• Governance and Compliance

    e-Share.us | Governance and Compliance details on how the e-Share secure external collaboration platform makes it possible to have centralized visibility into activity and risk along with policy based controls over sharing

    If cybercrime and insider threats aren't sufficient to scare you away from the cloud, the reality that the pace and complexity of regulation is at an all-time high may. And even for companies in minimally regulated industries, the combination of ubiquitous social media and rising structural costs of litigation have never made breaches a deadly threat to any company.

     

    And, in the journey to cloud, a very common stage is having multiple cloud file storage systems. Information fragmentation is bad enough inside the enterprise, where disparate systems and the divide between structured and unstructured information make it hard to find anything, let alone connect the dots to answer business questions. Add cloud storage, cloud services that accept (and store) documents and conversations, and you've got a truly distributed governance challenge.

     

    From the IT security perspective, distributed data makes it hard to answer essential questions like:

    • What are the top 10 domains we share files with?
    • What type of data are they receiving? What regulation may apply?
    • Under what policy or policies are they receiving this data? Are they being informed?
    • Do they have copies of the files?

    The good news is that cloud file proliferation is not intractable. The key is to adopt a management process that measures and supports hybrid, multi-cloud realities - surfacing and quantifying risk, providing the controls to mitigate that risk, and ensuring visibility across the document life-cycle.

    Information Governance

    e-Share.us | Governance and Compliance | Screen shot of risk report showing geo graphic dispersion of recipients

    Information Governance (IG) can be applied to cloud storage and services in general, with the following goals:
     

    1. Visibility into the activity and associated risk

    2. Control over the activity, both automated (pro-active) and manual (retrospective)

    3. Centralized management of policies and storage

     

    To implement an IG approach, start by identifying the business questions you want to answer, and the associated metrics used to measure each. Once you are able to report on these metrics you can use an agile (or "iterative") approach to implement a standard implementation cycle.

    e-Share.us | Governance and Compliance | diagram showing cycle of planning, measurement, analyzing, and remediation

    Briefly, the key activities for each phase are:

    • Measuring: unifying activity, audit and application logs, along with user and content metadata
    • Analyzing: looking at trends in metrics over a control period to discover patterns, identify new and improved metrics to answer business questions, and document areas where more data is required 
    • Remediation: updating tracking and reporting systems to improve precision, 

    The IG process can start by answering core questions that are similar in most respects to the IT security questions noted earlier. They may now include more detailed metrics like:

    • How many files do we have in the cloud? In how many providers? Across how many users?
    • How many policies are used to govern these sharing activities? In how many systems are they maintained?
    • How many systems do we have to change to enact a rule about sharing with third parties?
    • How long would it take to make that change?

    Some detailed questions may require functional modeling - for example, to answer detailed questions about how policies are implemented:

    • Are we requiring encryption at rest for these files? How are keys exchanged? Terminated or expired?
    • Whose encryption is being used? Can we recover the data if the user's key is lost?
    • Do we have to coordinate with the vendor to recover our data?
       

      Instant, Automatic Governance for Multi-Cloud File Storage

        Gain a true unified view of file storage and sharing, across your cloud providers. Locate any access to any object, including sharing, uploading and deletion. Extract this data to your local Splunk or cloud-based Data Lake for deeper analysis. Deploy fearlessly with out-of-the-box support for all existing enterprise eDiscovery, compliance and retention systems for both messages and files.
        e-Share.us | Governance and Compliance | Screen shot of search options for unified audit log

        Manage Single Sign On (SSO) and Automatic Provisioning of Storage. Optionally override the storage provider's policies - for example requiring encryption by the provider or using e-Share's state-of-the art recoverable encryption and key management system, or require use of Secure Mail for sharing.

        e-Share.us | Governance and Compliance | Screen shot of options for single sign on (SSO) and auto provisioning of cloud file storage services like OneDrive Dropbox and Box

         

        Take complete control of corporate information and devices. Define how corporate information is secured, shared -even edited or versioned. Configure access to third party integrations like Microsoft Office 365 and Microsoft Teams.

         

        e-Share.us | Governance and Compliance | Screen shot of corporate policy options

         

        See The Extended Corporate Perimeter. Manage content and policies on any device receiving your information. Know for sure that your policies are being followed. Take immediate action when necessary.

         

        e-Share.us | Governance and Compliance | Screen shot of Device management options

        Centralized Policies & Controls

        Define, deploy and enforce policies on all corporate data, across all cloud providers. Optionally, allow users to override settings, within limits you define. Use our unparalleled fine grained sharing options to secure data as appropriate to the mission.

         

        e-Share.us | Governance and Compliance | Screen shot of policy editing

         

        View all actions across all providers in our unified activity log. Quickly identify areas of risk, and update policies or restrict device access as needed. Verify compliance with tracking IDs and other corporate policies.

         

        e-Share.us | Governance and Compliance | Screen shot of unified audit trail showing all files and actions across all cloud file storage providers

        Uniform External Collaboration

        The power of e-Share's platform is the uniform access to external sharing capability. Regardless of the tools your users choose - from the web, to the their favorite desktop operating system or mobile OS, to Office 365, GSuite, Microsoft Teams or Slack - they will respect corporate information and device policies.
        e-Share.us | Governance and Compliance | Screen shot of Office 365 being used to compose secure mail with view only policy

        Fully Compliant Storage & Sharing

        Using the e-Share platform with OneDrive, Dropbox, Google Drive or Box enables you to store and share PCI, PII, ITAR, DFAR, GDPR and HIPAA regulated data in the cloud, in full compliance with industry and government best practices.

        Regulation

        HIPAA & PHI

        Examples

        Electronic medical records

        Medical & insurance enrollment

        Medical Test results

        Clinical trial information

        External Sharing Policy

        View-only

        Login required

        Expires in 8 hours

        All access audited

        GDPR, PII, PCI

        Customer lists

        Activity logs

        Financial statements

        Utility bills

         

        View or edit online only

        Option to respond securely

        Access code or login required

        Expires in 2-14 days

        All access audited

        ITAR, DFAR

        Manufacturing data

        Test output

        Technical support information

        Training material

        View or edit online only

        Watermark for download

        Empowered official login required

        Expires after one access

        All access audited

        e-Share will sign the US HHS BAA without major modifications for any client using our default configuration. This ensures that sensitive information is never accessible to underlying cloud file storage provider administrators or e-Share employees.

         

        Compare the HHS version with the one offered by your cloud file storage vendor: Box, Dropbox, Google Drive, Microsoft OneDrive. In particular, you are required to "configure" and "enforce policies" -- such as disabling guest access, and not sharing copies without requiring signup -- that their products may not actually support without third party services.

         

        e-Share products are configured by default to ensure centralized, compliant storage. When further sharing HIPAA regulated data with external recipients who do not have a BAA, access is restricted to view-only with login required by recipients as noted in the table above.

         

        Download our HIPAA Compliance White Paper for more information.

        PII and PCI Data

        Using e-Share's encryption and key management ensures that PII and PCI data is never accessible to cloud storage providers or e-Share employees. To share externally, use a view-only or edit-online-only policy, with no download or copy/pasting permitted. Refer to the table above for more details.

        ITAR & DFAR Data

        Deliver sensitive defense related data securely and compliantly using the cloud. Require empowered officials and recipients to login for view-only access, or watermark with the recipient's email and IP address for download. Our encryption and key management protects your data so it can't be accessed by cloud file storage administrators or e-Share employees.

         

        Download our ITAR Compliance Whitepaper for more information.

      • To learn more about e-Share's products & services please schedule a demo!

      ×
      This Privacy Policy provides our policies and procedures for collecting, using, and disclosing user information. Users can access the e-Share software and service (the “Software and Service”) through our web site www.e-share.us (the “Site”), applications on devices, through APIs, and through third-parties. A “Device” is any computer used to access the e-Share Software and Service, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your access of the e-Share Software and Service, regardless of how you access it, and by using our Software and Service you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy. All of the different forms of data, content, and information described below are collectively referred to as “information”. 
      
      The Information We Collect and Store
      
      We may collect and store the following information when running the e-Share Software and Service: 
      
      Information You Provide to e-Share
      
      When you register an account, we collect some personal information, such as your name, and email address. You may also ask us to import your contacts by giving us access to your third party services (for example, your email account). When you invite others to join e-Share by using our referral page, we send them a one-time email for that referral. You may also provide us with your contacts’ email addresses when sharing folders or files with them. We may also receive Personal Information (for example, your email address) through other users, for example if they have tried to share something with you or tried to refer e-Share to you. 
      
      Automatically Collected Information
      
      We automatically receive certain types of information when you interact with our Web pages, services and communications. For example, it is standard for your Web browser to automatically send information to every Web site you visit, including ours. That information includes your computer’s IP address, access times, your browser type and language, and referring web site addresses. We may also collect information about the type of operating system you use, your account activity, and files and pages accessed or used by you. 
      
      Log Data
      
      When you use the Software and Service, we automatically record information from your Device, its software, and your activity using the Software and Service. This may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your files, and other interactions with the Software and Service. 
      
      Use of Personal Information
      
      In general, we use your personal information to process your requests or transactions, to provide you with information or services you request, to inform you about other information, events, promotions, products or services we think will be of interest to you, to facilitate your use of, and our administration and operation of, the web site and services and to otherwise serve you and our users. For example, we may use your personal information: 
      
      * to request feedback and to enable us to develop, customize and improve the Web site and our publications, products and services;
      
      * to conduct marketing analysis, to send you surveys or newsletters, to contact you about services, products, activities, special events or offers from e-Share or our partners and for other marketing, informational, product development and promotional purposes;
      
      * to send you a welcoming email and to contact you about your use of the web site and services;
      
      * to respond to your emails, submissions, comments, requests or complaints;
      
      * to perform after-sales services;
      
      * to anticipate and resolve problems with our service;
      
      * to respond to customer support inquiries, for assistance with our product and service development;
      
      * and to inform you of updates to products and services from e-Share that better meet your needs;
      
      * to store contacts you enter or upload into your contacts list for your private use and viewing;
      
      * to send emails to users you invite (and contacts you invite to become users) to collaborate and access your files;
      
      * to enable you to communicate, collaborate, and share files with users you designate;
      
      * to contact you if you win a contest; and
      
      * for other purposes about which we notify you.
      
      Service Providers, Business Partners and Others
      
      We may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Software and Service (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Software and Service’s features). These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy. 
      
      e-Share Community
      
      Our Software and Service offers publicly accessible community services such as forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. For questions about your Personal Information on our Software and Service, please contact support@e-share.us. Our Site includes links to other web sites whose privacy practices may differ from those of e-Share. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any web site you visit. 
      
      Changing or Deleting Your Information
      
      If you are a registered user, you may review, update, correct or delete the Personal Information provided in your registration or account profile by changing your “account settings.” If your personally identifiable information changes, or if you no longer desire our service, you may update or delete it by making the change on your account settings. In some cases we may retain copies of your information if required by law. For questions about your Personal Information on our Software and Service, please contact us support@e-share.us. We will respond to your inquiry within 30 days. 
      
      Security
      
      We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at support@e-share.us. 
      
      International Users Outside of The EU
      
      This Website is controlled, operated, and administered by e-Share from its offices within the United States of America and this Policy is provided in accordance with and subject to applicable U.S. law. If you are based outside the United States and decide to access this Website or e-Share Software and Service from your location outside of the United States, you hereby consent to the transfer of your information to the United States, and its storage and use in accordance with this Policy. 
      
      EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework
      e-Share complies with the EU-US Privacy Shield Framework and Swiss Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. e-Share has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. You can view our current certification at the bottom of our website. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov. 
      
      Privacy Shield Independent Recourse Mechanism
      
      In compliance with the EU-US Privacy Shield Principles, e-Share commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact e-Share at: support@e-share.us
      
      e-Share has further committed to refer unresolved privacy complaints related to this policy to the PrivacyTrust Privacy Shield Program, a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if your complaint is not satisfactorily addressed, please contact https://www.privacytrust.com/drs/e-share/ for more information and to file a complaint. 
      
      Accountability For Onward Transfer
      
      e-Share is potentially liable when transferring your Account Data, referred to in this section as “Privacy Shield Data”, to a third party. e-Share will not share your Privacy Shield Data with third parties unless you have consented to the disclosure or in those situations where we are the data processor and have been instructed to do so by the data controller. e-Share may share your data with service providers solely for the purposes of rendering service to e-Share to facilitate the rendering of service to you. e-Share will ensure that third parties and service providers have adequate Privacy Shield Data protection measures in place through service agreements that adhere to the EU-US Privacy Shield principles or are based on the EU Standard Contractual Clauses. 
      
      Enforcement And Liability
      
      e-Share is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US Privacy Shield principles outlined in this Privacy Policy.
      
      Under certain limited conditions, you may have the possibility of invoking binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. 
      
      Disclosure
      
      Your personal Information may be disclosed as we believe to be necessary or appropriate in order to: (a) comply with a law, regulation or compulsory legal request; (b) respond to requests from public and government authorities; (c) protect our rights and property; (d) allow us to pursue available remedies or limit the damages that we may sustain. 
      
      Contacting Us
      
      If you have any questions about this privacy policy, please contact us at support@e-share.us. 
      
      Changes to This Policy
      
      We may change this Policy from time to time. If we make any changes to this Policy, we will change the “last updated” date above. If there are material changes to this Policy, we will notify you more directly. We encourage you to check this Policy whenever you use our Web Sites and Services to understand how your personal information is used.