Maximizing Data Security With a Comprehensive Defense-in-Depth Approach
Kiteworks uses a defense-in-depth approach to secure sensitive data, including comprehensive encryption, an embedded network firewall, a web application firewall, multiple layers of server hardening, and zero-trust communications. Granular policy controls ensure that only approved users can access each piece of data through defined interfaces, while helping to prevent unauthorized access.
Streamlined Security and Compliance With Role-based Controls and Rigorous Auditing
Kiteworks uses role-based controls to enforce security policies, configure connections to security infrastructure components like MFA, and define user-access levels for all data. These measures help Kiteworks pass rigorous yearly audits by certified third parties, including FedRAMP audits that validate 325 NIST 800-53 security controls.
Granular Policy Controls for Enhanced Security and Compliance
Kiteworks offers granular policy controls, including view-only access and watermarking, to protect sensitive data and enforce compliance. Administrators can also set policies for password complexity, geofencing and domain white and black listing, and enforce password changes during login. These features give you fine-tuned control over security and compliance within the platform.
Data Protection With Advanced Threat Prevention and Encryption Measures
Kiteworks uses embedded antivirus and advanced threat prevention to protect against incoming malware. All data is encrypted at rest using AES-256 encryption to protect all data from unauthorized access, data corruption, and malware. In the event of an attack, real-time reporting and log exporting provide a complete external copy for auditing and an understanding of exactly what happened and what may have been compromised.
Ensuring Ongoing Security With Robust Vulnerability Testing and Reporting
Kiteworks follows an OWASP secure DevOps life cycle and conducts automated security testing, white and black box testing, regular penetration testing, and a continuous bounty program to uncover vulnerabilities. Regular updates and patching are pushed to customers, and rapid alerts provide a single point of truth in a report with log details of all global access activity, along with one-click appliance updates. All activity is fully logged and visible through reporting and the CISO Dashboard and can be exported to a syslog, SIEM, and SOAR.
Kiteworks touts a long list of compliance and certification achievements.
Frequently Asked Questions
UK Cyber Essentials Plus Certification is a program established by the UK government to help organizations looking to bid for UK central government contracts of all sizes protect themselves against online threats. It is designed to be a straightforward, affordable way for organizations to demonstrate that they have taken the necessary steps to safeguard their data and devices against cyberattacks.
Cyber Essentials is a self-assessment certification that attests an organization provides the necessary protections against common cyber threats. Cyber Essentials Plus, by contrast, involves third-party testing and verification of an organization’s cybersecurity measures. Cyber Essentials Plus demonstrates an organization’s secure handling of sensitive and personally identifiable information (PII) and is required for organizations to bid for central government contracts. Cyber Essentials Plus requires a self-assessment questionnaire as well as an independent assessment by the IASME Consortium of the organization’s systems. Cyber Essentials Plus Certification is intended to provide a higher level of assurance to stakeholders that an organization’s cybersecurity measures are effective.
Any organization that operates in the UK, regardless of its size or industry, can apply for Cyber Essentials Plus Certification. This includes businesses, charities, schools, and other types of organizations.
There are several benefits to obtaining a UK Cyber Essentials Plus Certification. Firstly, it helps protect your organization against common cyberattacks and reduces your risk of data breaches. Secondly, it reassures your customers and stakeholders that you take cybersecurity seriously and have taken additional steps to safeguard their data. Finally, UK Cyber Essentials Plus Certification helps your organization comply with additional regulations and contractual obligations that require organizations to demonstrate their cybersecurity effectiveness.
At present, UK Cyber Essentials Plus Certification is not mandatory for organizations. However, some government contracts and other procurement processes may require organizations to hold Cyber Essentials Plus Certification as a prerequisite. Additionally, some industry bodies or regulators may recommend or require Cyber Essentials Plus Certification for their members or licensees.
Kiteworks provides organizations a Private Data Network that helps organizations with UK Cyber Essentials Plus Certification in several ways.
Secure file sharing: Kiteworks offers end-to-end encryption, in alignment with the UK Cyber Essentials Plus Certification’s requirement for ensuring sensitive information is protected during transit and at rest.
User access controls: Kiteworks allows administrators to set up granular access controls, ensuring that only authorized users can access sensitive information, in alignment with the UK Cyber Essentials Plus Certification’s requirement to have robust user access controls in place.
Overall, Kiteworks helps organizations meet several of the key requirements for UK Cyber Essentials and Cyber Essentials Plus Certification, so organizations can share confidential data securely and mitigate the risk of a cyberattack.
FEATURED RESOURCES
Kiteworks Gets UK Cyber Essentials Plus Certification
Kiteworks Gets UK Cyber Essentials Plus Certification
How to Achieve NIS 2 Compliance and Secure Your Content
How to Achieve NIS 2 Compliance and Secure Your Content
Kiteworks Complies With ISO 27001, 27017, and 27018
