brainloop: security policy - five keys to user compliance (white paper)
DESCRIPTION
Brainloop: Security Policy - Five Keys to User Compliance (White Paper)TRANSCRIPT
WHITE PAPER
IT managers have long suspected: users, as they naturally go about trying
(52%)1
security policy.
IT too often is portrayed as the security heavy, forced to try to halt such
security. Feeling these steps hinder their productivity, users go to great lengths to avoid or circumvent even the most reasonable security measures,
It is hard to blame the users; they are just trying to get their jobs done as
people fail to comply. What more can IT do?
The solution is to provide security without making it difficult for users to do their jobs. For example, if IT can offer easy group collaboration within a transparently secure setting, or eliminate the need for users to send sensitive documents by email, users can be as productive as ever, or even more so. And since the environment is inherently secure, users are following bestsecurity practices without even knowing it.
In the paper that follows, you will find five ways IT can facilitate user productivity while automatically ensuring safe security practices. In each case, users areunhindered by security procedures, yet their work is conducted in atransparently secure environment. Even better, the environment actually streamlines processes and improves efficiency, leading users to make it their preferred work environment.
Security Policy:Security Policy:Security Policy:Security Policy:Five Keys to UserFive Keys to UserFive Keys to UserFive Keys to UserComplianceComplianceComplianceCompliance
EXECUTIVE SUMMARY
Business users are a key part of a company’s security, and even the most conscientious employees can introduce serious breaches of security policy. IT can do everything in its power to secure the company’sconfidential documents — provide first-class security infrastructure, develop reasonable security policies and engage in extensive communication and training — yet still people fail to comply. The solution is to provide security that helps people do their jobs more efficiently, thereby inducing users to follow best security practices without even knowing it.
1
Evade and Ignore Security, Ponemon Institute, June 10, 2009
In some cases, such as those involving negotiations [see #3 below], the secure environment actually gives workers a distinct advantage.And as people experience the advantages of working within such an environment, advantages like increased efficiency or negotiation leverage, they readily return to make use of these advantages. Suddenly, IT no longer needs to force compliance with document security procedures. Users willingly comply, often without even realizing it.
The following table illustrates unsafe behaviors resulting from human factors that can be reduced or eliminated through a transparently secure environment, which also makes work easier or more efficient for the users.In all the cases above, security is built into the online environment
of a security issue.
White Paper – Security Policy
Business Practice Mitigation Strategy
People often use email where delivery isn’t assured or can be intercepted
Easy to accidentally send to the wrong person with a similar name
A central document repository eliminates the need to send unsecured emails
No need for multiple versions distributed among group members
Unauthorized forwarding ofdocuments
Never sure who has seen the material
Put usage restrictions on documents:disable printing or forwarding
Share large files
Ensure all have the most recent version
Track receipt and viewing
Accelerate workflow
Difficult to prevent documents frombeing leaked to unauthorized parties
Difficult to gauge interest level
Due diligence documentation in thesecure environment is protected
Able to see which bidders have read the documentation most thoroughly
Safe, convenient remote access to centrally stored and secured files
No need to copy files to USB or synch to laptop
Documents are at risk during distribution by email or as paper documents via delivery services
No effective decision-making structuresoutside of scheduled meetings
Users take files home or with them on a USB, running the risk of loss of the USB and its contents
May require use of a cumbersome VPN
Need to continually synch systems
2 Project collaboration with vendors, contractors, offsite employees
3 Confidential bidding and negotiation
4 Traveling or multi-location workers
1 Group collaboration on doc-uments, presentations, analysis
Secure access to all documents
Enables confidential online voting
Eliminates risk and expense of courier services
5 Boardroom minutes /Sensitive communications
The business advantages of a transparently secure work space quickly become clear:
Increased productivity through easy group collaboration that removes versionmanagement hassles
Improved security and productivity through the elimination of email mix ups andcrossed, delayed, and lost messages, which not only reduces business risk but also cuts down the amount of email flooding into users’ mailboxes that must be managed
Improved communication in collaboration and bidding processes through theidentification of which documents have been accessed and by whom, spotlighting the most interested parties and pinpointing uncompleted tasks
Increased mobile efficiency by avoiding the tedious chore of synching documentsbetween desktop, laptops, and mobile devices when traveling since all the data is available via the Internet anytime in the secure work space
Improved governance efficiency by creating an audit trail of accesses and changesto documents that address corporate policy or are required for regulatorycompliance
Reduced need for costly, time-consuming, and inconvenient travel and shippingphysical documents
From the IT perspective, the deployment of a secure work space eliminates the need to enforce heavy-handed security policies on reluctant users. Instead, the policies are enforced transparently and automatically, resulting in better security while reducing tension between IT and users.
For everyone — IT, users, and the business — it becomes a win-win-win situation. IT doesn’t have to play the security heavy, users don’t feel burdened but actually feel more productive, and the business gets better security and increased productivity.
Appendix: Brainloop Secure Dataroom
users inside and outside your company. Top encryption, sophisticated security
About Brainloop
documents and enabling document sharing and collaboration among authorized
unauthorized users. Frequent uses include contract negotiations, project
White Paper – Security Policy
White Paper – Security Policy
Copyright © 2009, Brainloop Inc. All rights reserved. Brainloop and the “brainball” logoare trademarks of Brainloop AG. All other trademarks mentioned in this document are the properties of their respective parties.
CONTACT
Brainloop Inc.
One Broadway, 14th floor
Cambridge, MA 02142 · USA
T: +1 (800) 517 317 1
www.brainloop.com
Brainloop AG
81669 Munich · Germany
www.brainloop.de Co
pyr
igh
t ©
200
9