HIGHTAIL FOR ENTERPRISE: SECURITY OVERVIEW Secure and control how your business shares files using Hightail Information the lifeblood of any business is potentially placed at risk every time digital files are shared. Whether a company s employees use email or FTP, or look to bypass the limitations of these services with unsanctioned sharing tools, the inadequate security and compliance standards of these methods is a serious liability. Hightail solves this problem with an enterprise-grade service that gives users the ability to share files easily, while providing IT with the required security infrastructure, comprehensive controls and data tracking capabilities. The enterprise administrative controls around Hightail were one of the criteria that made this a good solution for us. James Brennan, Executive Director, Sony Pictures Files stored and shared with Hightail are secured, controlled and managed over three different levels: User level Intuitive user experience requires minimal training or IT assistance File sharing controls including passwords, expiration dates and identity confirmation help protect sensitive files Folders can be shared with full edit permissions or as view-only Uniform experience across web, desktop and mobile apps Enterprise level IT can set global controls and configure rules for enterprise data sharing Seamless integration with existing systems, including Active Directory and LDAP, allows for quick deployment SAML provisioning reduces IT workload by automating account setup Dashboards and usage reports allow IT to monitor usage at a granular level and maintain audit trails Cloud level Physical access to data centers is restricted using state of the art surveillance and access controls Network is monitored 24x7x365 using a dedicated Network Management System Data is encrypted in transit and rest by 256-bit AES encryption Compliant with SSAE 16, PCI DSS, Safe Harbor framework and enables organizations to meet industry regulations like HIPAA, GLBA
User level security Enterprise users need to actively access, share, and collaborate with other users within and outside the enterprise without their productivity being obstructed by security concerns. Hightail s robust security infrastructure and advanced, yet simple security controls allow users to work productively without hassle. Traditional tools such as email and FTP limit the amount of control users and IT can exercise over shared data. When sharing folders via Hightail, users can specify permissions at a granular level to allow accessing users to view only or modify content. When sending files, Hightail provides additional controls, including passwords and file expiration dates. Selecting the return receipt and verify recipient identity options and tracking downloads and other file activities, help users ensure their files reach the right recipients. The security features on Hightail are available across the web, desktop and mobile apps providing a familiar, uniform experience no matter which device is being used. Enterprises can leverage existing Single Sign-On (SSO) infrastructure so users don t need to remember yet another username and password. All of these user level features allow businesses to strike the appropriate balance between user productivity and IT control, all with minimal maintenance overhead. And while the Bring Your Own Device (BYOD) trend continues to keep many IT leaders up at night, Hightail mobile products have additional security measures such as PIN protection, encrypted local storage and data wipe that can prevent unauthorized access should a device fall into the wrong hands. Enterprise level security Hightail integrates seamlessly with existing infrastructure and applications while providing IT with granular control capabilities. Enterprises can quickly get started using Active Directory/LDAP or SAML 2.0 integration to enable SSO, while SAML provisioning support Folder permissions (View/modify) Password protection File expiration options Return receipt Verify recipient identity Download tracking Pin protection (mobile) Data wipe (mobile) The ability to have some control over your files at a very low level of an organization is huge. It means you are not always going back upstream to IT for permission. Mitch Hamm Center Director, Alabama Technology Network
eases the work of IT by automating the user account setup process. In managing accounts, Hightail provides administrative flexibility by allowing IT admins to set global controls, use new or existing rolebased groups or apply policies at the individual account level. Hightail leads the industry in providing IT with comprehensive monitoring and tracking capabilities so organizations know where their data is at all times. Administrators can use the Dashboard to acquire insights into usage parameters including user counts, data transfer information and inbound/ outbound domains. For transaction level details, they have the Usage Report, which not only provides a log of all enterprise transactions, but also the ability to quickly find specific information using filters on various parameters including user, date, filename and event type. If they suspect an unauthorized file share, administrators have the ability to download and block downloads of any file that has been shared on Hightail. Active Directory and LDAP integration SAML 2.0 integration & provisioning Global policy settings Role-based groups Usage reports (audit log) Block download Customized branding Being able to go in and see what has happened with files and expire them if necessary has given my IT team the control they needed. Our auditors were absolutely amazed. Noah Broadwater VP, Digital Products and Technology, Special Olympics
Hightail s fit with enterprise security is strengthened by its integration with existing policies and systems. Hightail integrates with existing company MDM (Mobile Device Management), DLP (Data Loss Prevention) and DRM (Digital Rights Management) systems to enable a consolidated IT strategy that extends the company policies, rules and control to data stored in the cloud. IT administrators also have the option of adding their company logo to Hightail, providing users with a consistent experience across different systems and applications, while promoting their brand when sharing files externally. Cloud level security Hightail is trusted by over 40M users, including professionals at 98% of the Fortune 500, for user and IT level controls and rigorous security measures. Reliable and resilient architecture ensures Hightail has no single point of failure and services are available to users at all times. Data is secured at all layers including physical, network, transmission, data and application to ensure end-to-end security for corporate information. The ability to secure and track the data coming in and out of our offices, while avoiding new infrastructure investment and associated operating costs made Hightail very compelling. Andrew Marks CIO, Tullow Oil Physical security Hightail data centers enforce stringent physical security measures in build and access and also maintain certifications such as SSAE 16 SOC 1/2, ISO27001, and ISO25999. The data centers are globally located and protected by double walled construction and biometrically protected cages. They mitigate environmental risk with sophisticated disaster protection that includes seismic protection, water suppression and drypipe fire protection. They also feature multiple active power and cooling distribution paths to ensure that services are available at all times. SSAE 16 SOC 1/2 compliant Seismic, fire protection Redundant power supplies Video surveillance Biometric scanning Detailed audit logs Data center access is strictly controlled and restricted only to designated persons within the Operations team. Data centers are monitored by manned security and video surveillance round the clock. Accessing production systems requires three points of access that are guarded by mantraps and biometric scans with PINs. Hightail maintains detailed audit logs and continuously monitors all operational systems.
Network security Hightail provides multiple solutions to address network security threats as information flows back and forth from data centers to customer and third party systems. Hightail monitors its entire network, including the production application and underlying infrastructure components at all times using a dedicated Network Management System. Real-time alerts are sent to on-call Operations staff members for resolution. All incoming and outgoing traffic between the production environment and other networks corporate and untrusted is monitored by ISP grade firewalls. To protect the systems from DoS/DDoS (Denial of Service) attacks and ensure availability, Hightail employs carrier grade network equipment and redundant internet links. Finally, to ensure the reliability of the network infrastructure against increasingly sophisticated hacking methods, the company performs weekly vulnerability scans and engages third party security firms to perform penetration and application vulnerability testing. Application security The Hightail application is designed with security as a key consideration at every stage. The web application is multi-tiered into logical segments (front-end, mid-tier and database), each independently firewalled from each other in a DMZ configuration. This guarantees maximum protection while giving developers the flexibility of a multi-layer architecture. The Hightail application development goes through multiple checks and balances to ensure that development or testing processes do not impact the production systems and data. These checks include putting every change through a formal release engineering process, maintaining physically and logically separated development environments and finally, performing full functional testing of all changes in a QA environment before deployment to production. Following this rigorous development and release process allows Hightail to deliver new features and improvements while maintaining a solid and secure foundation. 24x7x365 monitoring ISP grade firewalls DoS/DDoS protection Vulnerability scanning Penetration testing Hardened operating system Multi-tiered DMZ configuration Formal release engineering process Full functional QA testing
Data security One of the critical vulnerabilities with traditional sharing tools like FTP is the absence of data encryption, which allows hackers to sniff packets out of the network and directly intercept the data. Hightail encrypts data in transit by providing up to 256-bit AES encryption along with support for forward secrecy, ensuring that deciphering intercepted information is impossible now and in the future. Hightail leaves no stone unturned in protecting the customer data stored on its servers. At the server level, files at rest are stored and individually secured using a patented three level encryption technology that is certified by FIPS 140-2 and CC EAL2+, the US Government and international standards for computer security. A 256-bit AES encryption and dynamic key management ensures every key access is logged providing real-time revocation and full auditing. Redundant encrypted copies 256-bit AES encryption Dynamic key management FIPS 140-2, CC EAL2+ certification To protect data against any server wear and tear, Hightail uses redundant encrypted storage, meaning that copies of every file are stored on multiple servers to safeguard against data loss. When users delete files, they are held on the disks for seven days for recovery reasons after which all data copies are completely purged from the systems. Compliance Hightail s end-to-end security features meet stringent compliance requirements and allow organizations to meet a number of industry regulations as they extend their IT infrastructure to the cloud. Hightail is audited annually by a Big Four audit firm to attest to its compliance with regulations such as SSAE 16 security and confidentiality principles and publish SOC 2 type II reports to confirm the design and effectiveness of its controls. Hightail is also independently certified to be compliant with PCI DSS (payment card data security standards) and US/EU Safe Harbor framework to ensure proper collection, use and retention of personal information. Hightail s security features also enable organizations to meet a variety of industry regulations, including HIPAA (Health Insurance Portability and Accountability Act), a
regulation that addresses security and privacy of health data and GLBA (Gramm Leach Bliley Act), which addresses consumer information protection by financial institutions. Enterprise-grade security, now and in the future With fast growing trends such as Consumerization of IT and BYOD, cloud sharing solutions offer significant value in increasing user productivity and collaboration, but can make business information vulnerable through unsanctioned file sharing applications and uncontrolled file sharing via email and FTP. Hightail provides a solution that satisfies IT requirements not just in terms of robust security and granular control over enterprise data, but also by providing an intuitive data sharing experience that results in quick and easy adoption by users. Find out how hightail can help your business call 1.866.558.7363 email sales@hightail.com Hightail recognizes that the challenge of maintaining enterprise-grade security is ongoing and the company continually invests in improving its security infrastructure to remain ahead of potential new dangers. Hightail has recently acquired adeptcloud, the industry s first privacyfocused collaboration solution, and joined the Cloud Security Alliance, a coalition of industry practitioners with a mission to promote and define best practices for providing security assurance within cloud computing. These developments, along with the continued focus on existing infrastructure and features, ensure that Hightail is providing its customers with the best security for their business information now and in the future.