Sensitive data leakage by internal employees is a major concern for any organization in terms of data protection, but for highly secure organizations such as defense contractors, military manufacturers, intelligence agencies, law enforcement agencies, etc, it is the most pressing concern and may affect the organization in many ways including jeopardizing human lives.
Such organizations are usually cut off from the outside world, but they hold the most highly sensitive data in the world, so the threat is internal rather than external.
The internal threat can be any of the following – employees, 3rd party contractor working within the facility, or the IT administrator managing the file storages.
The problem is that like their enterprise counterparts, also highly secure organizations use file shares in order to provide users with access to organization data, as well as ensuring data is regularly backed up.
While providing ease of access to files, standard files shares do not provide high levels of access and usage controls, but rather basic user permissions. In addition, the main protocol used for file shares is Server Message Block (SMB) also known as Common Internet File System (CIFS).
But while SMB has become in the center of all organizations, it’s inherent vulnerabilities have been exploited as part of various attacks. The continued use of the SMB protocol is a major security concern for organizations globally, regardless their type.
The Solution - Safe-T Secure Internal File Access
Safe-T SmarTransfer allows for internal users to gain transparent access to secure storages over the standard HTTP/S protocol. What appears as a standard mapped network drive is actually a secure, encrypted and access-controlled channel to be exposed to the sensitive information /files with the right authorization rights to upload, download, copy, open, delete, view, etc all according to “need to know basis” and permissions, while not relying on the vulnerable SMB protocol.
All transactions are subject to Safe-T’s SecureStream policy and workflow engine, thereby ensuring secure and controlled access to any file type file content, meeting governance and audit requirements.
SmarTransfer integrates with the organization’s authentication solution (e.g. Active Directory), transparently authenticating the user when they open their mapped drive. The list of presented Safe Spaces (folders) displayed to the user, depends on the user’s group and permissions.
Deployed as a virtual machine, SmarTransfer seamlessly integrates into existing file shares
Server-side capabilities maximize the security on overall users file transmissions
Zero SMB protocol usage, connection using HTTP/S protocol from client to Safe-T
As opposed to other solutions, Safe-T SmarTransfer is clientless and does not require any installation on the user desktop. Clientless deployment minimizes the complexity of managing desktop client installations and upgrades, and it is transparent to any operating systems
Access and permissions control ensures secure and controlled access to any file types and content
Supports file operations with full file function capabilities, such as: Upload, download, copy, create, open, move, delete
SmarTransfer acts as a secure file gateway between users and remote file servers, enabling 3rd party integration (AV/DLP/etc.) and policy enforcement
Prevents any unauthorized file access or usage – changing file original format, encrypting files, etc
Built-in file encryption and/or encryption using external HSM for Secure encryption keys storing
Full audit trail and reporting to SIEM solutions (e.g. Arcsight)
View only options, without the option to download the sensitive information to the local work station
Full segregation of duties between IT administrators and business users
Seamless integration into existing file access environments
Simple and easy deployment
Reduce the risk of data theft, and data leakage attacks
Reduce the overall network attack footprint by removing SMB protocols
Access Control ensures secure and controlled access to any file types and content
Ability to interact with organization security and data protection tools.
Brings back the control over sensitive information from the users to the organizations.