Some of the biggest challenges IT teams face today stem from data loss and security risks caused by the unauthorized use of personal file sharing services. Using personal file sharing services for business purposes invites data leakage and compliance violations, allowing files to escape beyond the visibility and control of IT. Users, however, want the ability to access and share data from anywhere, on any device they choose.
The only way for IT to stop the spread of uncontrolled data sharing is to address this need through an IT-approved secure file sharing application that meets employees’ needs better than any consumer service could. A true secure enterprise file sync and sharing service combines the convenience and simplicity of a personal file sharing service with enterprise-oriented features and encryption to increase productivity as well as provide increased security, flexibility and control for IT.
Citrix ShareFile eliminates the threat posed by consumer file sharing services and provides the industry’s most comprehensive set of data protection features. IT maintains total control over data access, storage, and sharing across the organization—including the control to audit, track, and log all user activity to support compliance requirements and provide visibility into data usage.
With ShareFile, shared files are encrypted both at rest and in transit. A remote wipe feature allows secure destruction of all ShareFile-stored data and passwords on a device that has been compromised. IT can also remove a device from the list of devices that can access ShareFile accounts, or lock a device to restrict its use for a defined period of time. A poison pill capability lets IT prescribe data expiration policies for mobile devices.
Citrix ShareFile integrates with popular DLP systems including Symantec Data Loss Prevention, McAfee DLP Prevent, and Websense Forcepoint to restrict document sharing based on the file’s DLP classification. Enterprises need to be able to control file sharing based on the content inside the files themselves. Through integrations with leading data loss prevention systems, ShareFile will classify items based on their content and enforce sharing restrictions based on data categories.
Information rights management (IRM) adds an extra layer of protection to sensitive data. With IRM, end users sharing a document may apply a watermark to the document to control further redistribution of the shared content. By applying IRM capabilities, organizations can ensure content cannot be downloaded or is downloadable as a watermarked PDF only, protecting against the risk of unwanted screen captures.
ShareFile customer-managed encryption keys leverage Amazon’s Key Management Solution to give customers the data security control they need. Customer files reside within the ShareFile application, but the generation—and control—of the encryption keys occurs within Amazon KMS.
ShareFile customers using Citrix-managed StorageZones to store their files can manage encryption keys and use Amazon WebServices to generate a master key. The master key encrypts ShareFile data uploaded to the cloud using a dual encryption key paradigm. A master key is stored securely within your Amazon KMS account and never exported outside of that environment, while a data key can be generated and exported outside of the KMS environment. This simplifies the management of encrypted data and establishes a level of trust between the cloud service provider and customer.