The release of SealPath Enterprise version 2.0 means a fundamental milestone in the strategy that SealPath designed in 2013 in response to the challenges that information security solutions are facing in the coming years. This strategy is based on four key ideas: Focus on risks, Automation based on the context, Sharing without barriers and Ease of use and access.
1. Focus on risks
We feel that our information is valuable but it is not safe; others want to have it and they can get it. Who are these others? Here is where begins the risk analysis that should direct any effort to protect sensitive information. Reducing the likelihood that others access and use our confidential information should be a profit much higher than the cost of implementing these security measures and the constraints that they introduce in our processes. A common mistake managing this kind of issues is to focus only in the technical field. We are not talking about a Firewall or an Antivirus. The information is created, managed and used by individuals and the complexity of these processes is infinitely greater. Science fiction is over and you have to face the reality: The unpredictability that defines the human activity cannot be covered only by technical processes. We must discover where the real risks are and implement appropriate solutions adapted to the business context in which they are applied without the productivity being negatively affected. SealPath has developed a risk analysis methodology and a definition of processes to manage the information securely. This methodology is the basis of the implementation phase that should always come after a technical deployment. This methodology provides a work guide and shows clearly the benefits against the additional cost that security always entails. The objectives are clearly identified, the efforts are focused, and an optimal risk reduction of the sensitive information is achieved.
2. Protection automation based on the context
We know that the protection should depend on the context in which the information is managed. Let’s make the context shows by itself. The owner of the documentation is the one who knows best this context related to the information she is managing. At SealPath we had this assumption clear and we have always worked for the users to have all the tools needed to protect their documents conveniently. Nevertheless, depending completely on the user’s will and action is often not feasible. An information protection solution must be able to identify the context in which the information is created, or perhaps more important, the context in which the information is used. Variables like the type of content, the content itself, the place where it is stored, the place where it is accessed from, etc. define accurately the context that must establish automatically and dynamically the level of protection over the information.
A folder in a file server carries implicitly a context that can be used to associate an automatic protection over the content stored on it. SealPath allows a user in a team to create a protection policy according with her team’s specific needs and share it with the administrator, so that she can apply this protection policy to a folder in the corporate’s file server. In this way, the project or department documentation will be protected just by storing the files in the appropriate folder. Nobody needs to do any additional or different step to store the information protected than the steps they were doing now to store unprotected information.
3. Removal of barriers to share
The information that is not shared has not any value. Protecting information cannot mean that it cannot be shared or moved anymore. The security over the information cannot be limited to the place where it is stored. You can control the access allowing users to only view the documents through uncomfortable viewers or you have to give them full access and accept the risk that they can save the documents in their local disk. Applying simple policies in the perimeter to limit the transfer of the documents, so it can be moved inside the corporate network or it can be accessed only by internal staff is not always useful either. The business needs are complex most of the times and it is almost impossible that the IT Department knows in advance whether some documentation has to be accessed from outside of the company or not.
SealPath lets external users be added to the security policies very easily without needing that the administrator gets involved. The users just include their collaborator’s email addresses in their protection policies, and the collaborators receive an invitation email, that can be customized with the logo and brand of the company to increase the trust in the message, introduce a password, and they are already within the flow of document protection and control.
4. Ease of use and access to the information
The protected information should be easily available for those users that need to use it. It is critical than the users can keep managing their documents with their regular tools such as Office, Adobe, Foxit, etc. without forcing them to use viewers that change their experience. It is always important that this information is stored and transferred like any other documentation in the company. The organization may have made an important investment in Sharepoint, Alfresco, NAS, etc. that must be made profitable. Having to upload the documents to a new server would break the standard procedures the organization established and opted for. We cannot forget the unavoidable presence of the mobile devices as productivity tools. SealPath has published new “apps” for iPhone, iPad and Android that allows to view protected documents in these platforms. With these applications SealPath allows you to have the same revocation and access tracking features that are offered in the desktops.