Secure Document Access in the Field
Mobile device management is a hot topic these days; everyone knows how important it is to secure the handhelds that hold sensitive enterprise data. But what about managing and controlling access to documents themselves, especially files that need to be viewed and shared by multiple individuals in multiple locations?
is a consulting firm based in Viera, Fla., that helps small- to medium-size manufacturers—largely in the defense industry—achieve compliance and meet ISO 9001:2008
(International Traffic in Arms Regulations) standards. A small outfit, CVG employs 12 people, many of whom are mobile and spend a considerable amount of time at clients’ facilities. Developing technical and other documents is central to CVG’s operations, and especially with ITAR, the control and release of these files is critical, according to Kevin Gholston, VP of business development, CVG Strategy. “We can’t allow restricted documents to get outside of the control of U.S. citizens or green card holders, or be accessed in restricted countries,” he explains.
Last year Gholston turned to WatchDox
to ensure the privacy and proper management of the company’s technical documents. WatchDox, based in Mountain View, Calif., enables secure, private document sharing and collaboration, within and outside of the enterprise, available as SaaS solutions. As CVG’s WatchDox administrator, Gholston can post documents to CVG’s WatchDox Web site and set restrictions for the files.
“What WatchDox does is give me the benefit of high-end encryption via a subscription model,” says Gholston. As a small enterprise, CVG doesn’t have the resources for a designated IT staff member who can run a server and all the appropriate software to handle its own certificate service, thereby enabling document encryption.
Once a document is posted to WatchDox, users are unable to access the file without going through the system. WatchDox records each user’s IP address and allows document access only to individuals who have been authorized by the administrator. What’s more, says Gholston, the administrator can also control whether users can download, forward, or print a document and “turn off access at the end of a predetermined time period.”
Gholston says about two thirds of CVG’s employees use iPhones and describes the WatchDox app for the popular mobile device as “slick.” The app makes sharing documents while working remotely on a client’s site simple, secure, and easy. “The simplicity is actually the strength,” he says.
Currently, CVG pays about $2,000 per year for WatchDox’s services and is permitted to have 20G of files posted at any given time, which is a bargain compared to the alternative—buying $10,000 to $15,000 software and setting up a server that IT would manage, Gholston says. “Why do it yourself when you can buy a subscription?” he asks.
“Especially with regards to ITAR, using WatchDox is the perfect way to play it safe and not get in trouble with the DOJ [Department of Justice],” says Gholston. “And in the defense area, I can’t imagine why small companies that don’t have IT staff wouldn’t want to use WatchDox—government entities, too. They have the same problems.”