WHITE PAPER

IT managers have long suspected: users, as they naturally go about trying

(52%)1

security policy.

IT too often is portrayed as the security heavy, forced to try to halt such

security. Feeling these steps hinder their productivity, users go to great lengths to avoid or circumvent even the most reasonable security measures,

It is hard to blame the users; they are just trying to get their jobs done as

people fail to comply. What more can IT do?

The solution is to provide security without making it difficult for users to do their jobs. For example, if IT can offer easy group collaboration within a transparently secure setting, or eliminate the need for users to send sensitive documents by email, users can be as productive as ever, or even more so. And since the environment is inherently secure, users are following bestsecurity practices without even knowing it.

In the paper that follows, you will find five ways IT can facilitate user productivity while automatically ensuring safe security practices. In each case, users areunhindered by security procedures, yet their work is conducted in atransparently secure environment. Even better, the environment actually streamlines processes and improves efficiency, leading users to make it their preferred work environment.

Security Policy:Security Policy:Security Policy:Security Policy:Five Keys to UserFive Keys to UserFive Keys to UserFive Keys to UserComplianceComplianceComplianceCompliance

EXECUTIVE SUMMARY

Business users are a key part of a company’s security, and even the most conscientious employees can introduce serious breaches of security policy. IT can do everything in its power to secure the company’sconfidential documents — provide first-class security infrastructure, develop reasonable security policies and engage in extensive communication and training — yet still people fail to comply. The solution is to provide security that helps people do their jobs more efficiently, thereby inducing users to follow best security practices without even knowing it.

1

Evade and Ignore Security, Ponemon Institute, June 10, 2009

In some cases, such as those involving negotiations [see #3 below], the secure environment actually gives workers a distinct advantage.And as people experience the advantages of working within such an environment, advantages like increased efficiency or negotiation leverage, they readily return to make use of these advantages. Suddenly, IT no longer needs to force compliance with document security procedures. Users willingly comply, often without even realizing it.

The following table illustrates unsafe behaviors resulting from human factors that can be reduced or eliminated through a transparently secure environment, which also makes work easier or more efficient for the users.In all the cases above, security is built into the online environment

of a security issue.

White Paper – Security Policy

Business Practice Mitigation Strategy

People often use email where delivery isn’t assured or can be intercepted

Easy to accidentally send to the wrong person with a similar name

A central document repository eliminates the need to send unsecured emails

No need for multiple versions distributed among group members

Unauthorized forwarding ofdocuments

Never sure who has seen the material

Put usage restrictions on documents:disable printing or forwarding

Share large files

Ensure all have the most recent version

Track receipt and viewing

Accelerate workflow

Difficult to prevent documents frombeing leaked to unauthorized parties

Difficult to gauge interest level

Due diligence documentation in thesecure environment is protected

Able to see which bidders have read the documentation most thoroughly

Safe, convenient remote access to centrally stored and secured files

No need to copy files to USB or synch to laptop

Documents are at risk during distribution by email or as paper documents via delivery services

No effective decision-making structuresoutside of scheduled meetings

Users take files home or with them on a USB, running the risk of loss of the USB and its contents

May require use of a cumbersome VPN

Need to continually synch systems

2 Project collaboration with vendors, contractors, offsite employees

3 Confidential bidding and negotiation

4 Traveling or multi-location workers

1 Group collaboration on doc-uments, presentations, analysis

Secure access to all documents

Enables confidential online voting

Eliminates risk and expense of courier services

5 Boardroom minutes /Sensitive communications

The business advantages of a transparently secure work space quickly become clear:

Increased productivity through easy group collaboration that removes versionmanagement hassles

Improved security and productivity through the elimination of email mix ups andcrossed, delayed, and lost messages, which not only reduces business risk but also cuts down the amount of email flooding into users’ mailboxes that must be managed

Improved communication in collaboration and bidding processes through theidentification of which documents have been accessed and by whom, spotlighting the most interested parties and pinpointing uncompleted tasks

Increased mobile efficiency by avoiding the tedious chore of synching documentsbetween desktop, laptops, and mobile devices when traveling since all the data is available via the Internet anytime in the secure work space

Improved governance efficiency by creating an audit trail of accesses and changesto documents that address corporate policy or are required for regulatorycompliance

Reduced need for costly, time-consuming, and inconvenient travel and shippingphysical documents

From the IT perspective, the deployment of a secure work space eliminates the need to enforce heavy-handed security policies on reluctant users. Instead, the policies are enforced transparently and automatically, resulting in better security while reducing tension between IT and users.

For everyone — IT, users, and the business — it becomes a win-win-win situation. IT doesn’t have to play the security heavy, users don’t feel burdened but actually feel more productive, and the business gets better security and increased productivity.

Appendix: Brainloop Secure Dataroom

users inside and outside your company. Top encryption, sophisticated security

About Brainloop

documents and enabling document sharing and collaboration among authorized

unauthorized users. Frequent uses include contract negotiations, project

White Paper – Security Policy

White Paper – Security Policy

Copyright © 2009, Brainloop Inc. All rights reserved. Brainloop and the “brainball” logoare trademarks of Brainloop AG. All other trademarks mentioned in this document are the properties of their respective parties.

CONTACT

Brainloop Inc.

One Broadway, 14th floor

Cambridge, MA 02142 · USA

T: +1 (800) 517 317 1

info@brainloop.com

www.brainloop.com

Brainloop AG

81669 Munich · Germany

info@brainloop.de

www.brainloop.de Co

pyr

igh

t ©

200

9