This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
Close to 20 years ago I was working with a company in the process of a blockbuster merger with a competitor. The company set up numerous closed-door "clean rooms" at headquarters where teams from both companies could work through the details of the proposed deal. Scores of people from the target company came to town and lived in hotels for weeks on end.
Those of us not on the merger team watched daily as boxes of documents were carted into the clean rooms. We assumed the boxes contained each company's most sensitive business information. The people in those rooms were charged with deciding if the merger was the right thing to do. They hoped the answers would be found in those precious documents. Apparently they were because the merger went through.
Around that same time, a couple of guys in the M&A group of a financial institution were watching this process play out over and over again. Every deal had its version of the clean room with boxes of corporate information, and they realized this was an inefficient and expensive way to bring people together to sift through sensitive documents. So these entrepreneurs created a virtual data room where people could securely share and work with high value, highly regulated data and intellectual property. This is the origin of the secure collaboration company Intralinks, a pioneer in digital document sharing.
Today, file sharing and data synchronization is one of the leading cloud application categories. According to Gartner, there are more than a hundred products in this category, with little distinction among them. Intralinks says it is the exception to this rule because of its heritage of managing enterprise customers' most critical files. While companies like Dropbox come at the collaboration space from the consumer perspective, Intralinks products have been architected from the ground up to meet the stringent needs of the enterprise. In fact, the company claims it has provided secure collaboration tools for 99% of the Fortune 1000.
Intralinks' differentiator is that it provides the ability to embed security and encryption right into the documents companies want to protect and share. As a result, the security goes with a file wherever it goes for the lifetime of the file. Even if someone downloads a file from the secure collaboration space and emails it to someone outside the organization, the strict permissions of who can access that file – regardless of where it is – continue to protect it. The lifelong controls are embedded within the document itself, and the owner of the document can change those controls over time if desired.
For example, let's think about the sensitive files placed in an M&A virtual data room. Companies A and B both contribute documents so they can be reviewed by each other's business and legal teams. These documents mustn't go beyond the authorized people so the permissions on each document are explicit as to what each person can do. Some can simply view documents, while others might be permitted to edit them as well. If it looks like the merger isn't going to go through, the respective companies can withdraw permissions to view or even access the documents. This ensures that Company A doesn't retain long-term access to Company B's business plans.
The Intralinks solution is provided as a dedicated SaaS platform. The company developed the platform over the past two decades working with major banks worldwide and says the solution was architected and built to serve highly regulated customers with the highest needs for security. Security is built in, not bolted on.
Intralinks has its own data centers in the U.S. and Europe and is moving into a model where data can be placed in any country based on distributed content nodes. This ensures that customers can meet data sovereignty requirements by storing data in its country of origin and be compliant with local, national and international regulations.
Shared files are stored in Intralinks' cloud, protected with encryption and other security measures that get embedded into the files themselves. As a document is uploaded to the Intralinks platform, the document is secured with 256 bit encryption. Then Intralinks encrypts the encryption key. That's two layers of encryption for each and every document. On top of that, users have the option to implement customer-managed keys which they can change and revoke as needed.
In addition, files are assigned explicit permissions of who can do what with them, a form of information rights management (IRM). A file owner can change the permissions even after a file has been distributed. So for example, say an employee has access to a file, but the employee resigns from the company. All of his access permissions can be revoked to ensure he isn't accessing sensitive information, even if he had previously downloaded that file to his own computer. This is a critical capability that is lacking in file sharing tools that originated in the consumer market. This allows for protection of data at rest, within the enterprise and in motion, wherever the data travels.
Access to a document workspace can be done through integration with a company's directory service or on an ad hoc basis by sending a participant a link. The ad hoc basis puts the onus on the file owner to know what level of control to assign to files.
Intralinks facilitates multiple types of collaboration and sharing. There is "me to me" sharing in which a person just wants to sync files across his own devices. There is "me to many" sharing that allows a person to share documents with multiple people, giving each recipient his own level of permissions. And there is "many to many" sharing in which a group of people all have access to a document workspace for collaboration.
Something else that is unique to Intralinks is that document users do not need to download an agent to their devices. Intralinks recognizes that many enterprises in regulated industries lock down their employees' desktop configurations so installing an agent isn't really an option.
Of course there are audit trails to track who has done what with the secured documents. This is a key requirement for the types of regulated information that Intralinks' customers tend to share. The vendor is keenly aware of instilling the compliance and governance that large organizations have to have when they are dealing with external regulators.
And speaking of governance, there is one more significant differentiator for this vendor. Intralinks invites all its customers to audit its datacenters annually. For most enterprises, this is a best practice for vendor risk management. Intralinks says it takes the feedback from each customer audit – and there is typically about one audit every week – to perform continuous improvement for its datacenters and software.