Strengthen your organization's security with NetDocuments' PROTECT solution. Enhance document security, empower teams, and meet compliance requirements effortlessly.
How NetDocuments is Helping You Meet – and Exceed – Your Security and Governance Requirements
Contents Introduction..........................................................................................3 Introducing NetDocuments PROTECT........................................................4 About NetDocuments Workspace Security Manager..............................5 About NetDocuments Data Loss Prevention............................................6 About NetDocuments Customer Managed Encryption Keys...................6 About NetDocuments FlexStore and FlexStore Pro..................................7 NetDocuments Platform Security Features that Complement PROTECT...8 About NetDocuments Trust Services........................................................9 Conclusion.............................................................................................10 About NetDocuments................................................................................11
2 |
INTRODUCTION
Today’s realities for establishing and maintaining data security and governance controls have changed significantly in recent years. Today’s modern flexible work arrangements have highlighted the criticality of cybersecurity while working remotely. Regulatory and government agencies, clients, and auditors are imposing stricter controls on data protection, best practices, independently verified certifications and attestations, and end-user oversight.
Flexible work arrangements have highlighted the criticality of cybersecurity while working remotely.
Law firms, legal teams, and government agencies need to protect their intellectual property, including documents and data, at all levels. The capabilities of NetDocuments PROTECT provide a framework for ensuring the security of your valuable information assets, such as: • Confidentiality – restricting access or limiting the actions that can be taken with information • Integrity – ensuring that information can only be accessed or modified by authorized users • Availability – ensuring information is available and ready for use by authorized users • Authentication – ensuring users are who they say they are • Non-repudiation – ensures that actions taken on information cannot be denied
NetDocuments delivers a platform that complements your comprehensive approach to security. This document will demonstrate how NetDocuments’ security and governance offering can help you manage your most complex security challenges and reach your data protection goals.
3 |
INTRODUCING NETDOCUMENTS PROTECT
NetDocuments PROTECT is compromised of additional security products designed to further protect document repositories and the data they store. PROTECT includes:
• Workspace Security Manager (WSM) allows organizations to easily manage security at a workspace level by creating, editing, and applying security policies to the content in their workspaces. This enables you to build and manage ethical walls and need-to-know security environments where information is only accessible to those who require it. A summary of WSM capabilities is found on page 5.
• Data Loss Prevention (DLP) helps simplify and strengthen your data security. DLP greatly reduces the risk of unauthorized data usage and exposure by enabling you to classify content, create and enforce policies that control user actions, and prevent documents from leaving the security of NetDocuments. Seamlessly map Microsoft Purview Information Protection (MPIP) policies into NetDocuments. A summary of DLP capabilities is included on page 6.
• Customer Managed Encryption Keys (CMEK) provide an additional layer of encryption for your most sensitive information while leaving you in complete control of the encryption keys. CMEKs add an encryption layer, which provides dual-custody control. CMEKs also allow you to revoke and reapply keys at will, and they give you the flexibility to apply advanced encryption to whatever specific content you choose. Additional information can be found on page 8. • FlexStore provides cloud or hybrid storage options that give you control over the geographic location of your content. With FlexStore, you can take advantage of NetDocuments’ global data centers, local object store technology in your own data centers, or Microsoft Azure Blob Storage for geo-aware cloud storage — and manage your storage options through one convenient management console. FlexStore Pro adds the Distributed Cryptographic Service (DCS), which encrypts and decrypts content closer to end users. Additional details are on page 8.
4 |
ABOUT NETDOCUMENTS WORKSPACE SECURITY MANAGER
Workspace Security Manager (WSM) gives you the freedom and flexibility to create and effectively manage security policies. This includes accessing control permissions, locking permissions to create walls, enabling need-to-know sharing, and delegating security management to assigned individuals. These policies are administered at the workspace level and apply to all content within a workspace.
Free Up Your Time by Safely Delegating Workspace Controls
SAFELY CONTROL USER ACCESS Easily create WSM groups and empower the users who are best suited to manage the security policies by adding them, reducing the burden on your IT team. Then, use the policies to control access and establish ethical walls at the workspace level within specific cabinets. CREATE A TRUE NEED-TO-KNOW ENVIRONMENT The key to a need-to-know environment is only giving users access to the files they need. WSM provides the flexibility to authorize document access regardless of whether users are members of a workspace.
USE CLICKS, NOT CODE Make it quick and easy for authorized individuals to create and maintain security policies that enforce access controls, ethical walls, and need- to-know sharing through a user-friendly interface with full audit trails. MAKE AUDIT TRAILS EASY You can generate an effective rights report which details the access permissions, ethical walls, and need-to-know sharing settings when creating or editing a policy. Access or download a full history showing what changes have been made, and by who, for each individual policy through the admin user interface.
5 |
ABOUT NETDOCUMENTS DATA LOSS PREVENTION
As insider attacks rise, you need a holistic security strategy to protect your most sensitive information. Data Loss Prevention (DLP) takes the pressure off your overburdened IT teams by using layered policies to manage an extra layer of security simply and efficiently. DLP enables you to prevent authorized users from accidentally or maliciously sharing, editing, emailing, or downloading sensitive information. You can easily apply policies broadly across all your content — or use metadata to apply policies more narrowly at the profile level or the individual document level.
Prevent Insider Attacks
KEEP CONTROL OF YOUR POLICIES You need flexibility to keep your documents and users secure. DLP provides it — with a layered policy approach so you can apply controls to content at the cabinet, profile, and document level. This allows you to add essential extra layers of security to the specific documents that need them. SAVE TIME AND EFFORT DLP provides a flexible approach for applying access controls to your content. With DLP, you can extend your entire security strategy by enabling DLP at the source — in your NetDocuments repository. USE INTEGRATION TO BUILD A MORE HOLISTIC SECURITY STRATEGY You can’t stay secure unless all of your security solutions work seamlessly together. NetDocuments DLP helps make that possible — by giving you the ability to import policy and classification labels from Microsoft Purview Information Protection into documents as custom metadata attributes. DLP also allows other security technologies to trigger policies based on DLP policies and classification labels. ABOUT NETDOCUMENTS CUSTOMER MANAGED ENCRYPTION KEYS Customers, clients, and stakeholders often have unique security requirements that demand granular security strategies, including the ability to generate and manage their own encryption keys. Customer Managed Encryption Keys (CMEK) build on the dual-encryption capabilities of NetDocuments’ existing Encryption Key Management (EKM) technology — by adding a third layer of encryption to specific content. You can choose to assign CMEK to specific sets of content organized by metadata profile attributes such as client, matter, or project. This method of managing encryption allows you to remove access to specific content while maintaining user access to other sets of content.
6 |
Get Unmatched Document Protection with CMEK
OBJECT ENCRYPTION KEY (OEK) Whenever a document is uploaded to NetDocuments, it is encrypted using a new, individual OEK which is unique for each document. MASTER ENCRYPTION KEY (MEK) As soon as the document is encrypted, the MEK is used to encrypt, or ‘wrap’, the OEK.
CUSTOMER MANAGED ENCRYPTION KEY (CMEK) If enabled and applied to the target document, a CMEK is then used to encrypt, or “wrap” the OEK with a second layer of encryption — creating a total of three layers of encryption for your most sensitive documents. ABOUT NETDOCUMENTS FLEXSTORE AND FLEXSTORE PRO
The document is encrypted by the OEK, which is then wrapped by the MEK. If CMEK is active, the MEK is wrapped by the CMEK adding a third layer of encryption to the document.
As jurisdictions and regulatory bodies across the world continue to place more restrictions on how information is stored and processed, you are faced with a recurring dilemma: How do you keep your teams productive and provide good service experiences without compromising content governance and security? FlexStore and FlexStore Pro from NetDocuments directly address this challenge — by making it possible for all your stakeholders to experience the convenience, efficiency, and security of hybrid-cloud and cloud- storage options no matter where their information resides.
Two Options to Standardize Processes Without Sacrificing Performance
FLEXSTORE
Take Advantage of Geo-aware Global Storage FlexStore is ideal if you have clients that require local document storage in locations of their choosing. With FlexStore, you can store your content in the NetDocuments cloud, on Microsoft Azure, or on-premises in your data center, while still enjoying all of the processing efficiencies and innovations that secure cloud technology has to offer.
7 |
FLEXSTORE PRO
Accelerate Your Content Delivery Your users want a consistent, reliable service experience that includes quick downloads and even faster uploads. At the same time, your organization requires dependable, consistent governance and security controls, regardless of location. With FlexStore Pro, you can have both. FlexStore Pro enhances FlexStore by introducing localized document encryption and decryption using the Distributed Cryptographic Service (DCS). NETDOCUMENTS PLATFORM SECURITY FEATURES THAT COMPLEMENT PROTECT NetDocuments PROTECT complements existing data security and information governance features and technologies that already exist in the NetDocuments platform. When used in conjunction with the standard security features, PROTECT can be part of a layered approach to security. This section will detail some of the key security features that are available to all NetDocuments customers today, regardless if PROTECT has been purchased. When uploaded to the platform, each document receives and is encrypted by its own unique Object Encryption Key (OEK) which is then separately encrypted by a Master Encryption Key (MEK) at the repository level. Each key is created using fully entropic quantum random number generation. Fully entropic keys protect against brute force and nation-state attacks, and are even resistant to quantum computing exploitation.
8 |
The ndSync desktop application contains a device-level circuit breaker that detects unusual activity in locally synchronized folders and stops the synchronization process before affected documents are uploaded to the Service. Permissions for the platform are designed around access controls and profile-based security. Access to content can be granted based on View, Edit, Sharing, and Administrative permissions, and these can be applied to document or profile attributes. This allows firms to restrict access to content based on the metadata associated with it, meaning that if you have data regarding a certain project, you can restrict access for all files within that workspace that are tagged with that project’s metadata attribute. With Security Analytics, NetDocuments provides information around downloads and activity so that firms don’t miss the opportunity to investigate potentially suspicious behavior. Security Analytics allows administrators to have an early alert if there is anomalous behavior (e.g., number of downloads) and identify potential risks before it’s too late. ABOUT NETDOCUMENTS TRUST SERVICES In addition to the security features listed above, NetDocuments Trust Services is a corpus of material available to customers that may be used to respond to client and regulatory audits or learn about and validate the security, availability, and privacy of the NetDocuments Service. The materials are regularly updated and made available by the NetDocuments Compliance Department. Customers have access to contents outlining NetDocuments policies and best practices and to material on the following NetDocuments certifications and attestations: ● SOC 2 Type 2 on Security, Availability, and Privacy, plus relevant HIPPA controls ● ISO 27001 ● ISO 27017 ● ISO 27018 ● ISO 27701 (for GDPR) NetDocuments also employs the following best practices in order to further protect your data: segregation of duties, defective media retention, removable media disablement, log isolation, third-party security scans, static/dynamic source code scans, regular vulnerability tests, etc. These best practices are detailed in the Trust Services as well.
9 |
NetDocuments’ commercial service regions use data centers in the US (3), UK (3), Germany (3), Australia (2), and Canada (2). In addition, storage facilities are available in Microsoft Azure in select global locations. Each commercial co-location data center used by NetDocuments follows or exceeds industry standards for security and availability of data center resources. Those standards include perimeter security, 24/7 external and internal surveillance, hardened entrances, preauthorized visitation with validation, multifactor access for physical security zones, fully redundant HVAC, water and fire detection and prevention, and extended on site backup power generation capability. NetDocuments annually audits each commercial data center it uses, and the commercial data centers are also within the scope of NetDocuments’ current ISO 27001 certification. NetDocuments achieved FedRAMP Moderate Authorized status in 2021 for its separate US GOV Service region that is hosted in Microsoft US Azure Government services. CONCLUSION IT teams are always searching for smart strategies to strengthen their organization’s security posture — without adding extra burdens for users, clients, and other stakeholders. With the PROTECT solution, your IT teams can enhance the industry-leading document security built into NetDocuments, empower the best and most knowledgeable people across your organization to create and manage appropriate security policies, and satisfy your most rigorous compliance requirements — all while removing cumbersome administrative tasks.
10 |
MORE AND MORE FIRMS ARE CHOOSING NETDOCUMENTS FOR RELIABLE DOCUMENT SECURITY THAT HELPS MITIGATE RISK WHILE MAXIMIZING COLLABORATION AND PRODUCTIVITY.
BOOK YOUR DEMO TODAY
NetDocuments is the #1 trusted cloud-based content management and productivity platform that helps legal professionals do their best work. Backed by over 20 years of experience in native cloud innovation, NetDocuments offers a complete end-to-end platform for document and email organization and management, including award-winning security and research capabilities; robust automation, collaboration, and search technologies; and seamless integrations with other tools professionals use daily. NetDocuments supports 7,000+ law firms, corporate legal departments, and public sector entities globally.
Visit netdocuments.com for more information. NORAM: (866) 638-3627 | EMEA: +44 20 3129 9324 | APAC: +61 2 8310 4319
11 |
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11Made with FlippingBook interactive PDF creator