Archive for the ‘data governance’ Category

Choose the Right File Sharing Solution for ITAR Compliance

ITAR FIleCloud

ITAR (International Traffic in Arms Regulations) is promulgated pursuant to the Arms Export Control Act (22 USC sec. 2751). The regulations are programmed to restrict and control the import and export of defense and military-related items, technologies, and services. Any item or service subject to the regulations must be included on the United States Munitions List (USML), compiled, and maintained by the State Department which is responsible for the administration of ITAR.

ITAR is implemented by the State Department’s Directorate of Defense Trade Controls (DDTC). Items listed on the USML may be shared only with a US person. Any deal involving a non-US person requires either authorization or an exemption from the DDTC.

FileCloud for ITAR is a secure file management solution that offers file storage,  access, and data governance. Custom-tailored specifically for organizations who deal with ITAR
and EAR-regulated data, it offers multi-layer data security, governance, and advanced recordkeeping capabilities. FileCloud is cloud-agnostic, which means you can self-host it on your own IT infrastructure, or choose to utilize our software services.

Basic Principles to Secure your ITAR Data

  • Search and Secure Sensitive Data – FileCloud’s Smart Classification Engine automatically sorts your content into logical categories within minutes. Automate sensitive data discovery with simple rules that make sense to you. Our cloud services are hosted in AWS GovCloud. FileCloud service is managed and supported from Austin, Texas by U.S.-based personnel. FileCloud can also be self-hosted by end-users if they prefer that option over our cloud service.
  • Granular Permissions for Users – In addition to powerful auditing features, FileCloud for ITAR also offers detailed information about downloaded files, user shares, user logins, active users, DLP violations, and statistics for file movement.
  • User Data Access Control – FileCloud offers private-only, time-limited, and view-only access for sensitive documents. You can prevent downloads, and configure custom sharing options with FileCloud’s Smart DLP capabilities and document tags.
  • Audit Reports – FileCloud aims to give you the best possible audit data to satisfy ITAR compliance. With our admin portal, administrators can easily filter and select levels of granularity, as well as use the “Audit” options on our admin dashboards to view the following granular data.

Features of FileCloud for ITAR Compliance

 Own Your Data

Self-host FileCloud on AWS GovCloud or Azure. Control and manage inbound and outbound network traffic, check detailed audit logs to see who accessed the files, and more. Build a robust ITAR compliant file sharing and access control solution with FileCloud.Our cloud services are hosted in AWS GovCloud. FileCloudservice is managed and supported from Austin, Texas by U.S.-based personnel. FileCloud can also be self-hosted by end-users if they prefer that option over our cloud service.

360° Data Security

FileCloud provides multi-level, 360° data protection by bringing revolutionary Data Leak Prevention capabilities to the market. Our simple, flexible, and rule-driven system prevents accidental data leaks from end-users and protects all sensitive data. Unintentional data leaks can happen because of user errors and oversights. Establishing a set of strict policies to prevent data leaks is crucial for ITAR compliance. FileCloud’s Smart DLP offers 360* protection. FileCloud helps in protecting data in compliance with ITAR.

End- to-End Encryption

FileCloud for ITAR offers encryption at rest and in transit using FIPS 140-2 validated cryptography models. The files are encrypted as they are uploaded to the system.
FileCloud for ITAR (Online) offers independent and extensive customer control over encryption keys using AWS Key Management in GovCloud, while our self-hosted option offers complete control over data and encryption keys.

Record Management

ITAR requires that records of transactions and information be maintained for five years from the expiration of the export license or other approval. In the case of an export license exemption, this would be from the date of the transaction. FileCloud for ITAR offers complete content lifecycle management with flexible retention and archival schedules to meet your ITAR record management requirements.

Access and Authentication

Securely access your enterprise data from anywhere using any device – without a VPN. FileCloud offers multiple ways to access your organization’s files securely: web browser, a sync client, a mapped virtual drive, and mobile apps. Authenticate with Active Directory, or create new accounts with FileCloud. 2FA, SAML-SSO, and Smart Card Authentications are supported across all clients (Web, Desktop, and Mobile apps). Set expiration on shared files and set granular file permissions. Revoke data access to reduce the risk in event of a data breach.

A Review of ITAR Features from FileCloud

FileCloud for ITAR security features complies with ITAR document security requirements with features including:
• Encryption at rest and in transit using FIPS 140-2
• Complete, independent control over your content- Own your data
• Supports NIST password standards
• Multi-factor authentication
• Smart, automatic classification of documents according to sensitivity
• Smart Data Leak Prevention
• Control access based on IP filters
• Realtime activity-Audit
• U.S.-based infrastructure operated by U.S. Citizens in the U.S.

Conclusion

Security is important to comply with ITAR compliance and achieving the same efficiency by migrating all file sharing needs to FileCloud is a good bet. FileCloud provides secure data transfer to defense contractors and other organizations.FileCloud also provides the necessary tools for high performance and productivity. The penalties for ITAR violations, both criminal and civil, are substantial. Criminal penalties may include fines of up to a million dollars per violation and 10 years’ imprisonment while civil fines can be as high as half a million dollars per violation. Failure to comply with ITAR may also damage an organization’s reputation and ability to conduct business. The State Department maintains publicly available records of all penalties and violations dating back to 1978. Organizations and individuals run the risk of being completely debarred from exporting defense-related services and items.

Understanding CMMC and Compliance Using FileCloud

CMMC

CMMC is a means by which the US Government is using to enforce a tiered approach to audit third-party compliance with NIST SP 800-171, based on five different levels of maturity. DoD third-party organizations have been required to comply with NIST 800-171 since January 1, 2018. In the past three years, the DoD struggled with the low rate of NIST 800-171 compliance across the Defense Industrial Base, and CMMC was created to address that systemic issue of non-compliance by both primaries and their subs. Also, when NIST 800-171 was initially launched, the DoD would not accept any form of 3rd-party audit for evidence of NIST 800-171 compliance, but that is exactly what CMMC does, so a lot has changed in the past three years from how NIST 800-171 adoption was initially envisioned.

The Center for Strategic and International Studies estimates that the total global cost of cybercrime was as high as $600 billion in 2017. The U.S. Department of Defense is enforcing a risk-management approach to improve cybersecurity measures of third-party partners by asking them to obtain the Cybersecurity Maturity Model Certification (CMMC). This certification is designed to improve the protection of Controlled Unclassified Information (CUI) and Federal Contract information (FCI), and the certification applies to DoD contractors. CMMC measures an organization’s approach to protect FCI and CUI. CUI is information that requires protection or audit controls according to federal law, regulations, and government policies.FCI is information provided by or generated by the government under a contract to develop or deliver a product or service to the government, not intended for public release.

Key Takeaways for CMMC

  • All companies conducting business with the DoD, including subcontractors, must be certified.
  • The CMMC is expected to combine relevant portions of various cybersecurity standards, such as NIST SP 800-171, NIST SP 800-53, ISO 270001, and ISO 27032, into one unified standard for cybersecurity.
  • Contractors will be required to be certified by a third-party auditor.
  • Certification levels of contractors will be made public, though details of specific findings will not be publicly accessible.
  • Contractors must clearly document practices and procedures with those requirements that already comply with CMMC practices or processes.

Five Levels of Maturity

Depending on your company and the business you conduct with the DoD will decide which level (1–5) you need.

  • Level 1 – Basic Cyber Hygiene: Includes basic cybersecurity suitable for small companies having a subset of universally accepted common practices. The processes at this level would include some basic performed cybersecurity practices. This level has 35 security controls that must be implemented successfully.
  • Level 2 – Intermediate Cyber Hygiene: Includes universally accepted cybersecurity best practices. Practices at this level should be documented, and access to CUI  will require multi-factor authentication. This level includes an additional 115 security controls on top of Level 1.
  • Level 3 – Good Cyber Hygiene: Includes coverage of all NIST SP 800-171 Rev. 1 controls and additional practices beyond the scope of current CUI protection. Processes at this level are maintained, and there is a comprehensive knowledge of cyber assets. This level requires an additional 91 security controls on top of those covered in Levels 1 and 2.
  • Level 4 – Proactive: Includes advanced and sophisticated cybersecurity practices. The processes at this level are periodically reviewed, properly resourced, and are improved regularly across the enterprise. In addition, the defensive responses operate at high speed and there is a knowledge of all cyber assets. This level has an additional 95 controls on top of the first three Levels.
  • Level 5 – Advanced / Progressive: Includes highly advanced cybersecurity practices. The processes involved at this level include continuous improvement across the enterprise and defensive responses performed at high speed. This level requires an additional 34 controls.

5 levels of CMMC

 

17 Domains of Security Requirements

The CMMC model consists of 17 domains, 14 of which are derived from the Federal Information Processing Standards (FIPS) Publication 200 and NIST 800-171

  1. Access Control
  2. Asset Management
  3. Audit and Accountability
  4. Awareness and Training
  5. Configuration Management
  6. Identification and Authentication
  7. Incident Response
  8. Maintenance
  9. Media Protection
  10. Personnel Security
  11. Physical Protection
  12. Recovery
  13. Risk Management
  14. Security Assessment
  15. Situational Awareness
  16. System and Communication Protection
  17. System and Information Integrity

FileCloud identifies loopholes in critical security controls according to your desired CMMC maturity level for each of the 17 domains and creates clear instructions for both improving your security position and meeting CMMC requirements. We will go through several domains and let you know how FileCloud helps you comply.

Access Control – FileCloud supports integration with Active Directory, LDAP, and SSO. In addition, FileCloud integrates your Network Shares with NTFS permissions to provide you with better access control of the data your users are allowed to view, upload, download, share, sync, or manage. Within FileCloud you can create users and groups and assign permissions and policies to them to allow or prevent them from accessing your data. FileCloud also supports DLP and granular folder permissions.

Asset Management – FileCloud’s Centralized Device Management allows you to view all the devices that have access to FileCloud using our mobile and desktop clients. FileCloud also includes functionality for creating reports of these devices to aid you in creating your inventory report.

Audit and Accountability –FileCloud’s auditing capabilities enable you to review who, when, where, and what is involved each time FileCloud is accessed. FileCloud also supports SIEM (blah) integration. FileCloud’s data governance capabilities allow you to apply multiple retention rules to avoid the deletion of auditable records you want to store in FileCloud.

Awareness and Training –To complement your internal employee training, FileCloud provides you with extensive information about applying best security practices while using FileCloud.  FileCloud also offers end–user training.

Configuration Management- FileCloud contains multiple configuration capabilities including but not limited to centralized device management, content classification, DLP, global policies, specific device configuration policies, Customization, Data Governance, user password enforcement, private sharing permissions, granular folder level permissions, etc.

Identification and Authentication-Besides FileCloud’s proprietary user authentication, FileCloud supports integration with Active Directory, LDAP, and SSO. FileCloud also supports Duo Security integration and 2FA.

Incident Response-FileCloud’s data governance dashboard displays potential rule violations such as DLP violations or retention policy violations. FileCloud workflows enable you to automate report generation, device approval, and other tasks.

Maintenance- Using FileCloud workflows, administrators have the ability to perform automatic maintenance tasks within FileCloud, for example, deleting files after a specified amount of time or disabling users who have not accessed FileCloud in a specific amount of time. FileCloud also supports automatic audit log trimming and exporting to a location defined by the administrator.

Media Protection-FileCloud’s antivirus integration via ClamAV or ICAP protocol enables you to verify the integrity of files as they are uploaded. FileCloud’s DLP provides you with granular control over your data. FileCloud supports in–transit encryption via HTTPS/SSL.

Personnel Security-FileCloud’s smart classification and DLP enable you to classify your data based on DLP rules that deny or allow downloads or sharing.

Recovery- The FileCloud Server Backup tool creates backs up your data automatically.

Conclusion

For your organizations to be CMMC Compliant, they must implement encrypted file sharing solutions. The end-user is responsible for utilizing suitable FileCloud capabilities as well as managing and maintaining the environment where FileCloud is being hosted to ensure the CMMC requirements are being met.

FileCloud is the commercial of the shelf software solution that helps businesses securely share, manage, and govern enterprise content. FileCloud software provides the necessary capabilities for organizations to obtain CMMC compliance.

 

References

Accellion CMMC Compliance Guide. (n.d.). ACCELLION. Retrieved 2021, from https://www.accellion.com/sites/default/files/resources/wp-accellion-cmmc-compliance-guide.pdf

Carey, B. (2020, May 11). Prepare for CYBERSECURITY Maturity Model certification (cmmc). Retrieved April 06, 2021, from https://blog.rapid7.com/2020/04/15/preparing-for-the-cybersecurity-maturity-model-certification-cmmc-part-1-practice-and-process/

Center for Strategic and International Studies (CSIS) & www.mcafee.com. (2018, February). Economic Impact of Cybercrime— No Slowing Down. Retrieved April 6, 2021, from https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/economic-impact-cybercrime.pdf

Cybersecurity Maturity Model Certification (CMMC) (Vol. 1). (2020). Carnegie Mellon University and The Johns Hopkins University Applied Physics Laboratory LLC.

DoD cybersecurity audits are Coming: Here’s how to prepare. (2021). Retrieved April 06, 2021, from https://www.sysarc.com/services/managed-security-services/cybersecurity-maturity-model-certification-cmmc-guide-for-dod-contractors/

 

 

 

 

 

 

Understanding CJIS Policies and Implementation using FileCloud

CJIS Security Policy entails information security requirements, guidelines, and agreements documenting the will of law enforcement and criminal justice agencies for protecting the sources, transmission, storage, and generation of Criminal Justice Information (CJI). The Criminal Justice Information (CJIS) Security Policy provides a secure model of laws, standards, and elements of published and vetted policies for accomplishing the mission across the broad spectrum of the criminal justice and noncriminal justice communities.

The prime focus of the CJIS Security Policy is to implement the proper controls necessary to secure the full lifecycle of CJI, both at rest and in transit. It applies to a private entity, contractor, noncriminal justice agency representative, or member of a criminal justice entity that utilizes or has access to criminal justice services and information.

Because the magnitude of cyberattacks has increased over the years, CJIS has had to adapt. CJIS came up with a set of standards for organizations, cloud vendors for software as a service (SaaS), local agencies, and corporate networks, etc. These standards must be complied with by those parties to ensure best practices for wireless networks, remote access, data encryption, and multiple-step authentication.

Ground Rules of CJIS

The policies proposed by CJIS encompass best practices in wireless networking, remote access, data encryption, and multiple authentications. Some basic rules include:

  • A limit of 5 unsuccessful login attempts by a user accessing CJIS
  • Event logging various login activities, including password changes
  • Weekly audit reviews
  • Active account management moderation
  • Session lock after 30 minutes of inactivity
  • Access restriction based on physical location, job assignment, time of day, and network address

 

Policy and Implementation Using FileCloud

We will now go through a high-level overview of the 13 policy areas of the CJIS Security Policy v5.3 and how FileCloud will help you implement these

Policy Area 1—Information Exchange Agreements

Organizations dealing with CJI must have signed written agreements documenting the full length of their interaction and the relevant security policies and procedures in place between them to ensure appropriate safeguards. CJIS policy incorporates procedures on how information is handled and what should be in user agreements. Companies and agencies that use CJI must include specific processes and parameters in their information exchange agreements, including:

  • Audits
  • Dissemination
  • Hit confirmation
  • Logging
  • Quality assurance
  • Pre-employment screening
  • Security
  • Timeliness
  • Training
  • Use of systems
  • Validation

FileCloud understands this is a shared responsibility between the parties and has the provision to implement the information exchange policy in the enterprise edition.

Policy Area 2—Security Awareness Training

Basic security awareness training should be given in the initial six months and biennially for all personnel who have access to CJI. Records of individual basic security awareness training and specific information system security training shall be documented and updated. This is the customer’s responsibility to make sure the training is made available to all the personnel having access to the information and keep the training documents up to date.

Policy Area 3—Incident Response

Agencies must incorporate operational incident handling capability for malicious computer attacks against agency information systems to include adequate preparation, detection, analysis, containment, recovery, and user response activities. Agencies must also track, document, and report incidents to appropriate officials. Incident-related information can be obtained from different sources including audit monitoring, network monitoring, physical access monitoring, and user/administrator reports. The agency should incorporate the experience from ongoing incident handling activities into the incident response procedures and implement the procedures accordingly.

Policy Area 4—Auditing and Accountability

Agencies must provide for the ability to generate audit records of their systems for defined events. FileCloud Server has extensive auditing support and every operation in FileCloud Server is logged. By providing options to record every action with What, When, Who, and How attributes, FileCloud gives customers the best possible audit data to satisfy CJIS compliance. FileCloud has the capability to record logs of all events, Metadata, timestamps, the outcome of events. FileCloud can also help you create audit reports. FileCloud also has the capability to retain these audit reports/logs for a year or until the information is no longer needed.

Policy Area 5—Access Control

One of the more complex Policy Areas, an Agency’s IT organization, will implement multiple mechanisms addressing login management systems, remote access, virtual private network (VPN) solutions certified to the FIPS 140-2 standard and enact policies and controls for Wi-Fi, Bluetooth and cellular devices.

FileCloud can be used to implement access control policies (identity-based policies, role-based policies, rule-based policies) and associated access enforcement mechanisms (access control lists, access control matrices, cryptography). It can enforce a limit of no more than 5 consecutive invalid access attempts by a user, initiate session lock after 30 min of inactivity, automated mechanisms to facilitate the monitoring and control of remote access methods.

Policy Area 6 — Identification and Authentication

Agencies must uniquely identify users and processes acting on behalf of users.

Admins have the ability to set permissions for each individual user. Access permissions are generally enforced uniformly regardless of location and access method (web browser, FileCloud drive, WebDAV, FileCloud sync, mobile/tablet app). Admins can also set an expiration date for a user, after which the user permissions will expire and will no longer have access to the FileCloud system. Admin can also disable the user for a certain period of time. FileCloud password policy management allows admins to set minimum password length for user accounts and account lockout after failed logins. Account lockout prevents brute force password attacks by immediately locking out the access point after multiple failed login attempts.

Most security threats today are a result of compromised user credentials. With FileCloud’s two-factor authentication, users can require an extra 2FA code as part of the user authentication process. The additional login step requires users to verify their identity using a 2FA code sent via email creating a double-check for every authentication.

Policy Area 7 — Configuration Management

The goal is to allow only qualified and authorized individuals’ access to information system components for purposes of initiating changes, including upgrades and modifications. FileCloud system administrators can configure and view the complete list of shares created by users and locked files and folders. The User Shares Report includes information such as user name, location, expiration, and share type (private or public). The User Locks Report provides a list of files locked by users. FileCloud monitors all user logins and activities including deletion, uploads, and downloads. In addition, FileCloud provides tools to filter activities using a date range, user names, and text search.

Policy Area 8 — Media Protection

Media protection policy and procedures shall be documented and implemented to ensure that access to electronic and physical media in all forms is restricted to authorized individuals. Procedures shall be defined for securely handling, transporting, and storing media.

With FileCloud, you can encrypt Managed Disk Storage for compliance and security reasons. If a FIPS-enabled FileCloud license is installed, there is a new option in the Admin Portal to enable FileCloud to run in FIPS mode in FileCloud Server version 19.1 and later.

Policy Area 9 — Physical Protection

Physical protection policy and procedures shall be documented and implemented to ensure CJI and information system hardware, software, and media are physically protected through access control measures.

FileCloud protects the confidentiality and integrity of your files in transit and at rest.

  • AES 256-bit encryption to store files at rest.
  • SSL/TLS secure tunnel for file transmission.
  • Site-specific, customer-managed encryption keys in a multi-tenant setup. Each tenant gets their own set of encryption keys.

 Policy Area 10—Systems and Communications Protection and Information Integrity

Communications safeguards must be employed to ensure the security and integrity of data across the network both in motion and at rest.

FileCloud security includes 256-bit AES SSL encryption at Rest, Active Directory integration, two-factor authentication, granular user and file-sharing permissions, client application security policies, anti-virus scanning, unlimited file versioning, recycle bin, file locking, endpoint device protection, and comprehensive CJIS compliant audit trail.

Policy Area 11 — Formal Audits

Formal audits are conducted to ensure compliance with applicable statutes, regulations, and policies. These audits will be executed by either the FBI CJIS Audit Unit (CAU) or the state’s lead CJIS Systems Agency (CSA).

Policy Area 12 — Personnel Security

Agencies must provide security screenings consisting of state of residence and national fingerprint-based record checks for all personnel with either physical or logical access to unencrypted CJI. This applies to agency personnel, vendors, and contractors.

Policy Area 13 — Mobile Devices

Long overdue; this section provides detailed guidance regarding employing mobile devices, e.g. cellular-enabled smartphones and tablets. Here you’ll find minimum functions required to manage mobile devices and an introduction to the concept of compensating controls in order to bridge the inherent technical limitations of some devices.

Conclusion

FileCloud Server is the commercial of the shelf software solution that helps businesses securely share, manage, and govern enterprise content. FileCloudsoftware provides the necessary capabilities for organizations to obtain compliance with CJIS. The enduser is responsible for utilizing suitable FileCloud capabilities as well as managing and maintaining the environment where FileCloud is being hosted to ensure CJIS’s requirements are being met. FileCloud aids with your CJIS compliance efforts under the shared responsibility model.

 

References

https://itlaw.wikia.org/wiki/Criminal_Justice_Information_Services_Security_Policy

Finding a Safe Place for Your Data and Software

Data Security

 

Your organization runs on data and software. But this whole IT environment needs to live somewhere. Preferably a safe place that no unwanted people can access.

What options do you have? How should you choose where to host your data and your software?

In this article, we’ll explore these topics in-depth, hopefully giving you that bit of additional information that you need to choose a safe place for your IT environment.

 

Where can you host your software/data?

The traditional way is to host it on your own servers, which is called on-premise hosting.

It’s private by nature because the whole infrastructure is dedicated only to your company. The software literally lives on your own machines, along with the data and all of your intellectual property. Servers don’t need to actually be located at your headquarters, they’ll probably be in a dedicated data center.

The “new” (it’s not that new and pretty much standard by now) way to manage your IT resources is cloud hosting.

It’s public by default because it’s provided by a company like Amazon or Microsoft, whose insane server power is shared by all of their customers. But it can be private because cloud providers offer the option to get a share of their servers dedicated only to your company.

Finally, you can also mix the different options, and then you get hybrid hosting. There are a lot of ways to organize a hybrid solution, with different combinations of hardware and software. Choosing one cloud provider doesn’t mean you can only use that one, you can also combine different services from multiple providers.

How much control do you need?

When it comes to hosting your software and data, available server options generally fall into these categories:

  • Control the hardware, control the software
  • Control the hardware, outsource the software
  • Outsource the hardware, control the software
  • Outsource the hardware, outsource the software

Control the hardware and software

If you need to control and customize the performance of your physical servers, as well as the software that runs them, the go-to choice is on-premise hosting.
Control the hardware, outsource the software

What if you need to control the hardware, but you want the same workload management experience that’s offered by big cloud providers? There are ways to run, for example, AWS services on your own on-premise servers. The offerings in this area vary based on the provider.

Outsource the hardware, control the software

Your server workloads are pretty typical, you don’t need custom hardware for your IT environment – but you want to use, for example, FileCloud to share and manage your organization’s data. You can easily run FileCloud on AWS, as well as other services that you might need.

Outsource the hardware and software

This is probably the most popular solution at the moment for non-enterprise companies. You just spin up a server instance at your favorite cloud provider and manage it using the software tools they provide. Use it to host your data, your ERP system, or your SaaS, without worrying about the server infrastructure.

Comparing hosting options – On-Prem vs Cloud vs Hybrid

On-premise

So far we know that on-premise hosting is private (dedicated only to your company), with your IT environment living on your own physical servers.

But when should you use on-premise hosting? Modern tech companies usually start with the cloud, and move on to on-prem.

Take the case of Instagram, they migrated to Facebook’s infrastructure after FB bought them in 2012.

(but then they also branched out to different data centers around the world to ensure that all of their users have a good experience, so they’re definitely not on-prem only)

Companies and enterprises that have been around for decades tend to go from on-prem to adding a bit of cloud, or migrating to the cloud completely.

Like when AdvancedMD moved to the cloud. AdvancedMD is a healthcare-related provider of digital services that’s been around since 1999, which makes this a great example. The most common argument for on-premise hosting is that it’s the most secure option for highly sensitive data. AdvancedMD runs on healthcare data, which is extremely sensitive, and yet nothing tragic happened when they migrated to the cloud.

As AdvancedMD proves, the issue of security is not that important anymore. Both on-premise and cloud hosting can safely store sensitive data.

So the choice between on-prem and cloud is more about control and/or customization.

For the highest amount of control, and the ability to literally customize every part of your infrastructure, on-prem is the right option. Long-term cost management is easier, however, it takes a large initial cost to build your on-prem hosting from the ground up.

On-prem is also a good option when you have high demands:

  • You’re constantly moving large amounts of data in and out of your servers (cloud providers can charge fees for moving data outside of your cloud),
  • You need the lowest latency possible.

One problem with on-prem is that it’s harder to scale, but you can use a cloud provider to mitigate this issue.

Cloud

You’ve probably heard this, but – there is no cloud, it’s always somebody’s server. It’s a popular saying, but it carries a hidden warning about your data being on somebody else’s server.

How big is the risk that cloud providers will mismanage your data, or give someone else access to it? Unless you’re handing out access credentials to your cloud to everyone you meet, the risk is actually very small.

There is no way cloud would’ve become the new standard for hosting if it were risky. Providers know this, and they’ve put extreme amounts of money into making sure that your resources are safe with them.

Another popular issue that people bring up when talking about the cloud is compliance with standards. But it turns out that cloud providers are surprisingly compliant with cross-industry IT standards, so this issue depends on your unique case.

There is a different, much more real, risk associated with the cloud – cost management.

Sure, at the start you pay much less compared to an on-premise solution. As you keep going, it’s super easy to spin up new services from a cloud provider, especially if you have a huge IT budget.

This is a benefit because you can scale up extremely easily. It’s also a problem because you might end up paying for a lot of unnecessary services.

So if you don’t want to overspend, you need to be very careful about managing your cloud infrastructure.

Choosing cloud isn’t a problem of compliance nor security, but rather a problem of your unique workloads. As we learned above, on-premise can be better when you need to move huge amounts of data regularly, or you need minimal latency.

For example, if your servers are just supposed to do the standard job of serving a website to people online, the cloud is the logical solution. But if you’re building a complex web application that performs difficult computations on large amounts of data, you’ll probably be better off with an on-prem, or a hybrid solution.

Hybrid

And so we arrive at the most common option, hybrid hosting.

The complex demands of enterprise IT environments make it almost impossible to just pick one hosting option and roll with it for eternity.

There are too many considerations:

  • Integrating with legacy software,
  • Speed vs reliability,
  • Location of data,
  • Latency…

… and so on, and different parts of a typical IT environment require varying approaches. For example, a cloud provider might work for your in-house data store, but you still need on-prem servers to run particular applications or legacy software.

Hybrid hosting is a way to address all of this complexity because you can combine multiple options to create the infrastructure that meets your requirements to the letter.

Summary

All in all, there is no silver bullet when it comes to hosting your data and software. The safest place for your IT environment might be at a cloud provider, or on your own on-premise servers. Or both.

It depends on what you need, and it turns out that security and compliance are not the biggest issues when you’re thinking about migrating to the cloud. It’s more about the type of data workloads that you have, and the requirements that result from this.

Hope this article was helpful, thank you for reading!

All You Need to Know About Data Subject Access Requests (DSARs)

What is DSAR?

Data Subject Access Requests (DSARs) are a common requirement in privacy regulations including the CCPA and GDPR. These regulations provide individuals with the right to request a copy of all information a company has about them, make changes to the information, and even demand its deletion.

An individual who makes a DSAR is entitled to receive a confirmation that you are processing their personal data, a copy of that data, your privacy notice, and supplementary information.DSARs aren’t new. Organizations and governments have used them for years. But recent consumer data privacy regulations introduced several changes that made it easier for individuals to make requests. The changes go a long way toward transparency in data processing, but they create some challenges for organizations.

DSARs are not limited to customers; anyone whose personal data you collect — including employees and contractors — has the right to submit one.

Types of Data Subject Requests

DSARs can be grouped into four categories, according to the rights involved.

  • Access Requests

The Right of Access

  • Portability  Request

The Right to Portability

  • Change Request

Right to Rectification

Right to Erase

Right to Request Delete

  • Objection Request

Right to Restriction of Processing

Right to Object Data Processing

Right to Opt-out

Right to Object to Automated Decision Making and Profiling

What Should be in a DSAR Response?

Individuals do not need a reason to submit a DSAR. Subjects can request to see their data at any time. Organizations may only ask questions that verify the subject’s identity and help them locate the requested information.

Steps in DSAR

  1. Get Request
  2. Request Logging
  3.  Identity Verification
  4.  Prioritization
  5.  Data Collection
  6.  Validation
  7.  Communication

Get Request

Unless you give your customers an easy way to submit DSARs, they are likely to use the first company email address they find. It’s smart to have an online DSAR form since it helps ensure that requests go to the correct place and contain all the required information.

 

Request Logging

Assign responsibility for creating and updating a record of each DSAR to an individual or department. You might have them develop a spreadsheet that shows the date of the request, its status, and other essential information for tracking progress.

 

Identity Verification

Verify the identity of the person making the request before responding. You may not ask for protected data you don’t already have, but you can ask the requester to provide personal information you do have to authenticate the request. The data you request for verification must be proportionate to the request.

Prioritization

Process the requests according to factors like complexity or degree of legal or business risk to ensure that work is prioritized properly and ensure that response deadlines are met.

Data Collection

Collect all records containing the individual’s data, along with the following supplementary documentation

  1. Your privacy notice
  2. A statement of the purpose for processing private data
  3. The categories of personal data collected
  4. The recipients (or categories of recipients) with whom you shared the personal data
  5. How long you hold personal data
  6. Advice on any additional rights the user has, such as the right to object to processing or the right to request erasure or rectification or to lodge a complaint with a supervisory authority
  7. Where you obtained the data, if it was not directly from the subject
  8. The existence of any automated decision-making that took place using the data
  9. Security measures you use when transferring data to a third part

Validation

Review each response for completeness and accuracy. You may decide to require review by legal counsel before sending the response to the requester.

Communication

Share the response securely and confidentially with the requester. Remember that you must respond within the timeframe defined by the applicable regulation which is 30 days of the request received.

The Challenge

The challenge, however, is finding the personal information you’re supposed to turn over. There’s been a massive growth in data collection and proliferation over the last decade, but organizations tend to pay little attention to data governance and management. Basically, data is everywhere, but most organizations don’t have it inventoried.

FileCloud Aurora – All About DRM Capabilities

Introduction

In November 2020, FileCloud released update 20.2 – a complete rehaul of our Sync, Mobile and browser UI and functionalities. We at FileCloud have been working on this for a very, very long time, and so we’re incredibly proud to present to you: FileCloud Aurora.

Today, we’re going to be covering one of the most important security functions that Aurora introduces: DRM Capabilities.

For a comprehensive overview of all of FileCloud Aurora’s new features, please visit our previous blog post Introducing FileCloud Aurora!.

Secure Document Viewer

If the new UI was the biggest change in terms of appearance, FileCloud Aurora’s new Digital Rights Management (DRM) capabilities are unquestionably the most significant change in terms of functionality. 

Your data security has always been FileCloud’s number one priority. We’ve got all the files you’re storing with us safe and sound, but what happens when you need to send out or distribute important documents, such as external contracts, reports, or training materials? Our new DRM solution ensures that nothing you send out gets used in a malicious or abusive manner, even after it’s left your system and entered others. 

Our secure document viewer helps you protect confidential files from unsolicited viewing with FileCloud’s restricted viewing mode. Show only selected parts of the document and hide the rest of it — or choose to reveal sections only as the user scrolls, minimizing the risk of over-the-shoulder compromisation.

For more details, read more about the FileCloud DRM solution here

Screenshot Protection

Utilize the Screenshot Protection feature to prevent recipients from taking screenshots of secure information and documents.

This is an option that can be selected when you create your DRM Document or Document Container, and prevents any recipients from taking screenshots of the document. Not only that, the recipient won’t be able to share screens or screen-record to share the documents either, nullifying any chance of your documents being distributed without your permission or consent.

Document Container 

Easily and securely export multiple documents in an encrypted document container (AES 256 encryption), and share it via FileCloud or third party emails. 

DRM Protection

Support for Multiple File Formats

Protect your Microsoft Office (Word, Powerpoint, Excel), PDF, and image (jpeg, png) files, and include multiple types of files in a single encrypted document container! FileCloud’s DRM solution doesn’t discriminate, ensuring all your most regularly used file, folder and document formats can all be easily handled by our containers and viewer. 

Anytime Restriction of Access to Your Files

Remove the risk of accidentally transmitting confidential files and enforce your policy controls even after distribution. You can revoke file access or change view options (screenshot protection, secure view and max account) anytime, via the FileCloud portal.

Thanks for Reading!

We at FileCloud thank you for being a part of our journey to creating the most revolutionary user interface and experience on the market. We’d love to know what you think about these changes. For full information about all these changes, release notes can be found on our website here

We hope that you’re as excited about these new changes as we are. Stay safe, and happy sharing, everyone!

Obstacles for Data Governance

Data Governance

 

With data being touted as the new oil, organizational data governance has gained a lot of importance in the digitized world. When the product launches to purchase decisions to even government campaigns are driven by data, it is understood why data is so important. Almost everything that people do is monitored in some way or the other; and data is being collected in some form. This data is being analyzed to gain insights into people’s behaviors and choices, in turn, driving a lot of decisions for most organizations for their products and services.

It is therefore imperative that every organization has a foolproof data governance policy in place. The decisions taken based on the insight gained from data will only help when the data based on which it was taken is reliable. However, there are instances when organizations have had to pay a heavy price, just because their data was unreliable or totally wrong; in simple terms, the data quality was bad. It is also possible, that the insight they sought, showed them a totally wrong picture because of the inherent inefficiency in the organization, storage, or collection of data. Thus, data quality or integrity of the data happens to be one of the most important obstacles that organizations face in data governance.

Data Quality

It is not just important to have a good data governance policy in place; it is equally important to make sure that the policy ensures that the data is reliable and correct in all aspects and its quality maintained throughout. Else, the decisions may turn out to be costly. A Gartner research had pegged ‘poor data quality to be responsible for an average of $15 million per year in losses’. This figure tells a story of its own, about why it is important to pay attention to data quality. Another insight from Gartner as far back as 2007, mentioned that ‘More than 25 Percent of Critical Data in the World’s Top Companies is Flawed’. An IBM report has pegged the cost of poor quality data for US companies alone at $3.1 Trillion per year.

There is another hugely worrying statistic that should shake up the data governance policymakers. A Harvard Business Review study published on the topic mentioned that only 3% of the companies’ data met basic quality standards. The article also stated that on average, 47% of the newly created data records had at least one critical error. So, one can only imagine the implications of the decisions driven by such unreliable and erroneous data.

Interestingly, statistics also show that many organizations only have a data governance policy on paper. At times nothing, and in most cases, not everything gets implemented. This is also equally bad as it means that the organization is not serious about the data and the insights to be gained from it. Ignoring data governance is also equally as bad as having bad quality data. So, it is important to get these data governance aspects right for organizations to make the best use of data to ensure business growth, customer delight, and loyalty, and stay ahead of your competitors. On the flip side, when data quality was ignored, organizations have lost out on reputation, opportunities, and of course, have taken big dents in their finance as well.

Data Silos

Another hindrance in data governance, are the data silos that exist within organizations. These data silos result in data duplication and also impact the insights gained out of it. Data silos result in a situation wherein, data exists in some form in some unit/department of the organization, but it is unknown and unavailable to others in the organization. This can hugely impact and cloud the decisions taken within the organization and makes data governance ineffective.

The reasons for data silos are multiple like cultural, ignorance or oversight, technical, etc. However, the impact of not having a single data source within the organization that is equally accessible to all results in a lack of 360-degree view that is important to analyze the same. Duplication may not create confusion, rework or productivity loss, and lack of revenue, but also affect the overall data governance and decisions driven by the policy.

Data Transparency

Data transparency is as important as data integrity and it is a must for all stakeholders to know where and how the data they handle, comes from. Transparency of data also improves collaboration and visibility within the organization. The lack of transparency in data may be due to data ownership issues which result in the creation of data silos, which creates other issues. It also means that data analysis also does not happen within the silos, as decisions based on such flawed insights would prove disastrous.

Handling data transparency issues within an organization come under effective data management. They would have to work out policies that allow the sharing of data without security and compliance being compromised upon. Data would have to be treated as an important asset of the organization that needs a central approach from the top. Many organizations have evolved roles like a Chief Information Officer or a Chief Data Officer to cater to such needs. How these roles evolve a 360-degree strategy that takes all aspects of data management into consideration in arriving at their strategies and also ensure foolproof implementation, is what would decide the way forward.

There is also a host of data management or data transparency tools available that organizations can put to good use. However, the tools by themselves may not fully resolve the problem. Awareness about data management needs to be created among the data users and owners alike.

The Future

Data governance is here to stay; however, a lot of statistics around the same does paint a grim picture of its mismanagement. Many issues contribute to the current sorry state of affairs including:

  • Lack of awareness and understanding
  • Oversight
  • Failure to link the organizational business goals to data governance
  • Inability to adopt best practices and right methodologies

But, it is obvious that organizations have realized the power of effective data mismanagement and they have lots of examples to go by. The role of a data officer is now being given the same importance as that of a financial officer. Data is being treated as a valuable asset and is getting its due; when data is given its rightful place, it starts giving results. Consistent results can be achieved based on right and timely insights.

It can be seen and felt across the organization, from the top to the bottom. It can be felt by the employees as well as the customers, and it can be seen in the reputation of the organization and the rise in its value in the eyes of all the stakeholders.

What is Geo-fencing? And How Does it Play a Role in Data Privacy?

GeoFencing

 

Geo-fencing is a new term in the digital marketing space that puts the location of the devices to work for the provision of services. The services could be push messages and notifications that a user gets when the device enters a virtual boundary, known as geo-fence. These virtual fences are set up around certain stores, stadiums, event spaces, malls, and so on.

When a user enters this space with a GPS or an RFID enabled device, it triggers an action that results in the user getting some specific promotions about the particular event or store. Certain apps and software interact with the geo-fence that is set up in the area when the device is connected to GPS, cellular data, RFID, or Wi-Fi. This results in the user getting geo-fence specific messages, which is a useful tool for marketers to promote their products and services timely. Perhaps, the user while entering the space, may not have known about a new product or a promotion, etc.

Applications

The applications of geofencing go much beyond the mere marketing push notifications. Its potential is huge and almost all industries are exploring the endless possibilities that it offers. For example, businesses with huge fleets use it to track the movement of their vehicles; the cattle industry also uses it for the same purpose. Field employees are also tracked in a similar way by certain organizations, for automatically logging time.

Similarly, pets and toddlers could also be tracked for their movement. There are instances of authorities using geofencing to track peoples’ movement when they are in COVID-19 quarantine or for lockdown violations. Geo-fences are set up around important spots like airports, or important buildings as well. This helps monitor the movement, including that of drones in the area. So, geofencing does also play a role in security to track unwanted movement within a geo-fence.

Social networking apps use geo-fencing for location-based filters, stickers, and more; prominently, Snapchat is a very good example of this. Also, in Flickr, you can limit your photo sharing with people in a certain locale only. In-store promotions and audience engagement at events are other good examples of its use. Many of the smart home appliances can also be programmed to send you reminders based on geo-fencing.

Geo-fences are used to track movement in parking spaces to understand the availability of spaces. Certain auto brands even allow you to set up geo-fences around your parked vehicle, so you get a notification if it moves out of the same. Certain people are also using it to send messages to target customers entering their competitor spaces to try and lure them. Some marketers are also offering banner ads based on geo-fencing. Most importantly, a geo-fence sending out alerts about a possible hacker in a network can be used as part of the multi-factor authentication system of an organization’s cybersecurity strategy.

Role in Data Privacy

However, there are concerns raised about data privacy in the use of geo-fencing. When you track users in a specific fence, you are collecting information about them which they may not otherwise be wanting to share. In a world where social profiles are built using digital identities, this could be dangerous. For example, a user may not want people to know why he visited a certain clinic, a religious place, a club, or an event. These could be individual preferences, which were meant to be kept private, but, the geo-fence would have collected information about this.

The legal aspect of the use of geo-fence depends on the privacy laws of the land. In Europe, user consent is a must before this service can be activated. Once specific permission is obtained, then the location-specific data being collected will come under the ambit of the GDPR, which is meant to protect the privacy of the users. Unless all the personally identifiable information is masked by the device ID and the IP addresses that are being collected, it will be treated as a violation. This is because, Personally Identifiable Information (PII) also pertains to IP targeting, email targeting, and phone number detection under the GDPR.

Even the CCPA follows these ethics for its privacy laws applicable in the state of California. And it is expected that companies across the US will be affected by the CCPA, to give consumers new rights and protection almost equal to GDPR and that includes geofencing as well.

There is also the concern that geo-fencing may cause an overdose of unwanted notifications which is a disturbance for an individual. An individual may walk into a coffee shop at the end of a morning walk every day and be bombarded with offers. Or, one may just be passing by a shop with a geo-fence and get messages as a result. This can prove to be quite annoying and may even, ultimately put the customer off. There have been a few cases in the US wherein advertising firms have had to deal with legal cases as a result of their geofencing ads. Especially when the information collected is around health care, children, religious preferences, etc., which come under sensitive personal information, the privacy concerns around geo-fencing takes on a serious turn.

Interestingly, even the banking industry is exploring options with geo-fencing to provide improved customer experiences and fraud detection. People walking into a branch are provided inputs on customized services and offers for them to be able to make better choices. Some banks have enabled their ATMs with geo-fencing, so customers are provided with information about the nearest ATM.

Personal Choices

However, apart from the local privacy laws, individuals can control the information collected by the geofencing apps. If GPS is turned off, then geofencing cannot function, and hence, an individual’s privacy is fully protected. Some of the geofencing marketing happens with the help of the specific apps of stores, dealers, etc.

If an individual chooses not to download these apps, or check the settings in the app to opt-out of the geofencing services, then the location-specific inputs and data collection can be avoided. VPNs can be used to mask IP addresses so that no Personally Identifiable Information can be collected by the geo-fences.

Choose the Right Data Governance Tool for Your Enterprise

 

After the GDPR, data governance is everybody’s job. It’s not just the responsibility of database admins, corporate counsel, or Senior Management. Part of the change that data protection policies are intended to bring about is personal accountability and responsibilities for protecting your own and everyone else’s data in your workplace. So that means customer service representatives, clinicians, software engineers, truck drivers, are all liable for the careful stewardship of employee, patient, and customer data.

Why Data Governance Matter?

When developing systems, governance is largely about analyzing the data and requirements to determine the rules for data handling, security, syntax, and definitions. The foundational work for governance and data quality management needs to be done when developing systems to maximize data quality. To a large degree, the controls and functional parameters determine the level of quality that can be maintained over the life of the system. For example, whenever possible, structured lists should be used for data that will be used for analysis after the system is deployed so you don’t want those fields to be developed as free-form text fields because that would open the door for bad data to enter the data pool for analysis. In some cases, it is unavoidable because some information has to be collected as free-form data so when that is the case, you want controls in place that minimize the potential for bad data.

Data is becoming the core corporate asset that will determine the success of your business. You can only exploit your data assets and do a successful digital transformation if you are able to govern your data. This means that it is imperative to deploy a data governance framework that fits your organization and your future business objectives and business models. That framework must control the data standards needed for this journey and delegate the required roles and responsibilities within your organization and in relation to the business ecosystem where your company operates.

A well-managed data governance framework will underpin the business transformation toward operating on a digital platform at many levels within an organization:

  • Management: For top-management, this will ensure the oversight of corporate data assets, their value, and their impact on the changing business operations and market opportunities
  • Finance: For finance, this will safeguard consistent and accurate reporting
  • Sales: For sales and marketing this will enable trustworthy insight into customer preferences and behavior
  • Procurement: For procurement and supply chain management this will fortify cost reduction and operational efficiency initiatives based on exploiting data and business ecosystem collaboration
  • Production: For production, this will be essential in deploying automation
  • Legal: For legal and compliance this will be the only way to meet increasing regulation requirements

 

Data Governance Operating Model

The Data Governance Operating Model implements a data strategy (i.e., why govern data?) by establishing the foundation for all your data stewardship and data management activities.

It can be subdivided into three categories each addressing a key design question.

  1. The asset model, which deals with how an organization structures its data assets, ranging from the physical layer of systems and data structures through to the logical and business layers where everything comes together in terms of the relations between the various assets and how they are used by the Business. This covers the What and Where of data governance.
  2. The stewardship model, which allows an organization to understand existing ownership of data, identify gaps, assign and monitor roles and responsibilities for its data assets, start from individuals or teams and identify the data assets they work with/produce and simultaneously start from data assets and have a clear view of ownership. This covers the Who of data governance.
  3. The execution model, which deals with how organizations orchestrate the collaboration between their different parts, particularly with regards to how knowledge about data is gathered, how data is understood, and if/when it can be trusted. This last component is critical to governance and cannot exist without the previous two being in place. This covers the How, When, and Why of data governance.

 

Capabilities to Look For in Data Governance Tools

  • Data Classification – Different types of collected data would fall in varying levels of importance. Hence it is essential to classify and categorize that data as early in the chain as possible. Data classifying is a crucial first step towards establishing good data governance.
  • Data Lineage – Data lineage is about understanding how and where the data has originated and its processing logic and destination. It gives visibility and also helps in tracing errors back to the root cause in a typical BI process. The data lineage is vital to create trust in the data.
  • Data Storage and Security – You must then capture legal requirements, compliance requirements, and company policies on data privacy and security. Strong data governance must include data backups. You must understand the schedules and recovery processes. Governance will require a good understanding of the exact number of copies of data, how long they are meant to be kept, and who has access to them.
  • Data Ownership and Stewardship – Data ownership is not about holding the data but about providing it’s access to other business units so that they can also benefit from it. Data stewardship is about managing the data quality in terms of accessibility, accuracy, completeness, consistency, and updating.

 

Conclusion

When data issues occur, doing root cause analysis is again needed to assess the source of the problem and identify a logical solution. More than ever, data governance is vital for companies to remain responsive. It is also important to open up new and innovative fields of business, for example by big data analyses, which do not permit the persistence of backward thinking and overhauled structures.

 

 

Geo-Fencing in Data Governance and It’s Possible Uses

 

What is Geo-Fencing?

A Geo-fence is a feature that defines a virtual boundary around a real-world geographic area. Every time the user enters or exits the boundary of a particular area, actions are often triggered during a location-enabled device. Usually, the user will receive a notification with certain information that supported its location in real-time.
The main advantage of this technology is that it creates a fusion between the virtual world and the real one. We make use of Geofencing in several projects, particularly within the health industry.

Geofencing notifies your app when its device enters or leaves the countries. It allows you to make cool apps that will trigger a notification whenever you allow home or greet users with the newest and greatest deals whenever favorite shops are nearby.

Applications of Geo-Fencing

Geo-fencing has multiple use cases and if implemented aptly, can positively impact business operations.

Defence, Research & Finance

By assigning geo-fences to devices deployed in finance, defense, or research, IT can ensure that the device is non-operational outside of the designated geo-fence. Using an MDM tool IT can define multiple geofences for various areas of operation and can make the device obsolete outside of the geo-fences. Every time the device enters or leaves the geofence, it’s notified and that they can track the situation of the device and check for compliance violations if any. This ensures that critical data on the device is secure at all times and cannot be accessed outside of designated premises.

Delivery Executives

Assigning particular areas to particular delivery executives. By assigning geo-fences to delivery executives, optimum efficiency is often achieved by avoiding multiple delivery executives being assigned to equivalent geographical areas.

Schools

More and more schools are implementing e-learning to enhance the training experience for college kids. Setting geofences on devices owned by the school eliminates the threat of students taking the device home and misusing it for any other purpose. Geo-fences ensure device security also as enforces intended usage.

Remote / Travelling Employees

IT can enforce multiple device policies for various geo-fences. These device policies include WiFi configurations and other settings specific to office location. This facilitates the workers to plug and work from multiple office locations without expecting IT support.

Fleet Management

In logistics and transport, devices with geo-fence can help track the situation of vehicles in the least times. This ensures timely support in case of a breakdown as well as device and vehicle security. Geofencing is used to assist the algorithm in performing decisions to reroute cargo when detours or slowdowns arise.

Geo-Fencing and Data Governance

Let’s dive deeper, and differentiate between geo-location and geo-fencing. Because geo-location uses your IP it can be easily spoofed or fooled and is not geographically accurate. However, geo-fencing is predicated on GPS coordinates from satellites tracking latitude and longitude.

While GPS can be spoofed it requires loads of expensive scientific equipment and certain features to validate the signal. Using geo-coordinates enables new sets of policies and controls to make sure security and enforce seamless verification.

Geofencing is often used as a tool to defend also to support risk management. By using it as a source of data collection, decisions are often implemented to notify and manage the danger of devices entering and leaving a specified geographic area. Geofencing can provide data that falls into Personally Identifiable Information (PII) which should make it regulated under most privacy laws.

Geofencing and location tracking can be utilized to help identify risk to an organization. By tracking and understanding the physical patterns of devices coming and going from an organization, a risk profile can be established. Questioning why and when it is appropriate for a work device to leave company property or personal devices to be brought in, is one concept. It could prevent lost/stolen work devices and discourage unsecured personal devices from being introduced to the network.

A geofence could be set to alert administrators to strange devices that have crossed into a virtual barrier. It also can alert administrators when devices that ought to never leave the premises have crossed the barrier. Although this has not prevented the intrusion, it may alert the organization of an imminent threat, giving them a head start in the race.

Any collection of data is at risk. As an administrator, the risk of this data getting into the wrong hands must weigh with the benefits of trend analysis and the intelligence that can come from it. At this time, most functionalities require this to be on an application with preauthorized approval on the device, however, this can change. If a “master key” could be created to fit any application and allow administrators to take over control of devices in secured locations. Administrators could see what trespassers are seeing, pack up cameras and audio to stop information leaks

GeoFencing in FileCloud

Geopolitics and government cost-cutting combined have added urgency to moving files and sharing them in the cloud: cost-cutting because the cloud is perceived to be cheaper than on-premises, and geopolitics because greater scrutiny of where files are located and who they are shared with is accelerating the need to geofence data.

With FileCloud Online, you get the complete flexibility and choice to decide where your organization’s data is stored. FileCloud Online is hosted in secure, world-class data centers in the US, EU, Canada, Australia, and Asia. You can select a region that is right for your business. FileCloud also enables administrators to discover and manage sensitive data. DPOs and administrators can now search for common data types using built-in pattern identifiers including e-mail addresses, and phone numbers

Conclusion

The is no standardized global law for cybersecurity and privacy. The European Union (EU) has stricter encompassing privacy policies than those in the United States (US). According to IT Governance, “unlike the European Union, the US has no single federal law that regulates information security, cybersecurity, and privacy throughout the country. Several states have their own cybersecurity laws additionally to data breach notification laws. These areas are currently regulated by a patchwork of industry-specific federal laws and state legislation, with varying scope and jurisdiction. Geofencing is emerging as a tool offered to perform tasks, instead of just notifying administrators. Current privacy policies and laws are insufficient when the scope of geofencing is applied to current methodologies. Geofencing must be regulated in a fashion that ensures data collected is important and relevant, which the info is kept safe from potential threats