Closing the Security Gap Extending Microsoft SharePoint, OCS, and Exchange to Support Secure File Transfer



Similar documents
Best Practices for Implementing Enterprise Secure File Transfer

No More FTP. Eliminate FTP Issues with a Secure File Transfer Appliance. Accellion, Inc. Tel Embarcadero Road Fax

Secure File Sharing for HIPAA Compliance: Protecting PHI

Mobilize SharePoint Securely: Top 5 Enterprise Requirements

8 Critical Requirements for Secure, Mobile File Transfer and Collaboration

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

Enterprise Mobility Management: A Data Security Checklist. Whitepaper Enterprise Mobility Management: A Checklist for Securing Content

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Solve the Dropbox Problem with Enterprise Content Connectors. Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors

Self-Service SOX Auditing With S3 Control

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Accellion Security FAQ

Axway SecureTransport Ad-hoc File Transfer Service

Top. Enterprise Reasons to Select kiteworks by Accellion

Five Best Practices for Secure Enterprise Content Mobility

How To Secure Shareware Kiteworks By Accellion

EXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, Published May An Osterman Research Executive Brief

SecureSend File Transfer Portal Usage Guide

No More FTP Eliminate FTP and Attachment Issues with Proofpoint Secure File Transfer

Live Communications Server 2005 SP1 Office Communications Server Matt Newton Network Engineer MicroMenders, Inc

How To Protect Your Data From Harm

CompleteCare+ Enterprise Voice

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

The Impact of HIPAA and HITECH

HIPAA/HITECH Compliance Using VMware vcloud Air

Healthcare Security and HIPAA Compliance with A10

Using Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

HIPAA/HITECH Act Implementation Guidance for Microsoft Office 365 and Microsoft Dynamics CRM Online

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

WHITE PAPER SPON. Do Ex-Employees Still Have Access to Your Corporate Data? Published August 2014 SPONSORED BY. An Osterman Research White Paper

Top. Reasons Legal Firms Select kiteworks by Accellion

The Wise Group and Microsoft Office 365 Customer Solutions

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

Sametime 101: Feature Overview. Roberto Chiabra IBM Certified IT Specialist

How to Install SSL Certificates on Microsoft Servers

White Paper Instant Messaging (IM) HIPAA Compliance

Outbound Security and Content Compliance in Today s Enterprise, 2005

Skype for Business Migration Strategies

10 Mobile Security Requirements for the BYOD Enterprise

EasiShare Whitepaper - Empowering Your Mobile Workforce

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

Top Four Considerations for Securing Microsoft SharePoint

Security Solutions

An Oracle White Paper January Oracle Database Firewall

Business white paper Top 10 reasons to choose Cloud-based Archiving

PineApp TM Mail Encryption Solution TM

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Implementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing

Security Controls What Works. Southside Virginia Community College: Security Awareness

# Is ediscovery eating a hole in your companies wallet?

Secured Enterprise eprivacy Suite

Cirius Whitepaper for Medical Practices

Navigating Endpoint Encryption Technologies

Avoid the Hidden Costs of AD FS with Okta

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Using Web Security Services to Protect Portable Devices

BANKING SECURITY and COMPLIANCE

Global Software and Services Firm Reduces Costs, Builds Community with Unified Communications

WHITE PAPER SPON. Considerations for Archiving in Exchange Environments. Published July 2013 SPONSORED BY. An Osterman Research White Paper

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

Moving to the Cloud: What Every CIO Should Know

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Controlling SSL Decryption. Overview. SSL Variability. Tech Note

Untangle communication complexity with ShoreTel s brilliantly simple solution

Transcription:

AN ACCELLION WHITE PAPER Closing the Security Gap Extending Microsoft SharePoint, OCS, and Exchange to Support Secure File Transfer SECURITY COMPLIANCE EASE OF USE Accellion, Inc. Tel +1 650 485 4300 1804 Embarcadero Road Fax +1 650 485 4308 Suite 200 www.accellion.com Palo Alto, CA 94303 info@accellion.com Accellion, Inc. All rights reserved.

The majority of enterprises today use Microsoft SharePoint, OCS and Exchange. But these products create security challenge for enterprises that need to collaborate with external users. Executive Summary distributed teams, enterprises depend on online communication and collaboration. The majority of these enterprises today use Microsoft communication and collaboration infrastructure software including Microsoft SharePoint, OCS, and Exchange. But these products create security challenges for enterprises that need to collaborate and share information with external users such as federated partners, customers, remote users, and mobile workers. The challenge lies in the limitations these Microsoft solutions impose on file sharing. This whitepaper explores the challenges of secure file sharing from Microsoft SharePoint, OCS, and Exchange. 2 Accellion, Inc.

Enterprises need more flexibility, including the ability to transfer files securely to users outside the firewall, who lack access to an internal SharePoint server. Introduction The majority of enterprises today use Microsoft communication and collaboration infrastructure software including Microsoft SharePoint, OCS, and Exchange. Today, Microsoft Exchange is the most prevalent email server for business. For collaboration and content management, more than 100 million users use Microsoft SharePoint. The Microsoft Office Communications Server (OCS) that offers IM, telephony, voice/video conferencing, web conferencing, and other collaborative technologies. Together, these Microsoft products make it easy for enterprise users to communicate and collaborate. Users can switch easily from email to chat to blogging to VOIP conferencing, using whatever tool best meets their collaboration needs at the moment. But these products create security challenges for enterprises that need to collaborate and share information with external users such as federated partners, customers, remote users, and mobile workers. The challenge lies in the limitations these Microsoft solutions impose on file sharing. Enterprises need more flexibility, including the ability to transfer files securely to users outside the firewall who lack access to an internal SharePoint server. Enterprises need to be able to reach these users without setting up complex external server farms and punching holes in firewalls. Enterprises also need security and audit controls lacking in Exchange and OCS. The Security Gap Between File Transfer Capabilities and Communication and Collaboration Requirements All three Microsoft communication and collaboration solutions Exchange, SharePoint, and OCS offer some means of file sharing: SharePoint offers a secure data repository that enterprises can use to manage and protect confidential files. Users can upload files into SharePoint Document Libraries where only authorized users can access them. OCS, like other IM applications, includes a file transfer mechanism that enables users to send a file to other users, such as colleagues participating in a chat or video session. Exchange enables users to send files as email attachments. distributed organizations. Today, internal users need to collaborate not only with one another, but also with a broad community of external users, including Partners Customers Accellion, Inc. 3

Consultants Remote users Foreign manufacturers Remote divisions and branch offices Law offices PR and marketing agencies Industry consortia To collaborate effectively, internal users need a way to easily and securely transfer files to external users. To collaborate effectively, internal users need a way to easily and securely transfer files to these external users. They need to bridge the security gap in their communication and collaboration infrastructure to reach larger, heterogeneous communities of collaborators. enterprises must ensure that file transfers are secure. IT managers and security officers need to audit file transfers and confirm that confidential data is not being sent to inappropriate parties. File transfers must comply with all applicable laws and industry regulations mandating security and audit trails for confidential communications. Applicable laws and regulations might include Sarbanes-Oxley (SOX), the Gramm-Leach-Bliley Act (GLBA), and the Health Insurance Portability and Availability Act (HIPAA). the Microsoft communication and collaboration infrastructure: SharePoint, OCS, and Exchange. The Security Gap in SharePoint files into and out of secured Document Libraries. To share files, internal users for external users. sharing information. It is extremely cumbersome and expensive to set up access and manage separate servers in the DMZ. Because external users are blocked from SharePoint access, internal SharePoint users cannot easily or securely Dangerous Workarounds and the Risk to Compliance l users, they frequently seek workarounds, regardless of the security risks. After all, one way or another, they need to share files. So users resort to emailing files through a personal webmail account, sign up for a free file-sharing service, or to copy the files to a USB memory stick or a CD ROM. In all these cases, files are transferred in unsecure ways outside of the purview of the IT department. The enterprise loses control and oversight over the files. 4 Accellion, Inc.

Security risks abound. Email may be forwarded or intercepted. File-sharing services may leave confidential files vulnerable on servers. USB memory sticks and CD ROMs may be lost. If the files contain confidential data, such transfers may violate privacy laws and industry regulations. An Expensive Alternative: Building an In-house File Transfer Server Farm To protect, track, and manage files exchanged through ad hoc collaborations with employees and outside federated partners, enterprises need to close the communication and collaboration infrastructure. To bridge this security gap, an enterprise can set up dedicated file servers with authentication systems for external users. IT can set up external-facing SharePoint servers and change network topologies to create a secure environment for external communications. But this is expensive, time-consuming, and cumbersome a real IT nightmare. Few enterprise IT departments would seriously consider taking on this sort of overhead, which involves capital expenses, considerable software licensing costs, and ongoing labor costs. The very idea of exposing confidential data sources is likely to make security and compliance officers uneasy. To mitigate one set of security risks, this approach creates another set, and requires a significant hardware investment as well. The Security Gap in OCS A different file transfer security gap affects communications through OCS. The risk here is that files can be readily transferred in unsecure ways and without IT knowledge. Sufficient encryption and authentication controls are not in place. Microsoft Office Communications Server R2, for example, allows users to transfer files to any other user of OCS, a federated partner or a user of PICcompatible IM client (such as Yahoo!, MSN, and AOL clients). Enterprise IT has to open ports on the firewalls for the information sharing in Microsoft OCS R2. in compliance with company policies. The file transfers are unencrypted, unmonitored, and not auditable. To protect, track, and manage files exchanged through ad hoc collaborations with employees and outside federated partners, enterprises need to close the se need a secure file transfer solution that complements and extends the Microsoft infrastructure, enabling users to continue using the client and server programs with, while taking advantage of encryption, authentication, and other security mechanisms for protecting valuable data assets. The Security Gap in Exchange A similar problem of unsecure and unsupervised file transfer exists for Microsoft Exchange. Sending file attachments is second nature for email users. The ease with which email can be used to send attachments has made it the most commonly used file transfer mechanism for business users today. While sending files through email is very convenient, email systems were never designed to handle file attachments efficiently or securely. The enormous volume of information being sent in email attachments has resulted in degraded email Accellion, Inc. 5

server performance, slower message delivery times and security concerns. Because as much as 80% of email storage is files, addressing the performance and security issues related to file transfers is becoming increasingly critical for IT administrators and security officers. A common practice in most organizations today is to limit the size of file attachments and place a quota on mailbox size. Unfortunately this solution for reducing the volume of files being shared via email has only increased the security concerns as business users seek unsecure IT workarounds. Use of USB sticks, unsecure FTP, P2P file sharing and shipping information on CDs via courier, as a workaround to email attachment limits, has led to many high profile data breaches. Closing the Security Gap with Secure File Transfer To address the security and monitoring requirements of enterprises relying on Microsoft for their communication and collaboration needs, organizations should look for a secure file transfer solution that extends the file sharing capabilities of these applications. The Accellion Microsoft Business Productivity Suite The Accellion Microsoft Productivity Business suite augments Microsoft Exchange, SharePoint, and OCS with secure file transfer capabilities, including features for monitoring and auditing file transfer activities. The Accellion Microsoft Productivity Business suite augments Exchange, SharePoint, and OCS with secure file transfer capabilities. The suite includes: Microsoft SharePoint 2007/2010 plug-in Microsoft OCS R2 plug-in Microsoft Outlook 2007/2010 plug-in By deploying the Accellion solution, enterprise IT departments can ensure their users communicate and collaborate securely with both internal users and external users, while avoiding risky file-sharing practices, and avoid expensive deployments of special server farms. MICROSOFT SHAREPOINT 2007/2010 PLUG-IN The Accellion Microsoft SharePoint 2007/2010 plug-in is a server-based plug-in that adds Secure File Transfer capabilities to SharePoint. Users can use the plug-in to transfer files securely to other SharePoint users, in addition to authorized users, outside SharePoint infrastructure. MICROSOFT OUTLOOK 2007/2010 PLUG-IN The Accellion plug-in for Microsoft Outlook adds a Secure File Transfer option to the Microsoft Outlook interface. A user who wants to send files securely, simply clicks on the Accellion Secure File Transfer icon in Outlook and attaches files up to 2 GB in size. 6 Accellion, Inc.

MICROSOFT OCS R2 PLUG-IN The Accellion OCS plug-in offers the same secure file transfer features for Microsoft OCS. Users can be engaged in OCS activity chatting, conferencing, and etc and transfer a file securely by clicking a button and uploading a file. Summary The Accellion Microsoft Business Productivity Suite offers enterprises the following benefits: Secure file transfer with internal users, as well as partners, customers, and other authorized external users. Real-time, on-demand file sharing useful for document reviews and other collaborative processes. A single solution that extends all Microsoft communication and collaboration products, including SharePoint, OCS R2, and Exchange. Dashboard controls and reporting enabling IT managers and security officers to track the distribution of files. Controls for achieving compliance with SOX, HIPAA, GLBA, and internal security guidelines. File transfer security that extends beyond the enterprise firewall, and supports users of non-microsoft, PIC-compatible clients. Return receipts through email so that users can confirm that their files have been received. For more information about the Accellion Microsoft Business Productivity Suite please visit www.accellion.com. Accellion, Inc. 7

About Accellion Founded in 1999, Accellion, Inc. is the premier provider of on-demand secure file transfer solutions for virtual and cloud environments with an extensive customer base covering industries such as advertising/media production, legal, manufacturing, engineering, healthcare, consumer goods, higher education, and more. Accellion provides an enterprise file transfer solution that is secure, economical and easy to use for both end users and IT management. Unlike email and FTP that can no longer meet the evolving security and business requirements, Accellion enables enterprises to eliminate FTP servers, create HIPAA and Sarbanes-Oxley compliant business processes, improve email infrastructure performance, and reduce IT management footprint requirements. The Accellion secure file transfer solution allows internal and external users to send and receive files bi-directionally on the same platform without adding administrative overhead or infrastructure burden. Accellion offers an intuitive web interface with end-to-end file security and policy-based file lifecycle management. Accellion also supports plug-in integration with Microsoft SharePoint, OCS, and Outlook and IBM Lotus Notes. For multi-site enterprises, Accellion offers clustering for multi-site load balancing, intelligent replication and failover. Accellion is a privately held company headquartered in Palo Alto, California with offices in North America, Asia and Europe. www.accellion.com info@accellion.com THIS DOCUMENT IS CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. 8 Accellion, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information