Security & Compliance

Ensuring the security of confidential, sensitive information is an essential element of enterprise Security and Governance, Risk Management and Compliance programs. Regulations and standards such as the Federal Information Processing Standard (FIPS) Publication 140-2, Health Insurance Portability and Accountability Act (HIPAA), the Food and Drug Administration (FDA) 21 CFR Part 11, Sarbanes-Oxley (SOX), Gramm-Leach-Bliley Act (GBLA), Data Protection Directive (EU) and others, place significant requirements on organizations for encrypting content and securely sharing sensitive data such as confidential personally identifiable information (PII) and personal health information (PHI).

An industry first, the kiteworks three-tiered architecture enables secure deployment by allowing the web, application, and storage tiers to be separated and placed anywhere in the network. For example, the web tier can be placed in the DMZ for VPN-less access from mobile devices, while the application and storage tiers can be placed behind the internal firewall. Unique authentication tokens for each tier provide an additional layer of security from intrusions and data breaches.

The kiteworks solution provides security professionals with a corporate solution for securely sharing content across devices that ensures protection of sensitive information and IP, and demonstrates compliance with regulations.

Key Features

Security

  • Extensive IT management and controls - Rich IT Admin interface that provides comprehensive file tracking, reporting tools, and audit trails for compliance with SOX, GLBA, HIPAA, and FDA requirements. Robust and intuitive Admin dashboard to quickly manage the health of the kiteworks deployment
  • Data encryption – Sophisticated encryption for data in transit and at rest with enterprise ownership of the encryption keys
  • Anti-Virus – Integrated malware scanning for all files upon upload and download
  • Data Loss Prevention (DLP) – Supports integration with leading DLP solutions from Symantec, RSA, Fidelis, Palisades, and Code Green Networks to monitor files based on corporate policies
  • Remote wipe – Delete content from lost or de-provisioned devices
  • User friendly DRM – Watermarking, view only, and file withdraw capabilities protect confidential files from unauthorized use
  • Online Viewer - Enhances file security by enabling users to view and search file content without downloading them
  • FIPS 140-2 validated encryption – Strong encryption mandated for civilian agencies and government contractors
  • Authentication and Single Sign-On (SSO) – Supports LDAP/LDAPS/multi-LDAP and Active Directory, SSO with SAML
  • Role based access - Enforce corporate policies for file sharing at a user level, group level, and corporate-wide

Compliance

FIPS 140-2

For government agencies requiring FIPS 140-2 validated encryption, Accellion offers a FIPS 140-2 Certified module for private cloud (on-premise or hosted) and hybrid cloud. Accellion has completed the rigorous validation process and obtained certification by the Cryptographic Module Validation Program (CMVP) to meet the security requirements set forth for Federal organizations by the National Institute of Standards and Technology (NIST). Using the FIPS 140-2 module, Accellion can help government agencies meets federal requirements for the protection of data in transit.

Safe Harbor

Accellion complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland (the “Safe Harbor Frameworks”). Accellion has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Accellion’s certification, please visit http://www.export.gov/safeharbor/

FedRAMP

Accellion also supports the US government’s Cloud First policy that mandates that agencies take full advantage of cloud computing. For agencies that utilize Accellion in a private cloud via Amazon Web Services (AWS), AWS has demonstrated it can meet the extensive FedRAMP security requirements and as a result, federal, state, and local government customers can leverage AWS’s secure environment to store and protect sensitive government data.