not, legal data is highly sensitive and confidentiality is stressed under attorney-client privilege. Many law firms for example have confidential information about mergers and acquisitions (M&A). If stolen, this information can be used for insider trading or gaining an upper hand in negotiations. A Russian hacker in fact recently targeted 48 of the AM Law 100 firms, specifically seeking data on M&A transactions.

There are a number of reasons why legal data is at risk beyond the value of the data itself. Here are a few considerations partners and legal IT teams should be aware of:

• Hactivists (hacker activists) sometimes attack law firms for social or political causes.
  Hacktivists sometimes target law firms because of the clients they represent. For example, in 2012 hactivists associated with the group Anonymous attacked Puckett & Faraj, because the firm was defending a United States soldier who had pleaded guilty in connection with his role in the death of 24 Iraqi civilians.
• Cybersecurity at law firms is often ineffective at countering today’s sophisticated threats.
  According to FBI officials and security experts, “law firms remain a weak link when it comes to online security.” IT may be a second or even third priority at law firms, treated as operational support rather than strategic infrastructure. Also, many firms likely lack the expertise to secure their networks and devices, which is only becoming more diverse and complicated with “Shadow IT” applications and a BYOD culture.
• Law firms are vulnerable to attacks from within and without.
  Just as Target was breached through one of its partners (an HVAC service), law firms are vulnerable to attack from insiders and partners such as auditors and strategic communications firms. Vulnerabilities in these organizations might eventually be used to attack law firms directly.
• Security attacks are more sophisticated than ever before.
  Phishing attacks, ransomware, SQL injections—the list of security attack techniques goes on. These attacks continue to be successful, even in organizations that pride themselves on IT security. As long as these techniques are effective, hackers will continue using them.

Keeping Law Firm Data Secure

To counter these threats, law firms should do the following:

• Make IT security a strategic imperative. 
  A data breach can easily lead to a breach of attorney-client privilege and ultimately a law firm’s hard earned reputation. IT security therefore must be a partner-level priority.  
• Assess vulnerabilities on an ongoing basis.
  Law firms should monitor all of their IT assets and use vulnerability scanning and other assessments to identify any vulnerabilities in their network.
• Secure content in transit and at rest.
  Law firms need to protect content whether it’s stored on-premises, in the cloud, on a device or in transit between these endpoints. Firms must also ensure their security policies are current with the devices and storage being used
• Educate employees about cybersecurity threats and best practices.
  Teach employees about the risks of phishing, social engineering, and other attacks. Best practices for storing and sharing content securely should also be stressed.

kiteworks for Legal

kiteworks is a secure content collaboration solution on private cloud for law firms that enable legal professionals to securely share and collaborate on sensitive legal documents with internal teams, opposing counsel, and clients without risking leakage of confidential client information.

There are a number of security features within kiteworks. These include:

• Encryption of all content in transit, in use and at rest.
• Encryption key ownership.
• Secure containers that shield content from malware or data breaches.
• Leak-proof editing so that employees can access and edit Microsoft documents, and annotate and redline PDFs without jeopardizing data security.
• Role-based access controls for restricting access to and distribution of content.
• Audit trails for all distribution of content.
• Support for digital rights management, such as watermarking, view-only mode, and withdrawing content after it has been shared.
• Integrations with SharePoint, EMC Documentum, Box, and other popular content systems, for single pane of glass access to enterprise content.
• Support for remote wipe on mobile devices and desktop systems should devices be lost or stolen or when employees leave the organization.

Not only does kiteworks help preserve attorney-client privilege, it also helps law firms demonstrate compliance with a number of industry standards such as: ITAR, HIPAA, SOX, GLBA, SOC 2 (SSAE-16), PCI-DSS, and FIPS 140-2. Compliance is more than just good business practice or a show of solidarity with customers. The Department of Health and Human Services for example requires law firms to demonstrate HIPAA compliance.

kiteworks is a trusted secure collaboration solution at a number of leading law firms. In fact, according to the International Legal Technology Association (ILTA), Accellion is the number one choice for file sharing amongst large law firms, its second year in a row.

To learn more about kiteworks for Legal, visit our legal page here.

We live in a world marked by extreme data generation and accumulation, fueled by our interaction with an increasing number of applications, systems and devices. It's hard to believe but IoT development and adoption is set to drive this increase in data generation exponentially further.

Significant security and compliance challenges arise however when data is collected, ana­lyzed, and shared, especially when data sharing crosses organizational boundaries. In industries such as financial services and healthcare, industry-specific regulations mandate that customer data be kept private and safe from tampering or illicit access.

But not all privacy regulations are limited to specific industries. Some laws and regulations require all customer data to be protected, regardless of industry. The most sweeping and consequential of these non-industry-specific data privacy regulations is the European Union’s new General Data Protection Regulation (GDPR). The GDPR was passed by the EU Parliament’s Civil Liberties Committee on April 14, 2016 and goes into effect on May 25, 2018, becoming the law of the land in all 29 EU member states.

Building on the EU Data Privacy Directive (95/46/ec), the GDPR is a bold attempt to create a robust legal framework for protecting data privacy in the age of social media, geographically distributed cloud-computing services, and broad government surveillance. It affirms every EU citizen his/her right to privacy and establishes strict requirements for organizations collecting or processing the personally identifiable information (PII) of EU citizens.

Preserving Personally Identifiable Information

The concept of PII is central to both the Data Privacy Directive and the GDPR. Here’s how the GDPR defines this important term:

any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Examples of PII include:

• A CRM database record with a customer’s name, address, and phone number.
• The IP address or MAC address of a citizen’s smartphone, tablet, or laptop.
• A passport number.
• A photo that can be used for facial recognition.
• A citizen’s post on a social media platform such as Facebook about politics, religion, or health status.
• Genetic or biometric data that can uniquely identify an individual, including fingerprints, signatures, voice recordings, and even patterns of keystrokes.
• A description that indirectly identifies an individual, such as “the company’s sales representative for the Paris region.”

By standardizing data protection across all member states, the GDPR affirms an EU citizen’s right to know what PII is being collected by other parties. It grants citizens the right to know why PII is being collected, how the PII is being used, and the purpose of its use. In most cases, the regulation also affirms citizens’ right to have their PII deleted.

Boards of directors, IT organizations, security teams, and compliance teams in global enterprise should be preparing now to comply with the GDPR. Failure to comply could result in steep financial penalties—as high as 4% of an organization’s annual revenue—and lasting damage to brand reputation.

Private Cloud Content Collaboration and the GDPR

Content management, mobility, and security are all critical to compliance with the GDPR. A failure to comply not only invites significant fines but also customer churn and brand erosion. Thankfully, the kiteworks secure content collaboration platform by Accellion enables organizations to comply with the GDPR.

The kiteworks platform provides an enterprise-wide layer of data security and control, integrating with and enforcing security policies for all on-premises and cloud-based content systems in the enterprise such as Microsoft SharePoint and OpenText as well as to cloud-based services such as Box, Dropbox, and Google Drive.

Security features include encryption of data at rest and in transit, role-based access controls, secure containers that protect private data like PII on mobile devices from unauthorized access and malware infection, and special controls, such as view-only content, that ensure that confidential content remains confidential. In addition, all content sharing in kiteworks is logged and monitored. CISOs and IT administrators can review user activity to ensure that PII is being accessed only by authorized users, ensuring compliance with regulations like the GDPR.

Because kiteworks is designed for enterprise-grade scalability and flexibility, it can accommodate any infrastructure strategy: on-premises, IaaS cloud, private hosting by Accellion, or any hybrid scenario. Nodes can be distributed across the globe to reach remote offices, ensure performance, and honor data sovereignty regulations. IT organizations can manage and enforce policies to protect data and ensure regulatory compliance, while trusted business users can manage select con­tent and content-sharing to promote productivity and ensure the right level of trust.

To learn about the kiteworks solution for private cloud content collaboration and how kiteworks can help your organization comply with the GDPR and other data privacy regulations, please con­tact Accellion.

Sixth Consecutive Year of Recognition on the KMWorld 100

Accellion, Inc., the leading provider in hybrid and private cloud secure content collaboration, today announced it has been named to KMWorld Magazine’s “100 Companies That Matter in Knowledge Management,” for the sixth consecutive year.

This distinction follows Accellion’s inclusion in KMWorld’s Trend-Setting Products of 2016, recognizing Accellion’s secure content collaboration platform, kiteworks, as one of a unique set of products “designed, developed and perfectly timed to fill a niche in the marketplace before users are even aware that such functionality and flexibility have been missing.”

“The need for organizations to enhance the customer experience and increase efficiencies while ensuring the highest levels of data security and compliance has never been greater,” commented Andy Feit, Chief Marketing Officer at Accellion. “Accellion is singularly qualified to secure content and workflows with the outside world, transforming the way employees collaborate with customers, partners and other stakeholders. We’re very pleased KMWorld shares a similar view of evolving enterprise requirements and it’s an honor to once again be included in the KMWorld 100.”

The kiteworks content collaboration platform offers organizations and their external partners a secure means to collaborate on enterprise content, whether it is stored on premises or in the cloud. Integration with Microsoft SharePoint, SharePoint Online, Office 365, OneDrive, OpenText, Documentum, Box and other systems provides a consistent way for users to easily access, edit and share content, from any device or location. For organizations working with sensitive information, including those in highly regulated industries, kiteworks addresses the critical factors in demonstrating compliance, delivering the security, control and visibility necessary as external users become part of business processes.

KMWorld’s prestigious “100 Companies That Matter in Knowledge Management” list recognizes companies that have played an innovative role in the creation, enhancement and definition of the knowledge management market. The list is compiled by knowledge management practitioners, theorists, analysts, vendors and customers.

About KMWorld

KMWorld is the leading publisher, conference organizer, and information provider serving the knowledge management, content management, and document management markets. KMWorld informs its more than 40,000 subscribers about the components and processes — and related success stories — that together offer solutions for improving business performance. KMWorld is a publishing unit of Information Today, Inc.

Data Loss or Data Leak Prevention, more commonly known as DLP, has been around a long time and it doesn’t take a computer scientist to understand why. As data breaches continue to occur in increasing frequency and sophistication, interest in DLP technology has exploded. According to Forrester Research, 63% of North American and European enterprises in 2016 had implemented or were implementing DLP solutions and suites, compared to only 44% in 2015. As data breaches increase in frequency and sophistication, DLP may represent the last line of defense in protecting an organization’s sensitive data. Could DLP technology have prevented the access and leak of sensitive information on the CIA’s network? We’ll never know for sure but it’s likely current and widespread use of the technology would have made the leak more difficult.

Employing data analysis to monitor, detect and block sensitive content when it is in-use, in-transit, and at-rest prevents the inadvertent disclosure or mishandling of confidential data, either intentionally (by a hacker) or unintentionally (by a careless employee). DLP technology not only helps prevent data leakages, but it can also provide organizations visibility into who has access to sensitive data and when that sensitive data is accessed and shared. A proper DLP solution includes centralized management, policy creation, and enforcement workflow, all focused on monitoring and protecting content and data. As a result, the DLP function significantly enhances an organization’s ability to classify, manage, understand and, of course, protect their most sensitive content.

Given the current threat landscape and the critical role DLP plays in preserving enterprise content, it should be clear that if your organization doesn’t have a DLP solution, it should. And if your organization does have a DLP solution, you shouldn’t purchase any enterprise software that doesn’t support your DLP solution and processes – particularly if that software accesses, shares or stores sensitive enterprise content.

This is easier said than done. Safeguarding content from data loss is complicated by the fact that modern enterprises have content stored in lots of different on-premises and cloud-based systems, such as Office 365, SharePoint, Windows File Shares, Box, and many more. While storing content on one platform isn’t realistic, neither is expecting consistent DLP functionality across all of these systems.

Accellion recognizes this complexity as well as the need for standardized DLP capabilities across all content systems. Accellion’s content collaboration platform, kiteworks, is singularly capable of integrating with any enterprise’s DLP solution to scan every file uploaded to and downloaded from an on-premises or cloud-based enterprise content management (ECM) system. With kiteworks, enterprises can connect to any DLP server that supports the ICAP protocol, including Symantec (Vontu), Websense Triton AP-DATA, and Code Green, to enhance their data security. In addition, by using kiteworks’ central policy management system, enterprises can be assured that policies and rules are uniformly enforced across all content systems. The files are consistently and efficiently screened with the same criteria, enhancing an enterprise’s efforts to protect all of its content from the risk of data loss.

Beyond DLP integration, organizations have an extensive list of security capabilities to tap into with kiteworks. Anti-virus scanning on file uploads and downloads, secure file sharing and collaboration, remote wipe, file/folder expiration, content encryption and encryption key ownership are just some of the content security capabilities available. In addition, the ability to access, edit, share and collaborate on content using any device, from any location, dramatically increases workflow efficiency.

To learn more about kiteworks and DLP scanning of enterprise content, regardless of where it is stored or how it is accessed, please contact us.