The NextLabs Information Barriers solution enable businesses to:
- Prevent Conflicts of Interest. Control internal information flow to avoid improper communication and collaboration that results in compliance violations.
- Maintain internal boundaries across the organization. Improve efficiency and reduce errors with consistent controls across applications and systems where data is communicated, distributed, and stored.
- Apply identity to determine who can collaborate. Enforce fine-grained policies to ensure only authorized users can share specific information under appropriate context internally.
- Automate user education and workflow procedures. Assist users to handle data internally with proper discretion by simplifying workflow, and avoid unintended misuse or data loss.
- Fully audit and report internal information disclosure. Monitor activities, discover risks, and remediate gaps to prove compliance with information barriers.
Monitor and Actively Enforce Internal Boundaries Among Organizations
Industry and government regulations require the strict enforcement of boundaries during internal communication and collaboration that preserve confidentiality when handling sensitive data, such as material information or personally identifiable information. For companies operating in a global environment, these information barriers can become even more critical, such as:
- Regulatory: SEC - Research and investment banking boundaries to prevent conflicts of interest.
- International: EU Directive on Data Protection - Prohibiting the transfer of personal data to non-European Union nations that do not meet "adequate" standards for privacy protection.
- Entity: Japanese Privacy Law - Rules regarding third-party transfer or disclosure of personal information without prior consent.
With non-compliance penalties that include regulatory fines, legal liability from clients and shareholders, and loss of brand value, companies must actively monitor and control the use of sensitive data, internally across organizations, to limit risks and prove compliance with policies.
But today's solution approaches do little to maintain boundaries once information is transferred out of controlled applications and systems. Moreover, today's coarse-grained controls lack the sophistication and deep identity awareness to discern organizational relationships and proper information-sharing activities that would define safe disclosure.
The enterprise can now enforce proper information-access entitlements and data-handling policies with controls that create and maintain information barriers within and across complex organizations. The Information Barriers solution allows companies to:
- Create boundaries that reflect internal business relationships based on regulatory, international, or entity requirements.
- Manage data access, handling, and disclosure with consistency across communication and collaboration channels to prevent improper activity while remaining transparent to normal business.
- Educate inside users about policies and procedures to increase compliance awareness.
- Monitor activities comprehensively, simplify auditing, and report violation attempts to prove effective policy.
The solution helps companies automate the enforcement of information sharing and communication compliance procedures by rapidly creating information barriers across teams, departments, business units, entities, subsidiaries, regional locations, and resources. Consistent controls are enforced at applications, desktops, and servers where data is stored, shared, and distributed to prevent conflicts of interest and improve corporate integrity.
Information Barrier Applications
Applications are provided to protect communications and collaboration, and come pre-built with policy objects and components included. Policy sets are interoperable and easily customized to the environment. Policy applications include:
The E-mail Barrier solution provides controls across enterprise messaging clients to create a consistent boundary. Example policies include:
- Prevent analyst researchers from e-mailing unpublished research documents to investment bankers.
- When the EU branch office attempts to e-mail client account information outside the region, quarantine documents and initiate approval procedures.
The Unified Communications Barrier solution provides controls across multi-channel communications to create a boundary that is consistent across voice and electronic communications applications (IM, e-mail, VoIP, Web conference, etc.). Example policies include:
- When a chat is initiated over instant messenger between users with potential for conflict of interest, automatically add a chaperone to monitor the conversation.
- Prevent employees on a Web conference who are located outside of the region from saving client data distributed electronically.
The Collaboration Barriers solution provides controls across collaboration portals, such as Microsoft SharePoint to create a virtual boundary that prevents users from sharing or accessing information inappropriately. Example policies include:
- Prevent anyone outside of the research team from accessing unpublished research in designated research team SharePoint document libraries (regardless of access rights delegated by SharePoint administrators).
- When non-EU employees attempt to access and download EU client account files, warn the employees about regional regulations and log the attempt for auditing.
The File Sharing Barriers solution provides controls across Windows and Linux file shares, and Web or FTP servers, to create a consistent boundary that limits disclosure. Example policies include:
- Allow account managers of the company's Japan subsidiary to upload client account records only to Japan regional servers.
- Prevent client team A from accessing M&A deal files stored in the Windows file share directory used by client team B, who is responsible for a competing client.