Maximizing Data Security With a Comprehensive Defense-in-Depth Approach
Kiteworks uses a defense-in-depth approach to secure sensitive data, including comprehensive encryption, an embedded network firewall, a web application firewall, multiple layers of server hardening, and zero-trust communications. Granular policy controls ensure that only approved users can access each piece of content through defined interfaces, while helping to prevent unauthorized access.
Streamlined Security and Compliance With Role-based Controls and Rigorous Auditing
Kiteworks uses role-based controls to enforce security policies, configure connections to security infrastructure components like MFA, and define user-access levels for all content. These measures help Kiteworks pass rigorous yearly audits by certified third parties, including FedRAMP audits that validate 325 NIST 800-53 security controls.
Granular Policy Controls for Enhanced Security and Compliance
Kiteworks offers granular policy controls, including view-only access and watermarking, to protect sensitive content and enforce compliance. Administrators can also set policies for password complexity, geofencing and domain white and black listing, and enforce password changes during login. These features give you fine-tuned control over security and compliance within the platform.
Data Protection With Advanced Threat Prevention and Encryption Measures
Kiteworks uses embedded antivirus and advanced threat prevention to protect against incoming malware. All content is encrypted at rest using AES-256 encryption to protect all data from unauthorized access, data corruption, and malware. In the event of an attack, real-time reporting and log exporting provide a complete external copy for auditing and an understanding of exactly what happened and what may have been compromised.
Ensuring Ongoing Security With Robust Vulnerability Testing and Reporting
Kiteworks follows an OWASP secure DevOps life cycle and conducts automated security testing, white and black box testing, regular penetration testing, and a continuous bounty program to uncover vulnerabilities. Regular updates and patching are pushed to customers, and rapid alerts provide a single point of truth in a report with log details of all global access activity, along with one-click appliance updates. All activity is fully logged and visible through reporting and the CISO Dashboard and can be exported to a syslog, SIEM, and SOAR.
Kiteworks touts a long list of compliance and certification achievements.
Frequently Asked Questions
Kiteworks provides organizations a private content network that helps organizations with UK Cyber Essentials Plus Certification in several ways.
Secure file sharing: Kiteworks offers end-to-end encryption, in alignment with the UK Cyber Essentials Plus Certification’s requirement for ensuring sensitive information is protected during transit and at rest.
User access controls: Kiteworks allows administrators to set up granular access controls, ensuring that only authorized users can access sensitive information, in alignment with the UK Cyber Essentials Plus Certification’s requirement to have robust user access controls in place.
Overall, Kiteworks helps organizations meet several of the key requirements for UK Cyber Essentials and Cyber Essentials Plus Certification, so organizations can share confidential data securely and mitigate the risk of a cyberattack.