Monitor and Enforce Information Barriers
Industry and government regulations require the strict enforcement of boundaries that preserve confidentiality when handling sensitive data, such as material information or personally identifiable information. For companies operating in a global environment, these information barriers can become even more critical and difficult to enforce. Examples include the SEC which requires Research and Investment Banking boundaries to prevent conflicts of interest; and the EU Directive which prohibits the transfer of personal data to non-European Union nations that do not meet “adequate” standards for privacy protection.
Most solutions do little to maintain boundaries once information is transferred out of controlled applications and systems. Moreover, coarse-grained controls lack the sophistication and deep identity awareness to discern organizational relationships and proper information-sharing activities that would define safe disclosure.
NextLabs solutions address the issue of maintaining
- Prevents conflicts of interest by controlling internal information flow and access to avoid improper sharing of information that results in compliance violations.
- Applies consistent controls across applications and systems where data is communicated, distributed, and stored to maintain boundaries.
- Enforces fine-grained policies to ensure only authorized users can share specific information down to the data field level.
- Assists users to handle data internally with proper discretion by simplifying workflow and identifying proper processes.
- Monitors data usage activities to discover risks and remediate gaps.
The NextLabs solution rapidly creates information barriers across teams, departments, business units, subsidiaries, and regional locations. Consistent controls are enforced at the application, desktop, and server level where data is stored, shared, and distributed to prevent conflicts of interest and improve corporate compliance.
The email solution provides controls across clients to create a consistent boundary. Example policies include:
- Prevent analyst researchers from e-mailing unpublished research documents to investment bankers.
- When the EU branch office attempts to e-mail client account information outside the region, quarantine documents and initiate approval procedures.
The solution provides controls across collaboration portals, such as Microsoft SharePoint, to create a virtual boundary that prevents users from sharing or accessing information inappropriately. Example policies include:
- Prevent anyone outside of the research team from accessing unpublished research in designated research team SharePoint document libraries (regardless of access rights delegated by SharePoint administrators).
- When non-EU employees attempt to access and download EU client account files, warn the employees about regional regulations and log the attempt for auditing.
The solution provides controls across Windows and Linux file shares, and Web or FTP servers, to create a consistent boundary that limits disclosure. Example policies include:
- Allow account managers of the company’s foreign subsidiary to upload client account records only to the subsidiary’s regional servers.
- Prevent client team A from accessing M&A deal files stored in the Windows file share directory used by client team B, who is responsible for a competing client.