101: How FinalCode Offers Enterprises Secure File Collaboration
Today I want to tackle the far-reaching subject of data leakage risks. You can put a file into a data content management system to be received by a contractor, and that file is secure as long as it’s in the cloud application. The question we don’t ask often enough is how secure is that cloud application? What happens to that file once it leaves the cloud application container on the contractor’s computer? What if that contractor forwards that file or loses that device? I invited Scott Gordon from Final Code onto the show tonight to talk about this. Scott is an accomplished leader who has helped develop security management network and endpoint security and risk assessment technologies.
Can you tell the listeners a little about yourself and what you do?
I’m Scott Gordon. I’m Chief Operating Officer of Final Code. I’m responsible for Final Codes go to market and sales enablement and partner enablement and customer support infrastructure. I’ve been doing information security for at least sixteen years covering network security, system security, data security and even security management. I love the information security space. There’s always the next threat, the next risk, and the next best practice and so the technology is really cool.
For anyone who has not heard of you guys before what is Final Code and what makes it unique from other similar security solutions out there?
Specifically, Final Code is a file-centric, digital rights management system. What that means is we’re able to secure a file, and that file security stays with the file wherever it goes inside an organization or outside an organization. In particular security, we’re talking encryption and access control and also usage control. So it’s not just encrypting the file, but when the recipient receives the file, we can control what they can do with the file such as printing or copying and pasting screen shots.
Gartner named you a “cool vendor.” What does that entail?
Gartner looks at companies that have a unique take on an existing or new risk or enhancement to a product. In this case, it’s about file collaboration security. Files are sort of the last data leakage frontier. People will indeed protect the data and data bases inside of the organization but once a file leaves a secure perimeter and is put on a host and that host leaves the environment or once a file is shared they are easily on the web through cloud services. When it reaches the recipient, the control is gone. They chose us among vendors that are providing a unique way to address the persistent file security risks.
What caught my eye and one of the reasons I invited you onto the show tonight was your five step process to reduce these risks. Can you tell the listeners a little about that five step process?
We did a survey through Enterprise Management Associates to North American mid-tier and large enterprises, and we were pretty amazed by the relatively lax means to support file security. We looked to put together a program that is a really pragmatic five step process to address data file leakage.
- Classify and discover your sensitive files. Your confidential files exist in your infrastructure and processes that generate sensitive data.
- Examine the risk and the relative control gaps. If I have a file that’s internal and doesn’t contain sensitive data that’s a lot different than a file that’s going to be shared with a customer that does contain confidential information. Then understand the control gaps. To what extent can those files be protected?
- Define a policy for certain types of data whether it’s internal, restricted, confidential, highly sensitive or classified. It’s not a matter of just defining the controls around a policy but also to communicate that effectively to internal users.
- Look at the actual controls to enhance and implement those controls. If you’re doing file security, it could be using a secure FTP site for external access. It could be using encryption alone for individual files like disc encryption perhaps. Certainly, it’s for shared network drives. Its access controls and maintaining directory services for those controls and of course file-based DRM services. All these controls can not only enhance but be implemented.
- You don’t just set it out and see what happens. Like any IT project, you really need to monitor the controls and the implementation to have a continuous improvement as risks or threats change, as business requirements change or as technology changes.
What’s next for Final Code?
We’re on the heels of our next release, Version 511 that will be coming out in the next month or so. We’ve been focused on two areas: keeping with our movement on ease of use and then to extend our enterprise features.
What’s the best way for anyone listening to reach out to you or a member of your team?
We have a bunch of information on our website at www.finalcode.com. It’s all right there and is very convenient for downloads.