Professional Documents
Culture Documents
kiteworks
Overview
More than 2,000 Enterprise corporations and
government agencies and 12 million enterprise users
have chosen Accellion for securely sharing files and
collaborating with colleagues, partners and vendors
across organizational boundaries and across devices.
Ensuring enterprise data security is a top priority for
corporations and government agencies and is
reflected throughout the kiteworks solution, in our
processes, procedures and product design.
This document provides an overview of the kiteworks
security features designed to ensure protection of your
enterprise data.
.
kiteworks Architecture
Security in Depth
We designed kiteworks with security as a priority, with a multi-tiered
architecture that enforces multiple layers of security. Additionally, the
kiteworks software appliance is a hardened appliance with only the
necessary services running and only the required ports open. All server-toserver communication is encrypted with automated key rotation. The threetiered architecture allows administrators to separate web services from enduser data so that user files and meta-data can be hosted behind the
corporate firewall.
Figure 1:
kiteworks 3-tier architecture
Key benefits of the kiteworks three-tier architecture include:
! Reduced attack surface: Only the web layer is exposed in the DMZ.
! Separation of services: Application layer adds an additional security layer between
the web and data layer. This makes data layer inaccessible directly from web layer.
! Data Integrity: The application layer ensures that only the valid/sanitized data is sent
across to the data layer.
! High scalability and availability: Each tier can be scaled independently to add load
balancing and redundancy as needed.
hosted offering is provided via Amazons EC2. Amazon security details are available in a later
section of this document.
Public Cloud
For organizations less concerned with security (typically small businesses), Accellion
provides a multi-tenant service (via Amazons EC2). Amazon security details are available in
a later section of this document.
Hybrid Cloud
kiteworks offers the only true hybrid deployment model. Organizations can mix and match
hosted and on premise deployments. This is ideal for capacity planning as well as supporting
remote offices that may not be close a companys data center.
Figure 2:
kiteworks geographical segregation
Application Security
In addition to the secure architecture, kiteworks provides IT administrators
with an extensive suite of policy management features that enable control
and tracking of access to corporate files.
Single Sign-on and LDAP integration
Active Directory/multi-LDAP integration is provided for Enterprise accounts. This gives IT
Administrators centralized control and management over user accounts.
kiteworks also supports single sign-on through SAML (Secure Assertion Markup
Language) 2.0. SAML is an industry standard protocol for exchanging authentication and
authorization information between different security domains. Enterprises can implement
multi-factor authentication and then seamlessly exchange authentication information with
Accellion via the SAML integration.
Encryption
All files on a kiteworks system are encrypted in transit and at rest. Data in transit is
secured via an SSL encrypted connection. 256-bit AES encryption is provided for data at
rest and in transit.
Accellions security mechanisms guard against malicious access:
! File names are de-referenced when stored on Accellion to ensure that files are
inaccessible.
! Data can be accessed only through the file URL embedded in the email.
! Each URL call is authenticated individually.
Anti-Virus
Anti-virus software, provided by F-secure, is integrated within kiteworks to scan files on
upload and download. Anytime a file containing a virus is found, kiteworks will quarantine
it. The anti-virus service can be enabled or disabled by administrators.
Secure Authentication
kiteworks Mobile Apps support authentication through LDAP, ensuring that only
authorized users gain access to secure workspaces.
Mobile Encryption
Files saved on the mobile device are stored in a secure container with 256-bit AES
encryption. Files shared with others via email are sent via the SSL protocol. Files
downloaded to the device are password protected and encrypted while at rest. Users
choose a six digit passphrase to access encrypted files downloaded to the mobile device
using the kiteworks Mobile Apps.
Remote Wipe
Administrators can immediately disable a kiteworks session if a phone is lost or stolen and
wipe the contents of the compromised device. Only the content stored in kiteworks will be
wiped, not the entire device, hence providing separation between personal and corporate data.
Whitelisting
Third party mobile apps can be allowed/disallowed to access content from within the
kiteworks app by use of whitelists, set by the administrator. This helps prevents data
leakage to consumer cloud apps from where users can save sensitive content to
unmanaged services such as Dropbox or iCloud.
MDM Integration
In conjunction with MDM solutions such as MobileIron and Good, IT Administrators can
also ensure that only authorized apps are downloaded, users have the latest software
updates, and users are not using excessive bandwidth.
and supporting corporate information management, compliance and security policies.
! Each Enterprise Connect Management system (ECM) connector securely
communicates through the firewall to Accellion using HTTPS and a secure Web
Socket connection.
! kiteworks authenticates users against enterprise Active Directory server - only
authenticated users can access content.
! kiteworks respects existing users, groups and roles in place around content it does
not change any access controls or user permissions.
! kiteworks maintains existing information hierarchy - documents continue to exist in
the relevant context in which they were published.
! kiteworks maintains Document of Record - users have access to the most current
copy of the document stored in SharePoint; Back-end policy systems such as Data
Loss Protection (DLP) and Records Management (RM) are not compromised by
duplicating the content to other systems.
! Accellion provides complete logs of all transactions on content stored in the ECM systems.
Logs can be downloaded and exported to third-party reporting and audit systems.
! IT Administrators can centrally provision users and manage security policies including
access rights for auditing, reporting and demonstrating compliance.
Figure 3:
kiteworks content connectors
Audit Trail
As an enterprise-class mobile file sharing solution, kiteworks automatically logs all file and
user activities in the application. The audit log provides administrators insight into what is
being done in the system, which users are accessing files, which files are being uploaded,
and how the system is working overall. Audit trails and comprehensive file tracking help
enterprise organizations demonstrate compliance with industry and government
regulations. Audit logs are date/time stamped and tracked by user, email address, IP
address, and action taken. Administrators can sort by these attributes and also export the
audit log either as a CSV file or to a Syslog server. Administrators determine how long
logs are stored on kiteworks.
Physical Security
AWS datacenters are housed in nondescript facilities. Authorized staff must pass twofactor authentication a minimum of two times to access datacenter floors. (Amazon, 2011)
Data Privacy
AWS enables users to encrypt their personal or business data within the AWS cloud and
publishes backup and redundancy procedures for services so that customers can gain
greater understanding of how their data flows throughout AWS. (Amazon, 2012)
About Accellion
Accellion, Inc. is an award-winning private company that provides mobile solutions to enterprise organizations to enable increased business
productivity while ensuring security and compliance. As the leading provider of private cloud solutions for secure file sharing, Accellion offers
enterprise organizations the scalability, flexibility, control and security to enable a mobile workforce with the tools they need to create, access
and share information securely, wherever work takes them. More than 12 million users and 2,000 of the worlds leading corporations and
government agencies including Procter & Gamble; Indiana University Health; Kaiser Permanente; Lovells; Bridgestone; Harvard University;
Guinness World Records; US Securities and Exchange Commission; and NASA use Accellion solutions to increase business productivity,
protect intellectual property, ensure compliance and reduce IT costs.
ACC-WP-1113-MSBYOD
Whitepaper
| Security
Overview
kiteworks
For additional
information:
www.accellion.com/resources/whitepapers
Email: sales@accellion.com
Phone: +1 650 485 4300
Accellion, Inc.
1804 Embarcadero Road
Palo Alto, CA 94303