Press Release

Another cybersecurity compliance achievement that further validates Kiteworks’ commitment to protecting its customers’ sensitive content communications.

San Mateo, Calif., April 6, 2023– Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network, announced today it received Cyber Essentials and Cyber Essentials Plus certification—the highest standard of IT security in the UK for businesses. Cyber Essentials certification is a government-backed security standard, requiring organizations to demonstrate their commitment to the safe handling and storage of electronic information and the protection of its computer systems from cyber threats.

Kiteworks’ Cyber Essentials certification builds on a lengthy list of cybersecurity compliance achievements, including FedRAMP Authorized for Moderate Impact Level, SOC 2, FIPS (Federal Information Processing Standard) 140-2, ISO 27001:2013, 27017:2015, and 27018:2019, and IRAP (Information Security Registered Assessors Program) assessed against PROTECTED level controls.

Cyber Essentials is a UK government-backed scheme that aims to protect organisations from common cyber threats. It comes in two levels, Cyber Essentials and Cyber Essentials Plus. The former is a self-assessment certification that provides protection against common cyber threats. The latter requires an external testing and certification process that demonstrates an organisation’s secure handling of sensitive and personally identifiable information (PII) and is required for organisations to bid for central government contracts. Both levels are based on a set of controls that organisations must implement to mitigate vulnerabilities and prevent unwanted attention from cybercriminals.

The Kiteworks Private Content Network addresses Cyber Essentials and Cyber Essentials Plus requirements in multiple ways:

1. Securing your organization with a defence-in-depth approach. Kiteworks employs comprehensive encryption for sensitive data in motion and at rest, an embedded and optimized network and web application firewalls, multiple layers of server hardening, zero-trust communications between internal services and cluster nodes, and internal tripwires.

2. Ensuring security and compliance through role-based controls and rigorous audits. Kiteworks role-based controls enforce security and compliance policies and are used to configure simple connections to security infrastructure components such as multi-factor authentication. This includes passing 325 NIST 800-53 security controls and continuously monitoring incidents and configuration changes.

3. Granular policy controls and secure authentication. Granular policy controls like view-only access and watermarking protect sensitive content while enforcing compliance policies. This enables business owners to easily manage content, folders, invitations, and access controls using least-privilege access and authentication.

4. Advanced threat prevention, encryption, and real-time reporting. Kiteworks includes in-depth security controls such as malware with embedded antivirus, advanced threat prevention, encryption of all content at rest using AES-256 encryption, real-time reporting, and log exporting.

5. Automated security testing, patching, and more. Kiteworks employs an OWASP development life cycle with automated security testing, white and black box testing, regular penetration testing, and a continuous bounty program for unearthing vulnerabilities. All activity is fully logged and visible through reporting and the CISO Dashboard and exportable to a syslog and SIEM (security information and event management) system.

“We are very pleased to receive Cyber Essentials and Cyber Essentials Plus certifications, validation of Kiteworks’ ongoing commitment to protect sensitive content communications while ensuring compliance with data privacy regulations,” said Frank Balonis, Kiteworks’ CISO and SVP of Operations. “Cybersecurity frameworks and standards like Cyber Essentials and Cyber Essentials Plus help protect the UK government’s supply chain from malicious attacks by cybercriminals and rogue nation-states. Cyber Essentials Plus certification is a prerequisite to apply for critical national infrastructure projects. Organizations using the Kiteworks Private Content Network for secure email, file sharing, managed file transfer (MFT), and web forms can focus on growing their business with the UK government.”

About Kiteworks

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications. Headquartered in Silicon Valley, Kiteworks protects over 100 million end users for over 3,650 global enterprises and government agencies.