How to Protect Your Company Data from Internal Leaks

Digital and manual data theft is real. Most companies concerned about hackers haven’t given enough thought to the dangers of internal leaks. Thanks to a new solution by Skytizens, protecting confidential information goes beyond the honor system to digitally enforce data security.

What do you do when a client approaches you, saying their content security solutions aren’t working?

You build a 100% fool-proof solution from scratch.

At least, that’s what Skytizens did when Honda R&D Asia Pacific called and said they needed a rock solid way to protect their research and development documents.

The Request

The call from Honda makes sense. Skytizens, an enterprise content management (ECM) development firm based in Thailand, has clients spread across the Asia Pacific region. From governments to multinational enterprises, Skytizens builds document management systems (DMS) that allow large organizations to access their data and execute functionality using that data in an organized way.

Honda’s R&D team works on the future of automotive technology. It’s important for the development process to remain 100% contained within the company until the release date of new technologies. Every design, record of feedback, and timeline for completion is strictly confidential. Honda needs to keep the information away from the public and more importantly, away from competitors. One wayward employee could mean a huge hit to the bottom line.

When Honda needed an innovative and cutting-edge solution they approached Skytizens because they know the team of Alfresco ECM software experts at Skytizens develops some of the most innovative software in the Alfresco ECM global developers’ community. They needed a custom solution and they knew that Skytizens could come up with the answer.

The Parameters

With plenty of cyber security aimed at keeping hackers out, there isn’t as much sophistication focused on keeping privileged information in. Staff members with enough security clearance often have free reign to move and share data as they please. A screenshot can get attached to an email and sent out of the system within seconds. Using browser-based email is untraceable without “big brother” style keystroke recorders. Traditional solutions are limited.

Though applications claim to block information sharing, it is technically impossible to disable screen capturing in the Windows Operating System. Third-party security apps claim to block digital sharing functionality by blocking the Print Screen button. Unfortunately, these apps can be side-stepped. With keystrokes disabled, it’s still possible to Right-Click and take screen shots from the dropdown menu.

Honda needed a complete blackout on data sharing.

The Solution

Instead of trying to block digital sharing functionality, Skytizens went in a completely new direction. They simply blocked the content. They built a browser that looks and acts just like a normal web browser for accessing the company’s system. The only difference is that this maximum security browser allows screen capture functions to take place but disallows the content from within the browser being sent through the buffering process. This means that anything within the browser window is captured as a completely blank, black box. The information is visible on the screen but it’s simply unavailable to be digitally shared.  They call it a blackout browser.

This blackout browser works for all sharing functions that would allow information to digitally leave the Alfresco system:

  • Print Screen
  • Video/Screen Recording
  • Apps with screen sharing capabilities (LINE, Skype, Zoom, TeamViewer, etc.)

Staff is assured to use the blackout browser to view confidential information because files and sites with a confidentiality label are only accessible via this browser. When searching the Alfresco repository from a typical user portal or system URL in another browser (Google Chrome, Mozilla Firefox, etc.) the confidential files and sites simply do not appear.

Next-Level Security

The solution does two things that previous security apps couldn’t do.

First, it’s impossible to bypass. Where the apps of yesterday could be unlocked or temporarily disabled, the Alfresco SkyBrowser is the only way for employees to view confidential information. This makes the blackout browser impervious.

Second, Alfresco SkyBrowser records when internal leakers use share functions even though their attempts are blacked out.  Every attempt to take a screenshot, print screen, or enable screen sharing results in an error message to the user and an automatic notification to the system admin, letting the company know what’s going on. Though digital sharing doesn’t work, the company can see who is trying and how often—and decide what to do from there.

Fail-Safe Against Internal Theft

The only possible way to share information from the blackout browser is to use a secondary recording device such as a hidden camera to record and share information. Alfresco SkyBrowser used in conjunction with the Alfresco HTML5 Dynamic Watermark addon (another Skytizens invention) has the bases covered. The watermark module integration means that when a user opens confidential information in the course of their job, their username is plastered all over the screen. This easy ID strategy discourages even the most clandestine of data theft activity from occurring in your company.

The blackout browser integrates well with the greater ECM as well. The browser allows companies to create special types of system work sites labeled “Confidential”. Confidential Sites exist in the Alfresco repository but are not visible from outside the Alfresco SkyBrowser. Confidential Sites are essentially an additional level of top security access.

The rest of the security features are pretty typical for internal security. Print functionality is not supported. The search bar is disabled so the server location remains hidden. There is no web browser cache and no browsing history. Nothing gets recorded on the user’s local machine or on the system server. Unlike a typical web browser, this one has no plug-ins or extensions that can provide back-door access to information. All keyboard shortcuts are disabled (CTRL-C, CTRL-A, CTRL-X, etc.) and it’s impossible to copy text form the browser because the clipboard is disabled. Finally, the HTML console and source code is all disabled so users are unable to preview web page code whatsoever.

Extras

A few extra features make the blackout browser the ultimate in safeguarding data.

An audit log keeps track of share attempts along with username and time clocking. Companies can choose to receive attempted sharing notifications via email or SMS. The module can limit the number of user connections based on preference. Finally, Alfresco SkyBrowser has been created to support company branding, allowing for custom logos, naming, and image selection to be used during the installation package and browser windows. Honda employees may be aware of the security features, but they see a familiar and friendly company-branded Honda browser icon on their desktop.

The Alfresco SkyBrowser addon is a state-of-the-art software product that sees internal leaks in the company dry up and the temptation of sharing privileged information disappear. It was ultimately developed to give R&D departments and companies with sensitive internal information the ability to completely shut down attempts at digital and manual theft of information.

For companies dealing cutting-edge technology, scheduled product release dates, and innovative work, Alfresco SkyBrowser provides wall-to-wall security as well as peace of mind.

To read more about cutting-edge enterprise software developments, visit Skytizens.

Back to top