When we say “We Respect Data,” we mean it

Every business has their own unique security needs based on the sensitivity of their data. Regardless of your requirements, it’s important to understand what security features are available when engaging with an external workforce. Companies should look for vendors with security offerings that include both workforce and technology considerations for a comprehensive solution.

Data Security Starts with the Individual

The foundation of data security are the people doing the work. First, you hire good people, then you use policies and processes to keep them focused and accountable. Strong data security policies and processes help to ensure that client data is safe and secure in any situation. Even when using a remote workforce, there are many effective ways to establish a data security-aware workforce.

Technology Provides Effective Tools for Data Security

Technology always plays a significant role in security and innovative solutions can help to replace some security features that may be absent when work takes place outside of a dedicated building. There are multiple layers of security that technology can provide, and this is where the sensitivity of the data helps determine which security tools and approaches should be deployed.

Workforce-Working-on-Computer-thumbnail-002

Things to Consider When Assessing Vendor Security Offerings

Who is Working on your Data?

  • Crowdsourcing? Another 3rd party company? Different people every week?
  • Does the workforce have a contract in place? NDA? Remote work policy?
Crowdsourcing

How is the Work Monitored?

  • Do you know where time is spent?
  • Can you prevent the workforce from installing malicious browser plugins?
  • Is the work performed in a dedicated browser or application?
monitoring

What are the Standard Procedures and Operations?

  • SOC2: An auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.
  • ISO-9001: This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.
standard-procedures

Our Shield Security options offer a layered approach

Shield Essentials, included in every client engagement, establishes baseline security controls and features that protect our clients’ data, regardless of where our teams complete the work. For clients with heightened requirements, our Shield Network and Endpoint upgrades enforce additional layers of the workforce, IT, and network security.

Shield Essentials

Our Shield Essentials offering focuses on workforce security practices and implements fundamental network security policies. All client work is accessed via a secure, CloudFactory browser and all worker computers have antivirus installed. Each worker must sign our remote work policy and NDAs that cover all client work and all work is monitored digitally by CloudFactory team members trained in our security policies.

cf-icons-securedfacilities

Shield Network

The Shield Network offering includes everything in Essentials and adds layers of workforce and network security. All client and workforce connectivity is conducted via our Secure Network Environment and leverages the benefits of Advanced Threat Protection (ATP). ATP provides a combination of security services including:

  • AntiMalware: Inspects internet traffic for malicious domains and malicious files.
  • Intrusion Prevention: Performs deep packet inspection and advanced behavioral analysis for malicious data patterns. Includes network anomaly detection which monitors for anomalies across all traffic types and uses behavioural analysis to determine zero day attacks.
  • IP Whitelisting and Web Filtering: Ensures network access is targeted only to the services that are relevant to the task.
cf-icons-predictivetracking

Shield Endpoint

The Shield Endpoint offering incorporates everything included in Shield Essentials and Network and adds another level of protection. All client work is conducted on CloudFactory provisioned workstations.

  • Each workstation is centrally managed by a suite of security services to ensure active threat monitoring and alignment with vendor release schedules for security patching and antivirus updates.
  • All workstations have AES256 local disk encryption enabled. Encryption across all workstations is centrally managed to ensure that all local data is encrypted at rest.
  • We make use of a leading edge vulnerability management solution to offer vulnerability scanning and assessments on request.
  • Workstations are equipped with the necessary controls to completely restrict the physical and non-physical removal of data. For example, media player, file transfer services, mail clients and a host of productivity services can all be restricted on a per host basis and CloudFactory can prevent access to a number of application types based on certain requirements.
cf-icons-tools

 

Securely Connecting Distributed Locations, Users, Applications, and Clouds

We utilize a secure access service edge (SASE) platform to manage all network traffic between our workforce and a client’s service location. The platform is built across a highly secure global private backbone which comprises more than 65 points-of-presence (PoPs). The geographical diversity of the network, coupled with the advanced security stack, provides us with a wide scope of flexibility in how we connect, secure, and optimize traffic between our workforce and clients.

Our distributed workforce connects to the nearest PoP via SSL VPN, while our delivery center connections are managed by SD-WAN running on dedicated hardware. Our network is highly resilient, and connectivity is optimized with dynamic path selection to re-route traffic to avoid potential connectivity blackouts.

All traffic, whether originating from a remote user or from inside our delivery center, is fully inspected by the enterprise-grade network security stack. This security stack includes an application-aware next-generation firewall-as-a-Service (FWaaS), secure web gateway with URL filtering (SWG), standard and next-generation anti-malware (NGAV), and a managed IPS-as-a-Service (IPS).

  • The end-to-end private connection between CloudFactory’s workforce and our clients.
  • Secure, controlled access to assigned network resources.
  • Enterprise network security with packet inspection (IPS/IDS), IP whitelisting, web filtering, and anti-malware.
  • Global presence for connectivity speed and route optimization.
Securely Connecting Distributed Locations, Users, Applications, and Clouds

Contact Sales

Fill out this form to speak to our team about how CloudFactory can help you reach your goals.