Secure and share sensitive documents in your extended enterprise

The CIO-level business angle on the latest tech

Every organization, regardless of industry, has documents it needs to keep confidential, even as they must be developed or shared among several people. Compliance requirements for mandates such as SOX and HIPAA may even dictate that confidential documents be locked down with tightly controlled access. Audit reports may be required to show who did what, and when, with a sensitive document.

Traditional document management systems provide these capabilities inside the firewall for most of a company's documents, but don't address the issue of protecting documents that must be shared outside the enterprise. Brainloop has a solution that provides a scalable workspace for information risk mitigation and document compliance.

Brainloop Secure Dataroom addresses the challenges of sharing confidential documents in the extended enterprise. On the one hand, there is the need to share information as multiple people, both inside and outside your organization, need to collaborate on sensitive documents. On the other hand, there is the demand to protect the very information that's in the documents with controlled access and distribution as well as consistent application of company policy -- especially when exposure of a sensitive document can be a real business risk for the organization.

Brainloop's highly secure online workspace provides a document repository with anytime, anywhere access. It's available as a SaaS-based subscription service, or it can be installed on premise within your own data center. There's no client software to install, so people outside your organization can easily be invited to use documents or folders within a specific dataroom.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Every organization, regardless of industry, has documents it needs to keep confidential, even as they must be developed or shared among several people. Compliance requirements for mandates such as SOX and HIPAA may even dictate that confidential documents be locked down with tightly controlled access. Audit reports may be required to show who did what, and when, with a sensitive document.

Traditional document management systems provide these capabilities inside the firewall for most of a company's documents, but don't address the issue of protecting documents that must be shared outside the enterprise. Brainloop has a solution that provides a scalable workspace for information risk mitigation and document compliance.

Brainloop Secure Dataroom addresses the challenges of sharing confidential documents in the extended enterprise. On the one hand, there is the need to share information as multiple people, both inside and outside your organization, need to collaborate on sensitive documents. On the other hand, there is the demand to protect the very information that's in the documents with controlled access and distribution as well as consistent application of company policy -- especially when exposure of a sensitive document can be a real business risk for the organization.

Brainloop's highly secure online workspace provides a document repository with anytime, anywhere access. It's available as a SaaS-based subscription service, or it can be installed on premise within your own data center. There's no client software to install, so people outside your organization can easily be invited to use documents or folders within a specific dataroom.

Think of a dataroom as a single deposit box within a vault where several authorized people have the key. The dataroom administrator defines the policies of who can do what with the documents within that locked box. The policies, which can be very granular, can be applied at the group level or for individual users. The policies determine who can download, edit, print or disseminate the document. The content owner stays in control of his document at all times.

This application provides strong security controls to protect your highly sensitive documents. When a person signs in to access his dataroom, he uses multifactor authentication such as SMS-PIN or x.509v3 certificates along with his user ID and password. All documents in transit and at rest on the server are encrypted and shielded from IT operators. For the most confidential documents, every page that an authorized user views has an embedded dynamic watermark that would be splashed across the document if someone were to photograph the screen. All actions are captured in a tamper-proof audit trail that can be presented in reports to validate compliance to company policy or government or industry regulations. There's a centralized policy framework for administering policies on documents, individuals and groups.

Cheryl Klein, CEO and principal consultant of GRC Consulting Services, recommends Brainloop for her clients who need to lock down sensitive documents with controlled access. Klein helped one of her clients implement Brainloop in-house to protect sensitive spreadsheets to satisfy SOX requirements. According to Klein, "I'd say this product fits in anytime you have a situation where you have sensitive, confidential data that has to be accessed by multiple people, inside or outside the organization, and you are concerned about security and change management."

Document compliance management is a critical part of many organizations' governance, risk and compliance (GRC) programs. Best practices dictate that you should:

* Define a document compliance strategy.

* Rank your business processes and the documents they require according to risk.

* Define policies for those documents and the people who use them.

* Provide an automated solution that will secure and manage your sensitive documents.

Brainloop offers a free trial of its secure document workspace. I've tried the application and it's very intuitive for users and document administrators. Get your company auditors involved in the trial so they can evaluate the GRC aspects of Brainloop. In my opinion, it's a no-brainer.

Read more about security in Network World's Security section.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.