August 22, 2018

    Restriction Protocols You Need for Compliant File Sharing

    Do you live in fear of a getting hit with non-compliance fine? If so, you’re not alone. Many business owners know the risks associated with failing to comply with applicable government regulations, like HIPAA, ITAR, PCI-DSS, GLBA, or SOX. And you know how easily government fines could put your company at risk, especially since they can skyrocket to thousands or even millions of dollars; amounts that many companies are unable to pay out of pocket. This doesn’t even include the potential for lost business, damage to your reputation, or in the most negligent of cases, jail time.

    Carelessness with sensitive data could potentially lead to compliance violations. And for companies like healthcare organizations dealing with ePHI (electronic protected health information) or government contractors handling defense-related data, it’s imperative that you keep this information safe. A data breach could violate key compliance regulations that apply to your business. That’s why you need compliant secure file sharing processes.

    Make sure you’re using the following restriction protocols in your file sharing processes to keep your data secure and your company compliant.

    Country Access Restrictions

    For government contractors, ITAR (International Traffic in Arms Regulations) compliance has a huge impact on how your data is shared. ITAR mandates that items listed on the United States Munitions List (USML) not be shared with parties other than U.S. citizens and authorized parties.

    If your company is a government contractor, the ability to restrict which countries have access to your solution is a powerful tool in the fight against hackers. So, how does country access restriction work? Using a professional-grade geo-IP database that tracks all IP addresses in the world, top FTP providers can restrict access to your managed solution based on country. And, these geo-IP databases are updated regularly, so you know the user information and country location are current.

    By restricting country access, you’re assured that the only users who are able to get into your FTP solution are pre-approved, domestic users, instead of international hackers. This helps you avoid ITAR non-compliance fines or other penalties like loss of business or your government contractor status. But, regardless of what industry your business is in, restricting access by country keeps 99% of the hackers away!

    IP Address Restrictions by User

    Unfortunately, you probably have hackers in your own backyard, so there are limitations to how well country access restrictions protect your data.

    IP address restrictions take country restrictions to the next level by limiting access down to the exact IP address of each user on an individual basis. So, you’re able to restrict down the exact IP address of a device a user's can connect from.

    These IP address restrictions also play a role in mitigating the risks associated with compromised passwords. With a top FTP provider like Sharetru, users accessing your file sharing solution go through a two-factor authentication process in which the right username and password have to used from the approved IP address. So, this means if a hacker was able to get one of your user’s login credentials, but tried to use them from the hacker’s own computer, access to the solution would be denied. Access is granted only if the username and password are input from the corresponding IP address. The IP address acts as a second authentication factor.

    In addition to giving you control over IP restrictions by user, some FTP providers even offer IP address blacklisting. Sharetru uses proprietary Intrusion Detection and Prevention heuristics to identify and blacklist offending IP addresses from all servers. This gives another layer of security for companies who want to maintain compliant file sharing processes.

    User Access Restriction

    Whether intentionally or unintentionally, your employees could be the biggest threat to compliant file sharing. Whether employees are failing to follow best practices or have sinister motivations of their own, you need safeguards in place to keep files secure – even from internal threats.

    User access restrictions give your site administrators the power to apply specific permissions for individual users. So, you can determine who has the power to access, upload, download, and delete files on a per folder basis. When it comes to compliant file sharing, one of the keys is to make sure sensitive files are only available on a need-to-know basis. While a manager may need access to specific data, lower level employees may not. Or, while a customer may be able to upload or download files, perhaps only an employee can delete files.

    Beyond simply restricting who has access to which files, you can also track who has accessed files in the past and for what purpose. This allows you to track the source of a data breach if one occurs, a valuable feature when you’re trying to stay compliant.

    Physical Access Restrictions

    A final way to ensure your file sharing solution is compliant, especially with ITAR regulations, is to monitor physical access to the servers that hold your data. This is really important if you’re partnering with an FTP provider. When you’re using shared servers via solutions like Dropbox or Google Drive, you never know exactly where your data is stored. It could be somewhere in the U.S. or somewhere on the other side of the world. It could be accessible to a Google or Dropbox employee that is not a U.S. citizen. That could lead to problems when it comes to compliant file sharing.

    With ITAR compliance regulations for example, data can’t be accessible to non-authorized, non-U.S. citizens. This means you need an FTP provider that uses servers based exclusively in the U.S. and who’s staff are all U.S. citizens. With Sharetru, you have transparency into where the servers holding your dare are located – Louisville, Kentucky – and who these servers are managed by – U.S. citizens. And, you can trust that these servers are housed in a secure location.

    With some FTP providers, you have no assurances as to where your data is housed. But with Sharetru, you can be sure that physical access restrictions promote compliant file sharing.

    As you continue to invest time and effort into maintaining compliance, integrate these access restrictions into your compliance routine. Look for a file sharing solution that enables these restrictions, since the right solution is key to protecting your data and your business. Compliant file sharing doesn’t have to be a challenge when you have the right safeguards in place.


     

    Tag(s):

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts