• Secure External Collaboration

    e-Share.us | Secure External Collaboration | There are so many incredible perspectives in the universe, how can you maximize your business potential without tapping all that power? e-Share enables secure external collaboration so you can become fully digital and make use of the best services without risk

    Many people say we're at the "cyber-crime tipping point". Others like to point out that the cloud is enabling growth through collaboration - lowering barriers to entry and enabling disruption through partnering and supply chain management. These things can't both be true, can they?

     

    They are. Large and especially regulated companies depend more and more on an eco-system of consultants, contractors, freelancers and services. To say nothing of auditors, regulators and even customers. Yet, as firms move to the cloud, excited by the prospect of being able to collaborate with anyone, anywhere - users find they've gone backwards:

    • External collaboration features in Microsoft Teams and Slack are disabled 
    • Emailing large attachments to external recipients is not possible
    • Sharing via OneDrive, Google Drive or Dropbox with external addresses is almost always blocked - if not by your company, then by the recipient's

    There are good reasons for these security measures. Organizations that let copies of their data outside their perimeter are putting themselves at risk. Locking down these systems may prevent users from sharing, but they also limit the risk of a breach.

     

    The secure external collaboration problem is a result of messaging, file sharing and collaboration systems having "all or nothing" access models. You can either give data away for all time, or you cannot share it at all. So long as the transmission of the document is secure ("at rest and in motion") everything is presumed to be fine.


    Until you realize you sent it to the wrong person. When you collaborate and share with your fellow employees, there's virtually no risk of that. Each employee is carefully vetted prior to employment. If they cause a breach they can be fired. For starters.

     

    If you're thinking there has to be a better way ... you're right! Companies that make it their mission to work seamlessly with partners and customers of all kinds, inclusively, achieve higher growth. In fact, secure external collaboration is one of the keys to all kinds of business success.

      e-Share.us | Secure External Collaboration | Screen shot of options from the Trusted Sharing dialog box showing View, Edit, Delete, Download, Watermark, Create & Upload, Require Login, Require Access Code, Require Terms of Use, Expire Share Automatically and more

      The key to enabling secure external collaboration is to identify the main use cases for your company by answering a few questions:

      • Who do you share sensitive information with? How often? 
      • How do you share it? What mechanism do you use?
      • Do they need a copy of it? For how long?
      • What do they do to "complete" the activity for which you shared information in the first place?

      Once you have answers, it's easy to design a policy that mitigates risk for each case, using the e-Share platform's fine grained sharing options. For example, restricting recipients to a view-only experience, requiring them to login with a corporate account, or, if you absolutely have to give them a copy, ensure it is fully traceable. And do it all with proper governance, centralized visibility and control - to ensure enterprise-wide compliance.


      The following table shows actual use cases, appropriate sharing options, and some comments explaining how it all comes together for the recipient.

      • File Sharing Examples

        Scenario

        Sharing Options

        Why Use?

        "Bank shares mortgage application documents like monthly statements, paystubs and identification with a business process outsourcing firm (BPO) that performs data entry on their behalf. There is a clean desk policy that requires them to complete data entry that day."

        Policy: "Service Provider - View Only"

        View allowed

        Download denied

        Expires 8 hours after first access

        User request extension allowed

        This policy prevents the BPO from downloading, copying text from or printing the document. But it lets them do their job. Access expires per the clean desk policy. (In the event the BPO needs more access they can request it. The owner is notified and can approve or reject.)

        "Manufacturer shares financial material with auditors and regulators on a quarterly basis. They don't need to edit or save the documents, but do need to upload their own documents in response."

        Policy: "Auditor - View/Upload"

        View allowed

        Create/upload allowed

        Download denied

        Expires 90 days after first access

        This policy allows the auditors to review the material for the period required, but not keep copies of it. (They're welcome to take notes.) They are additionally able to create and upload new content. Share owners are automatically notified of each upload.

        "Media firm has to provide copies of sensitive internal data to independent consultants. They need to keep copies indefinitely, but their staff turnover concerns us."

        Policy: "Traceable Download"

        View allowed

        Watermarked download allowed

        Share expires 1 week after first access

        This policy allows the consultants to download and store the documents - as required to do their jobs - but it ensures that if they are hacked or deliberately leak, it will be easy to trace. Access expires quickly to minimize risk. Recipients may optionally forward the document within their organization, but the watermark is automatically updated.

      • Collaboration Examples

        Scenario

        Sharing Options

        Why Use?

        "Insurance company shares medical records (EMR) with hospital systems they support. The hospital staff needs to review the records for up to 48 hours, and potentially add metadata."

        Policy: "Partner - View/Edit"

        View, Edit allowed

        Download denied

        Expires 48 hours after first access

        User request extension allowed

        This policy allows the hospital to review the case, and optionally add metadata by editing online - without putting a copy into their unknown infrastructure, each of which is a potential HIPAA violation. Downloading, copy/paste and printing are all forbidden.

        "Financial services firm needs to share an agreement with a prospective joint venture partner. The most important thing is the ability to share and view documents, from both sides The terms are highly confidential - especially if the deal doesn't close!"

        Policy: "Virtual Data Room"

        View, Edit Allowed

        Create/Upload Allowed

        Download Denied

        Secure Conversations Allowed

        This policy creates a "virtual data room" for secure external collaboration around sensitive information. Recipients are able to view documents and add their own. But they can't store download or keep copies of your documents. They can use integrated Secure Mail to have sensitive negotiations that never enter non-secure email systems.

      • Deploying e-Share to Enable Secure External Collaboration

        e-Share.us | Secure External Collaboration | Here we see the fully re-branded sharing experience including your company's sub-domain, SSL certificate, logo and more

        Your first step is to identify a sub-domain of your corporate domain to use when sharing... for example: share.YOURCOMPANY.com or cloud.YOURCOMPANY.com. Generate a certificate for this domain and send it to our service desk.

         

        Next, tag users who will be using the e-Share service in your active directory. We recommend enabling single sign on (SSO) for the enterprise. This can be done anytime using our self-service administrative web portal.

         

        From there, you can quickly and easily configure your policies, and optionally deploy our client apps for Windows, OS/X, iOS and Android. Or the External Collaboration Bot for Microsoft Teams and Slack.

         

        Now your users can share anytime, with anyone, in full compliance - and more importantly, without losing control. The policies you implement take care of the rest. Even after you share!

      • To learn more about e-Share's products & services please schedule a demo!

      ×
      This Privacy Policy provides our policies and procedures for collecting, using, and disclosing user information. Users can access the e-Share software and service (the “Software and Service”) through our web site www.e-share.us (the “Site”), applications on devices, through APIs, and through third-parties. A “Device” is any computer used to access the e-Share Software and Service, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your access of the e-Share Software and Service, regardless of how you access it, and by using our Software and Service you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy. All of the different forms of data, content, and information described below are collectively referred to as “information”. 
      
      The Information We Collect and Store
      
      We may collect and store the following information when running the e-Share Software and Service: 
      
      Information You Provide to e-Share
      
      When you register an account, we collect some personal information, such as your name, and email address. You may also ask us to import your contacts by giving us access to your third party services (for example, your email account). When you invite others to join e-Share by using our referral page, we send them a one-time email for that referral. You may also provide us with your contacts’ email addresses when sharing folders or files with them. We may also receive Personal Information (for example, your email address) through other users, for example if they have tried to share something with you or tried to refer e-Share to you. 
      
      Automatically Collected Information
      
      We automatically receive certain types of information when you interact with our Web pages, services and communications. For example, it is standard for your Web browser to automatically send information to every Web site you visit, including ours. That information includes your computer’s IP address, access times, your browser type and language, and referring web site addresses. We may also collect information about the type of operating system you use, your account activity, and files and pages accessed or used by you. 
      
      Log Data
      
      When you use the Software and Service, we automatically record information from your Device, its software, and your activity using the Software and Service. This may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your files, and other interactions with the Software and Service. 
      
      Use of Personal Information
      
      In general, we use your personal information to process your requests or transactions, to provide you with information or services you request, to inform you about other information, events, promotions, products or services we think will be of interest to you, to facilitate your use of, and our administration and operation of, the web site and services and to otherwise serve you and our users. For example, we may use your personal information: 
      
      * to request feedback and to enable us to develop, customize and improve the Web site and our publications, products and services;
      
      * to conduct marketing analysis, to send you surveys or newsletters, to contact you about services, products, activities, special events or offers from e-Share or our partners and for other marketing, informational, product development and promotional purposes;
      
      * to send you a welcoming email and to contact you about your use of the web site and services;
      
      * to respond to your emails, submissions, comments, requests or complaints;
      
      * to perform after-sales services;
      
      * to anticipate and resolve problems with our service;
      
      * to respond to customer support inquiries, for assistance with our product and service development;
      
      * and to inform you of updates to products and services from e-Share that better meet your needs;
      
      * to store contacts you enter or upload into your contacts list for your private use and viewing;
      
      * to send emails to users you invite (and contacts you invite to become users) to collaborate and access your files;
      
      * to enable you to communicate, collaborate, and share files with users you designate;
      
      * to contact you if you win a contest; and
      
      * for other purposes about which we notify you.
      
      Service Providers, Business Partners and Others
      
      We may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Software and Service (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Software and Service’s features). These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy. 
      
      e-Share Community
      
      Our Software and Service offers publicly accessible community services such as forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. For questions about your Personal Information on our Software and Service, please contact support@e-share.us. Our Site includes links to other web sites whose privacy practices may differ from those of e-Share. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any web site you visit. 
      
      Changing or Deleting Your Information
      
      If you are a registered user, you may review, update, correct or delete the Personal Information provided in your registration or account profile by changing your “account settings.” If your personally identifiable information changes, or if you no longer desire our service, you may update or delete it by making the change on your account settings. In some cases we may retain copies of your information if required by law. For questions about your Personal Information on our Software and Service, please contact us support@e-share.us. We will respond to your inquiry within 30 days. 
      
      Security
      
      We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at support@e-share.us. 
      
      International Users Outside of The EU
      
      This Website is controlled, operated, and administered by e-Share from its offices within the United States of America and this Policy is provided in accordance with and subject to applicable U.S. law. If you are based outside the United States and decide to access this Website or e-Share Software and Service from your location outside of the United States, you hereby consent to the transfer of your information to the United States, and its storage and use in accordance with this Policy. 
      
      EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework
      e-Share complies with the EU-US Privacy Shield Framework and Swiss Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. e-Share has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. You can view our current certification at the bottom of our website. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov. 
      
      Privacy Shield Independent Recourse Mechanism
      
      In compliance with the EU-US Privacy Shield Principles, e-Share commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact e-Share at: support@e-share.us
      
      e-Share has further committed to refer unresolved privacy complaints related to this policy to the PrivacyTrust Privacy Shield Program, a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if your complaint is not satisfactorily addressed, please contact https://www.privacytrust.com/drs/e-share/ for more information and to file a complaint. 
      
      Accountability For Onward Transfer
      
      e-Share is potentially liable when transferring your Account Data, referred to in this section as “Privacy Shield Data”, to a third party. e-Share will not share your Privacy Shield Data with third parties unless you have consented to the disclosure or in those situations where we are the data processor and have been instructed to do so by the data controller. e-Share may share your data with service providers solely for the purposes of rendering service to e-Share to facilitate the rendering of service to you. e-Share will ensure that third parties and service providers have adequate Privacy Shield Data protection measures in place through service agreements that adhere to the EU-US Privacy Shield principles or are based on the EU Standard Contractual Clauses. 
      
      Enforcement And Liability
      
      e-Share is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US Privacy Shield principles outlined in this Privacy Policy.
      
      Under certain limited conditions, you may have the possibility of invoking binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. 
      
      Disclosure
      
      Your personal Information may be disclosed as we believe to be necessary or appropriate in order to: (a) comply with a law, regulation or compulsory legal request; (b) respond to requests from public and government authorities; (c) protect our rights and property; (d) allow us to pursue available remedies or limit the damages that we may sustain. 
      
      Contacting Us
      
      If you have any questions about this privacy policy, please contact us at support@e-share.us. 
      
      Changes to This Policy
      
      We may change this Policy from time to time. If we make any changes to this Policy, we will change the “last updated” date above. If there are material changes to this Policy, we will notify you more directly. We encourage you to check this Policy whenever you use our Web Sites and Services to understand how your personal information is used.