The FileOpen team is excited to announce our third webinar in a monthly series: "Is BYOD the weak link in your document security strategy?". Join us on Tuesday, November 19 at 10:00 am Pacific/1:00 pm Eastern to see why leading corporations choose FileOpen to secure their documents in the era of BYOD.
Managing the BYOD (Bring Your Own Device) phenomenon can be challenging, but with the right security policies and technology, you can strike the right balance between enabling mobility and security.
Discover how organizations in your industry use FileOpen DRM to:
- Support corporate “bring your own device” (BYOD) initiatives
- Authenticate users and protect documents on PCs, Mac OSx, iPad, iPhone, and Android
- Securely share documents by email or via the cloud (e.g. Dropbox)
- Expire or revoke document access at any time — even after delivery
- Keep users happy with a hassle free user experience
- Track when and where your documents are being viewed, and for how long
Have a question you would like us to answer during the presentation? Ask below!
We are pleased to announce that the FileOpen Viewer for Android is now freely available in Google Play. The new FileOpen Viewer app will enable licensees of FileOpen’s suite of DRM solutions to share documents securely with end-users on Android devices such as the Google Nexus, Motorola Droid X, and Samsung Galaxy; in addition to Apple iOS devices such as the iPad and iPhone. We will continue to support users on Windows 7, 8, Vista, XP; and Mac OSX, 10.5 or later.
Leveraging FileOpen’s core document security technology, the new FileOpen Viewer for Android not only protects files from unauthorized sharing, but also enforces granular access controls such as document expiration, saving of local copies, and the imposition of user-specific watermarks. The app operates in essentially the same way as the FileOpen plug-in for Acrobat/Reader, authenticating each open and print command with the publisher’s server. When permission is granted, the FileOpen Viewer for Android displays the document, which can then be used according to the permissions set by the publisher.
Documents accessed by the FileOpen Viewer for Android are encrypted with industry-standard 256-bit AES encryption, and cannot be opened by users without explicit permission from the publisher’s server. Authentication may be linked to a session login to the publisher’s server or device registration, which can be emailed to the user.
This expansion of FileOpen's product line advances our mission of enabling secure document distribution to the broadest possible range of devices and platforms, maximizing security for our customers while reducing end-user hassles and tech support issues. For more information please read the full press release or check out the FileOpen Viewer for Android Web page.
BYOD (“Bring Your Own Device”) has invaded the workplace, whether sanctioned or supported by your IT department, and is clearly here to stay. According to a study by iPass and MobileIron, 81 percent of companies now allow employees to bring and use their own devices. What company wouldn’t want reduced hardware and subscription costs, with the promise of increased employee efficiency and productivity? Studies show mobile-equipped employees tend to work more hours each week than non-mobile-equipped employees. Employees also prefer to use their personal device over a corporate-issued device. The challenge is to accommodate the reality of BYOD without foregoing data security or introducing chaos to your IT systems.
Here at FileOpen, we work with thousands of customers delivering documents securely to millions of users worldwide. We have found the most successful implementations of a BYOD strategy are accomplished by businesses that are as progressive as their users and agile in their efforts to provide a flexible yet secure work environment. In this post we’ve pulled together a summary of the key components of their successful implementations.
Build a comprehensive BYOD policy
BYOD or mobile device security policies vary by industry as well as within specific verticals. Common goals are to make sure BYOD is aligned with the company’s current strategy, retaining employees by supporting flexibility, and offsetting equipment costs. While keeping these goals in mind, define the types of data that should be accessible and the risks that accessibility may pose. A few considerations:
Allowable devices: Minimum requirements and level of support by device
Allowable activities: Access to the corporate network, corporate data and Web applications
Legal & HR considerations: Clear lines of demarcation between corporate and employee data and liability
Employer controls: Agreements giving the company authority to implement controls, such as encryption, access controls, monitoring and the “right to wipe”
Educate employees about the risks of BYOD
The most important next step is education; which includes explaining to each employee how BYOD would work for them and what potential risks could be to the organization as a result of their behavior. If employees understand that the policy is not only designed to protect corporate data but their personal information as well, they are more likely to adhere to corporate controls.
Get the right file protection technology
It goes without saying that a company that engages in the BYOD approach without ramping up its protective measures is putting its security in jeopardy. The devices are easily replaceable, but what they contain is not. That’s why successful businesses implement technology that focuses on securing the data at the source rather than the endpoint, ensuring the safety of data regardless of its location. For document specific protection, our customers appreciate that our FileOpen solutions directly embed access rules into documents, which are enforced by whichever device and viewer the user happens to be on. Using the FileOpen RightsManager dashboard, they can quickly and easily make changes to access policies, even after the user has downloaded the files.
Monitor and track usage
Essential to any BYOD security framework is the ability to monitor and track usage across all devices. Most organizations do not track data effectively and hope their employees strictly follow policy. Companies should consider the use of a content security tool that comes equipped with monitoring features to detect abnormal usage and provide a level of accountability. For instance, if an employee loses a device with sensitive information and doesn’t report it to IT for a week, the IT team can analyze if any documents had been viewed in the interim, and immediately revoke access.
BYOD is here to stay…
At the end of the day, BYOD is a net positive for organizations as it promotes more responsiveness, more accessibility for workers, and higher worker satisfaction. Whichever strategy you adopt for dealing with BYOD, the key is to secure your sensitive data while still providing the end user the freedom and flexibility to use devices to enhance their productivity.
For more from FileOpen see our whitepapers and register for our upcoming webinar, covering document security for BYOD strategies on November 19, 2013.
In our last post, Minimizing Insider Threats: The Rogue Employee, we looked at how organizations can implement effective security measures to thwart a determined effort to leak private information. But insider threats are not limited to employee sabotage. With the accidental click of a button, a well-intentioned employee can cause a disaster of rogue-employee proportions. One may argue that there’s a fine line between deliberate data loss and unintentional data loss. Even if we’re all prone to making mistakes, isn’t it the responsibility of IT administrators to prevent an accidental leak of data that easily could have been prevented with the proper safeguards?
Accidental data loss has the potential to divulge trade secrets and intellectual property, strain client relationships, and ultimately compromise your revenue. So what’s a CIO to do? To minimize the risk of an unwitting disclosure, let’s identify and remedy four common threats:
1. Outgoing Email With Wrong Recipient – Encrypt, encrypt, encrypt. Last September we witnessed the calamity an accidental data loss can bring when the Georgia Department of Labor accidentally emailed the Social Security numbers of more than 4,000 individuals. Labor officials later requested the 1,000 email recipients “please delete the email and attachment immediately.” It can happen to the best of us. Implementing a DRM solution, like FileOpen RightsManager, assures that only authorized users can view a document. FileOpen's RightsManager is closely integrated with Microsoft Outlook so you can email documents securely and know they can't be forwarded or shared. Store your sensitive information in secure documents in lieu of email bodies and spare yourself the “please delete” email.
2. BYOC (Bring your own cloud) – Share files securely. According to a new survey from Usamp, 41% of employees admit to using unsanctioned services like Dropbox, Box and Google Docs on mobile devices to share files. The estimated annual cost to remedy the data loss is about $1.8 billion. Once documents are encrypted, prevent or circumscribe document sharing with permission policies that preclude forwarding, expire access, and monitor document access. Need to remotely access documents outside of the LAN? With a secure file hosting service like FileOpen Viewer, you can still use Dropbox and Box to host your documents, but be certain that only users you specify can view them.
3. Unfettered document access – Control printing and enforce a machine limit. As discussed in our first installment of Minimizing Insider Threats, enforcing a “need to know” policy is imperative in preventing an internal data breach. Once employees are limited to the least number of documents required to do their job, enforce a “need to print” policy. Printing sensitive documents opens a world of vulnerabilities, since unauthorized copies can’t be tracked. Minimize these threats by controlling who can print which documents, and how many times - if any at all. Applying watermarks can ensure the traceability of sensitive documents by overlaying key metadata, such as the username, date, time, and location of printing, to any printed copies. Also, on how many machines does employee X need to access document Y? Her office workstation only? Multiple machines around the office? To prevent an employee from accessing sensitive information on unsecure networks, enforce a machine limit and ensure that she may only access the document from a specified number of machines.
4. BYOD – Instantly Revoke Access. BYOD is here to stay. According to a recent Gartner study, by 2017 half of employers will require employees to use their own devices for work. The convenience of BYOD also brings the concomitant risk of physical data loss. So how can we assure data security on a device that we’ve lost? Simply applying passwords to documents is not a scalable solution for BYOD. Using a comprehensive DRM solution that supports iOS and Android, you can link all of a user’s devices to their company login. If one of their devices is lost or stolen, the IT admin can instantly revoke all document access specifically for that device.
Encrypt, share files securely, control access, and revoke access. Share these tips and let’s help our IT admins get a better night’s sleep. Also, check out our whitepapers and demonstration documents to discover how FileOpen DRM can help you realize your security objectives.
The FileOpen team is excited to announce our second webinar in a monthly series: "Share files
securely – anytime, anywhere". Join us on Tuesday, October 15 at 9:00 am Pacific/12 Noon Eastern to see why leading corporations choose FileOpen to secure their documents.
We’ve all heard it — another day, another data breach. The need to share information securely across boundaries has never been greater, and a robust security program has proved to be a distinguishing factor among market leaders.
Discover how organizations in your industry use FileOpen DRM to:
- Control printing, apply watermarks and edit/revoke access at any time
- View protected documents without client plug-ins
- Support document delivery to PCs, iPad, iPhone, and Android, BYOD...instantly
- Send documents by email or host in the cloud (e.g. Dropbox)
- Track when and where documents are being viewed, and for how long
Have a question you would like us to answer during the presentation? Ask below!
No company wants to believe they may have a rogue employee on their payroll. However, Eric Snowden's leaking of top-secret NSA documents has raised awareness of internal threats in organizations worldwide. It’s not easy to detect an insider threat, and it’s nearly impossible to stop a determined rogue employee. Companies can however enforce effective security controls to minimize such threats.
The more recent in-house breaches at Vodafone and Holy Cross Hospital are a testament to the flaws of many internal security systems. Merely passing compliance requirements isn’t helping IT professionals sleep any better at night, and even the strongest firewall won’t prevent a legitimate employee from sharing documents outside of the organization.
So what are the common security mistakes that could enable a rogue employee in your organization?
- Overly-generous document access policies. Too often we see companies offer their employees unnecessarily privileged access to sensitive documents and data. And with greater access comes greater risk, of course. Enforcing a “need to know” policy, in which employees are limited to the least number of documents required to do their job, can great reduce the threat of an insider breach. Pinpoint which documents are in most need of protection, then limit access.
- Decentralized storage of sensitive documents. Organizations may minimize the amount of access an employee has to sensitive information by following the vault paradigm of document security. Offer employees the option to request document access and require a reason for access.
- Allowing legacy access to documents. In the wake of the NSA scandal, we are seeing organizations adopt DRM solutions that enable administrators to revoke user access to a document anytime, anywhere. Using FileOpen’s RightsManager solution, for example, if an employee no longer needs access to a particular document to effectively do her job, system administrators may simply revoke her access to said document. If she later requests access to the document, but her task only requires limited access, system administrators can enforce a policy that limits her access to select portions of the document.
- Allowing unfettered access on take-home devices (BYOD). With the profusion of tablets and smartphones comes the heightened risk of employees using company documents on their personal devices. To manage such activities, administrators should enforce a machine limit on more sensitive documents. For example, FileOpen RightsManager enables setting a machine limit of “1” to ensure that an employee may only access the document from her office workstation.
- Trusting high-level employees with too much. Limiting document access to lower-level employees is important, but what about executives? Granting exceptions for higher-level employees can put companies at risk. According to a 2013 Data Protection Trends Research study, among companies with secure programs in place, 24% allow exceptions for executive-level employees. This poses an especially dangerous threat as executive-level employees are often granted access to the most sensitive information at a firm. Realizing impregnable document security requires you enforce a “need to know” policy across the board. Limit the number of documents to which your “superusers” have access, and consistently monitor their access. Snowden, of course, was a system admin who was permitted access to an NSA file sharing location on the NSA intranet to transfer sensitive information. Enacting a “two-person” rule to accessing highly sensitive documents can further thwart lone-wolves. Additionally, before a system administrator is handed the keys to the kingdom, be sure to conduct a thorough background check.
- Failing to monitor document usage. No security program is bulletproof without a system of quickly identifying and containing a data breach. Applying a document monitoring solution (track number of times opened, location of access, etc) can help your IT department quickly identify and stop any unusual activities. Document tracking is highly effective in identifying both rogue employees and former employees. For instance, after an employee leaves your company, your legal department will be empowered to request a list of documents the employee accessed to more effectively monitor any leaked trade secrets to a competitor. Stay tuned for the official release announcement of FileOpen’s document tracking solution.
Encrypt, limit access, monitor access, educate, and iterate. Reaching the promised land of security doesn’t need to be elusive. Stay tuned for our second installment: “Minimize Insider Threats: The Unwitting Disclosure.” Also, check out our whitepapers and register for our live demo on October 15th, 2013 to discover how FileOpen DRM can help you realize your security objectives.
This month we’ve been talking to some of our most valued customers—publishers of financial research, market research, or any research that’s valuable enough that readers are willing to pay for it. We love our research customers because they tell us exactly what they need out of a document security system, and constantly push us toward making our products work more simply and interchangeably with the systems they’re already using to manage subscriptions and deliver documents.
But why do research publishers love FileOpen? Mark Roberts, CEO of the hedge fund report Off Wall Street, says,“We need to deliver our research securely without any hassle for our clients, and ensure that only our clients can access it. Using FileOpen DRM makes the process painless for us and our clients.”
Mark makes a point that we have heard time and time again from research publishers—that any document security scheme has to be as easy as possible for their staff to implement (some research firms have no IT staff at all) and crucially, easy for their paying end-users to authenticate through. If the security makes it hard for subscribers to access content they’ve paid for, it’s not worth doing at all. Research publishers want to spend time producing quality research, not providing tech support to frustrated end-users.
Fred Hickey, who publishes the popular investment newsletter The High-Tech Strategist, drives the point home: “We can send our research out confident that those who have paid for it can have quick and easy access, and those who haven’t paid for it get no access at all.”
Ultimately, when research publishers choose a DRM system, they are buying the peace-of-mind that comes with knowing they are being paid fairly for their work, without alienating their loyal subscriber base with annoying security hurdles.
Our research customers help keep us focused on eliminating such hurdles, and are behind some of our most exciting new features:
- zero-install (no plug-ins!) secure document display in any web browser running Flash
- document usage tracking with universal access (anyone can view/share but publisher is notified of every open/print event)
- portable access from multiple devices, including iPhone/iPad, with support for offline access
- support for cloud-based document serving including Dropbox
To see these new features in action, join us for a live webcast on Tuesday, August 13th at 12 noon Pacific/3pm Eastern: “Protecting Research Revenue with FileOpen DRM.”
We are pleased to announce our first webcast in a monthly series which will show how FileOpen's solutions are used to solve real problems in specific markets. To kick off the series, we're going to showcase our research publishing customers, show how they are using FileOpen DRM, and reveal the latest developments that make FileOpen a "killer app" for high-value research publishing.
If you publish proprietary research and want to learn how to protect it without turning off your subscribers, you won't want to miss this webcast. Join us on Tuesday, August 13 at 12 noon Pacific (3pm Eastern).
We'll be showing attendees how to:
Share documents securely on PCs, iPad, iPhone, and Android, BYOD...anywhere
Provide seamless user access without client plug-ins or installations
Send documents by email or host in the cloud (e.g. Dropbox)
Track when and where your documents are being viewed, and for how long
Control printing, apply watermarks and un-share your documents at any time
Our senior product managers and engineers will be on hand to answer all your questions.
Question: which market segment would you like us to focus on in our next webcast?
We have released an updated FileOpen Plug-in for Adobe Acrobat and Reader for Windows, Build 0928. This new client implements support for the latest Adobe Acrobat/Reader on Windows. Specific improvements include:
- Modifications to enable multi-user operation on Citrix XenApp and MS Terminal Server and other thin-client systems from within Adobe Reader X/XI “protected mode”.
- Modifications to enable proxy authentication from within Adobe Reader X/XI “protected mode”.
- Modifications to the installer package to more effectively replace previously installed versions of the FileOpen Client.
- New watermark templates and support for watermark rotation.
- Enhancement to the Communications Encryption layer.
This update replaces the Windows 0926 release from March 2013.
FileOpen Client 0928 is backward-compatible to Adobe Reader/Acrobat 7. While not always necessary, we encourage users to uninstall previous versions of the FileOpen Plug-in prior to installing the latest.
We have released an updated FileOpen plug-in for Adobe Acrobat and Reader (MAC), Build 0926. This new Client implements support for the latest Adobe Acrobat/Reader on Mac OSX. Specific improvements include:
- New Installer technology
- Support for Acrobat/Reader XI
- Addition of Dynamic Watermarking
- Bug fixes affecting Offline Permission and assorted other features
This update replaces the 0876 release from July 2011.
While not always necessary, we encourage users to uninstall previous versions of the FileOpen Plug-in prior to installing the latest. FileOpen Client 0926 for Macintosh is backward compatible to Reader 7 and OS X 10.6. Users with OS X 10.5 or lower must use the 0876 version.