Every business has their own unique security needs based on the sensitivity of their data. Regardless of your requirements, it’s important to understand what security features are possible when engaging with an external workforce. Companies should look for vendors with security offerings that include both workforce and technology considerations for a comprehensive solution.
Data security starts with the individual
The foundation of data security are the people doing the work. First you hire good people, then you use policies and processes to keep them focused and accountable. Strong data security policies and processes help to ensure that client data is safe and secure in any situation. Even when using a remote workforce, there are many effective ways to establish a data security-aware workforce.
Technology provides effective tools for data security
Technology always plays a significant role in security, and innovative solutions can help to replace some security features that may be absent when workers conduct work outside of a dedicated building. There are multiple layers of security that technology can provide, and this is where sensitivity of the data helps determine which security tools and approaches should be deployed.
Things to consider when assessing vendor security offerings
Who is working on your data?
Crowdsourcing? Another 3rd party company? Different people every week?
Does the workforce have a contract in place? NDA? Remote work policy?
How is the work monitored?
Do you know where time is spent?
Can you prevent the workforce from installing malicious browser plugins?
Is the work performed in a dedicated browser or application?
What are the standard procedures and operations?
SOC2 - An auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.
ISO-9001- This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.
ISO-27001 -This standard is based on a risk management approach and provides a framework for organizations to identify, manage, and reduce information security risks through implementing an information security management system (ISMS).
Our security options offer a layered approach
Our Network Security, included in every client engagement, establishes baseline security controls and features that protect our clients’ data, regardless of where our teams complete the work. For clients with heightened requirements, our Endpoint upgrade enforces additional layers of workforce, IT, and network security.
The layers of workforce and network security. All client and workforce connectivity is conducted via our Secure Network Environment and leverages the benefits of Advanced Threat Protection (ATP). ATP provides a combination of security services including:
AntiMalware: Inspects internet traffic for malicious domains and malicious files.
Intrusion Prevention: Performs deep packet inspection and advanced behavioral analysis for malicious data patterns. Includes network anomaly detection which monitors for anomalies across all traffic types and uses behavioral analysis to determine zero day attacks.
IP Whitelisting and Web Filtering: Ensures network access is targeted only to the services that are relevant to the task.
Endpoint Security
The Endpoint offering incorporates everything included in the Network and adds another level of control. All client work is conducted on CloudFactory provisioned workstations.
Each workstation is centrally managed by a suite of security services to ensure active threat monitoring and alignment with vendor release schedules for security patching and antivirus updates.
All workstations have AES256 local disk encryption enabled. Encryption across all workstations is centrally managed to ensure that all local data is encrypted at rest.
We make use of a leading edge vulnerability management solution to offer vulnerability scanning and assessments on request.
Workstations are equipped with the necessary controls to completely restrict the physical and non-physical removal of data. For example, media players, file transfer services, mail clients, and a host of productivity services can all be restricted on a per-host basis and CloudFactory can prevent access to a number of application types based on certain requirements.
Securely connecting distributed locations, users, applications, and clouds
We utilize a secure access service edge (SASE) platform to manage all network traffic between our workforce and a client’s service location. The platform is built across a highly secure global private backbone which comprises more than 65 points-of-presence (PoPs). The geographical diversity of the network, coupled with the advanced security stack, provides us with a wide scope of flexibility in how we connect, secure and optimize traffic between our workforce and clients.
Our distributed workforce connects to the nearest PoP via SSL VPN, while our delivery center connections are managed by SD-WAN running on dedicated hardware. Our network is highly resilient, and connectivity is optimized with dynamic path selection to re-route traffic to avoid potential connectivity blackouts.
All traffic, whether originating from a remote user or from inside our delivery center, is fully inspected by the enterprise-grade network security stack. This security stack includes an application-aware next-generation firewall-as-a-Service (FWaaS), secure web gateway with URL filtering (SWG), standard and next-generation anti-malware (NGAV), and a managed IPS-as-a-Service (IPS).
End-to-end private connection between CloudFactory’s workforce and our clients.
Secure, controlled access to assigned network resources.
Enterprise network security with packet inspection (IPS/IDS), IP whitelisting, web filtering, and anti-malware.
Global presence for connectivity speed and route optimization.
Ready to get started? We are.
We’d love the opportunity to answer your questions or learn more about your project. Let us know how we can help.
