Thursday30 March 2023

Vera jumps into the document control market with both feet Featured

Reading time is around minutes.

Black Hat USA 2017 – Las Vegas, NV
Three years ago we talked with a company that had something of a change in thought process on how to protect your data. Instead of building bigger walls they wanted to make the items behind those walls unusable to anyone that did not actually have access to them. This year at Black Hat we have talked with multiple companies that have the same, or a similar idea. One of the companies we talked to about this is Vera. Vera is another in a growing group of companies that understand that the traditional security posture is just not enough.

Vera provides enterprise data security by controlling access to and usage of files and folders that exist both in and outside of a corporate/protected network. They do this through a permissions-based type of document encryption/protection. This system is capable of integrating with existing active directory environments and can federate to other trusted domains to allow for simple document access controls. The keys to this are maintained by Vera and can be rotated as needed or desired. This key rotation does not impact existing documents so there is no need to worry about them.

Through the system, and active directory you can identify groups or users that need access to file/folders and give them the permissions they need. These permissions can include read, edit, copy, paste etc. It is entirely possible to set up permissions that allow someone to only read a document and prevents them from even making a copy of them information or document. This helps to prevent internal leakage of information. The system also logs interactions with the files/folders so that if someone does try to make a copy of a document they are not supposed to it is logged for audit purposes and can be sent to your SEIM. If someone that is allowed to copy files does make a copy it automatically has the permissions of the original document so it is still protected.
You can also add multi-factor authentication for specific users and/or documents, identify trusted networks or zones to improve protections and also usability. One nice function is an NDA (Non-disclosure agreement) feature that can let you protect information until a predetermined date and then remove all protections so that it is available to anyone. Conversely you can also expire access to a document after a set number of days or a specific date to prevent access outside of when you would need it. Vera’s protections have also been extended to email and not just attachments. You can also protect the body of an email to limit who has access to this information.

The system is complex, but that complexities that make up the protections are not visible to the end user. This means that they do not need to know about the Active Directory integrations, federations, Key Management functions, or anything about the system. Instead they have access to what they need and no access to what they do not. The need to authenticate to view sensitive information is a small thing when you consider the extra protection and ease of use this provides. It means that you do not have to try and force users to use the cumbersome and expensive FTP or file transfer applications that are often required. They can now use what they like (or an easier to maintain/use system) to send files and still maintain confidentiality and regulatory compliance.

If set up correctly Vera can be the answer to wrangling in some of the issues that revolve around protecting corporate information from being leaked (intentionally or not) by users looking to do things as easily as possible. It can remove the need to block Boxx or DropBox and allow a security team to focus on other, much more important, things. This type of solution also is helping to shift the security landscape and mind set from the traditional walls and moat to a more data centric approach. Vera is not the only company that is heading in this direction and we really hope to see more moving into this space.

Last modified on Friday, 28 July 2017 23:38

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.