“Managing Information Risk in the Extended Enterprise: Why Corporate Compliance & IT Security Must Join Forces”
Boston, MA -- (ReleaseWire) -- 11/01/2010 -- Brainloop (http://www.brainloop.com), the leading supplier of software solutions for high-security management of confidential documents, today issued a white paper that looks at the challenges of managing security across the entire document lifecycle. Brainloop is used internationally by hundreds of renowned companies including BMW, Deloitte and Eurocopter, for document compliance management and secure collaboration involving highly confidential documents throughout the extended enterprise.
Titled “Managing Information Risk in the Extended Enterprise: Why Corporate Compliance and IT Security Must Join Forces,” the paper is authored by Michael Rasmussen of Corporate Integrity LLC, a noted authority in understanding governance, risk and compliance (GRC) processes and considered the first analyst to define and model the GRC market for professional services and technology.
The paper examines how the distributed nature of working with confidential documents in collaborative settings between employees, external auditors, strategic partners, or any other individuals outside the corporate network poses a serious security risk. Traditional IT security tools do not protect documents outside the firewall. Intellectual property, trade secrets, financial and legal papers, customer lists and other highly sensitive data must be managed under a set of controls that include authentication, audit tracking, rights management, and role-based access control.
“Risk and compliance issues are compounded by the pervasive nature of electronic documents. The more sensitive a document is, the more likely it will need to travel outside the organization, increasing the likelihood of risk exposure,” notes Rasmussen.
“The traditional infrastructure approach to security – firewalls, network access control, endpoint security – cannot protect collaboration in a dynamic and extended business environment. If an organization closely restricts and monitors online collaboration without providing a secure alternative, users are forced to send documents as email attachments -- completely unprotected.”
One challenge the paper notes is the necessity of “changing the security culture in the organization from an endpoint or network infrastructure-centric view to an information-centric view of security. This includes a new paradigm of managing security across the entire document lifecycle – even when they are outside the firewall.”
The paper further makes the case for why compliance and IT security must join forces to deliver a secure online collaboration platform, with the stated goal of empowering end users, vendors and partners with a transparent means of supporting security policies.
Sourced and vetted by IT security, this platform must meet corporate standards for security certification, enterprise integration, choice of delivery model (cloud-based or onsite), Service Level Agreements (SLAs), and flexibility to apply the right level of secure collaboration relevant to the level of risk exposure within the document.
Compliance and legal issues such as electronic discovery and litigation risks weigh heavily on the decision and evaluation of a document compliance management solution. Legal, financial and contract-related licensing documents all require documentation of accesses, non-repudiation and control over document integrity.
Rasmussen writes, “It’s time to stop fighting collaborative processes that end-users have so avidly embraced, and objectively look at securing online document collaboration across extended business relationships to take full advantage of its benefits.”
To read the Brainloop white paper, “Managing Information Risk in the Extended Enterprise,” go to: http://www.brainloop.com/fileadmin/assets/PDFs/White_Papers/brainloop_white_paper_managing_information_risk.pdf
Brainloop, with offices in Boston and Munich, is the leading supplier of software solutions for high-security document collaboration. Brainloop's secure online workspace is a virtual document safe that enables secure filing, editing and distribution of highly confidential documents within a single company, and beyond. All contents are powerfully protected from unauthorized internal or external access, and all actions within the application are documented by a tamper-proof audit trail. Frequent uses include contract negotiations, collecting data and compiling quarterly reports, collaboration with external auditors and counsel, and any other communication that contains confidential information.
Brainloop is used internationally by hundreds of renowned companies including BMW, Deutsche Telekom, Eurocopter, Galileo Industries, Premiere and ThyssenKrupp. Leading law firms and investment banks use this solution for the complete life cycle of M&A transactions. Strategic partners of Brainloop are HP, IZB, Microsoft and T-Systems Business Services. http://www.brainloop.com