Brainloop: Security Policy - Five Keys to User Compliance (White Paper)


Published on

Brainloop: Security Policy - Five Keys to User Compliance (White Paper)

Published in: Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Brainloop: Security Policy - Five Keys to User Compliance (White Paper)

  1. 1. WHITE PAP ER Security Policy: Five Keys to User Compliance EXECUTIVE SUMMARY IT managers have long suspected: users, as they naturally go about trying Business users are a key part of a company’s security, and even the most conscientious employees can introduce serious breaches (52%)1 of security policy. IT can do everything security policy. in its power to secure the company’s confidential documents — provide first-class IT too often is portrayed as the security heavy, forced to try to halt such security infrastructure, develop reasonable security policies and engage in extensive security. Feeling these steps hinder their productivity, users go to great communication and training — yet still lengths to avoid or circumvent even the most reasonable security measures, people fail to comply. The solution is to provide security that helps people do their jobs more efficiently, thereby inducing users It is hard to blame the users; they are just trying to get their jobs done as to follow best security practices without even knowing it. people fail to comply. What more can IT do? The solution is to provide security without making it difficult for users to do their jobs. For example, if IT can offer easy group collaboration within a transparently secure setting, or eliminate the need for users to send sensitive documents by email, users can be as productive as ever, or even more so. And since the environment is inherently secure, users are following best security practices without even knowing it. In the paper that follows, you will find five ways IT can facilitate user productivity while automatically ensuring safe security practices. In each case, users are unhindered by security procedures, yet their work is conducted in a transparently secure environment. Even better, the environment actually streamlines processes and improves efficiency, leading users to make it their preferred work environment. 1 Evade and Ignore Security, Ponemon Institute, June 10, 2009
  2. 2. White Paper – Security Policy In some cases, such as those involving negotiations [see #3 below], the secure environment actually gives workers a distinct advantage. And as people experience the advantages of working within such an environment, advantages like increased efficiency or negotiation leverage, they readily return to make use of these advantages. Suddenly, IT no longer needs to force compliance with document security procedures. Users willingly comply, often without even realizing it. The following table illustrates unsafe behaviors resulting from human factors that can be reduced or eliminated through a transparently secure environment, which also makes work easier or more efficient for the users. In all the cases above, security is built into the online environment of a security issue. Business Practice Mitigation Strategy People often use email where delivery A central document repository isn’t assured or can be intercepted eliminates the need to send 1 Group collaboration on doc- unsecured emails uments, presentations, analysis Easy to accidentally send to the wrong person with a similar name No need for multiple versions distributed among group members Unauthorized forwarding of Put usage restrictions on documents: documents disable printing or forwarding 2 Project collaboration Never sure who has seen the material Share large files with vendors, contractors, Ensure all have the most recent version offsite employees Track receipt and viewing Accelerate workflow Difficult to prevent documents from Due diligence documentation in the 3 Confidential bidding being leaked to unauthorized parties secure environment is protected and negotiation Difficult to gauge interest level Able to see which bidders have read the documentation most thoroughly Users take files home or with them on a Safe, convenient remote access to USB, running the risk of loss of the USB centrally stored and secured files 4 Traveling or multi-location and its contents No need to copy files to USB or synch workers May require use of a cumbersome VPN to laptop Need to continually synch systems Documents are at risk during distribution Secure access to all documents by email or as paper documents via delivery Enables confidential online voting 5 Boardroom minutes / services Sensitive communications Eliminates risk and expense of courier No effective decision-making structures services outside of scheduled meetings
  3. 3. White Paper – Security Policy The business advantages of a transparently secure work space quickly become clear: Increased productivity through easy group collaboration that removes version management hassles Improved security and productivity through the elimination of email mix ups and crossed, delayed, and lost messages, which not only reduces business risk but also cuts down the amount of email flooding into users’ mailboxes that must be managed Improved communication in collaboration and bidding processes through the identification of which documents have been accessed and by whom, spotlighting the most interested parties and pinpointing uncompleted tasks Increased mobile efficiency by avoiding the tedious chore of synching documents between desktop, laptops, and mobile devices when traveling since all the data is available via the Internet anytime in the secure work space Improved governance efficiency by creating an audit trail of accesses and changes to documents that address corporate policy or are required for regulatory compliance Reduced need for costly, time-consuming, and inconvenient travel and shipping physical documents From the IT perspective, the deployment of a secure work space eliminates the need to enforce heavy-handed security policies on reluctant users. Instead, the policies are enforced transparently and automatically, resulting in better security while reducing tension between IT and users. For everyone — IT, users, and the business — it becomes a win-win-win situation. IT doesn’t have to play the security heavy, users don’t feel burdened but actually feel more productive, and the business gets better security and increased productivity. Appendix: Brainloop Secure Dataroom users inside and outside your company. Top encryption, sophisticated security About Brainloop documents and enabling document sharing and collaboration among authorized unauthorized users. Frequent uses include contract negotiations, project
  4. 4. White Paper – Security Policy CONTACT Brainloop Inc. Brainloop AG One Broadway, 14th floor Copyright © 2009 Cambridge, MA 02142 · USA 81669 Munich · Germany T: +1 (800) 517 317 1 Copyright © 2009, Brainloop Inc. All rights reserved. Brainloop and the “brainball” logo are trademarks of Brainloop AG. All other trademarks mentioned in this document are the properties of their respective parties.