You don’t have to be a security guru to understand the challenges faced by security professionals to help provide a secure solution for their organization and customers.
There are hundreds of security capabilities and solutions, so how do you prioritize and enable these capabilities to help protect your customers and their data?
To help you organize your security efforts and protect data, we can borrow concepts from Rich Mogull’s Data Breach Triangle. If you look at the Fire Triangle, you need three elements to create a fire: heat, fuel and oxygen. Remove one of the elements and the fire cannot survive. The Data Breach Triangle has similar concepts for a data breach. There are three core elements: exploit, egress and data. A data breach can be prevented if any one of the elements is removed. How can you apply these concepts with Citrix ShareFile? Since ShareFile is a single plane of glass for data access in the cloud and on premises, we will focus on the data element first.
It is increasingly difficult to protect the corporate network along with intellectual property. Once data leaves the corporate network, you start to lose control on the level of security. ShareFile’s Information Rights Management (IRM) capability enables “follow me” security even after the file exits the corporate network. The downloaded file can only be accessed by the intended recipient with the right access privileges. Access to the file or data can be updated based on usage and context like project lifecycle and personnel changes. This gives IT control even after the file has been downloaded or shared.
ShareFile also enables Data Loss Prevention (DLP) capability to help protect sensitive content defined by popular Enterprise DLP solutions. ShareFile can work with most DLP solutions by leveraging the ICAP protocol. DLP policies to govern file sharing and download capabilities can be applied to files and data analyzed by DLP solutions.
By focusing security on the data using capabilities like IRM and DLP, the data element of the Data Breach Triangle is addressed.
But wait! There is more! ShareFile is one of the few Enterprise File Sync and Share (EFSS) solutions that allows flexibility in your storage choices. You can store the files in the cloud managed by Citrix or on premise with ShareFile StorageZones Controller. Data at rest in the cloud are encrypted using AES-256 encryption.
Now that we’ve got data security covered, let’s talk about the exploit and egress elements of the Data Breach Triangle. Since it’s a born-in-the-cloud solution, ShareFile is up to date with critical vulnerabilities. For example, SSL and TLS vulnerabilities were addressed with the latest approved patches to limit the exposure to end users.
In addition to securing network transmissions, it is important to address who can be allowed into the network and access to data. To protect identities within ShareFile, we have native capabilities with configurable password policies and two step verification support. Integration with Active Directory, SAML support and Identity Providers (IdP) including Citrix NetScaler and XenMobile will help you address potential identity exploits with advanced security capabilities.
On the egress aspect, the NetScaler and ShareFile integration helps support a secure network configuration within your environment that includes application firewall, load balancing, DDoS protection, DNS security, Authentication, Authorization and Auditing (AAA) capabilities and more.
Finally, security analytics and reporting have been key in identifying and addressing potential threats. ShareFile reporting and auditing capabilities provides key details on user activity including data access and sharing.
You can apply the right level of security with ShareFile using the Data Breach Triangle as a guide. ShareFile delivers one of the most secure EFSS solutions on the market. Check out what Gartner says about Citrix ShareFile with the latest Enterprise File Sync and Share (EFSS) Magic Quadrant.