The main problem that our customers are facing today is that about 80% of the most sensitive or private files reside within applications like CRM, ERP, online services, corporate bank accounts, job recruitment services, warehouses, or any other data source being used by the organization, regardless of their location. So with 80% of sensitive business data residing in those applications, users continue to be the weakest link, not because they are malicious, but because they are negligent. They overpass the rules without giving it a second thought. Once they extract the data, either by downloading files or copy-pasting them, Actifile SAAS smart agent solution will analyze and encrypt or redact it by default, without harming the continuity of the user’s work.

What’s unique about Actifile?

Actifile is a next-generation solution to data security that changes the paradigm in 3 levels: Firstly, the shift from content classification to data source context: instead of classifying content, which is an error prone solution that generates too many false positives, we focus on the file source, so we can provide a more precise level of protection. Second paradigm shift is from perimeter to everywhere. Usually what data security tools do is check the security perimeter and safeguard it. The problem is that not all data will go through the perimeter at all. The adoption of cloud applications and external data sources is increasing by 20-30% each year. Furthermore, by 2020, it is expected that 43% of employees in the US market will be contingent, meaning part time employees working remotely or independent contractors that don’t commit to the company as employees like it used to be. Those 2 trends make solutions like Actifile a crucial necessity for organizations that outsource their workforce. When you’re working from outside the organization, you are not protected by the security perimeter. Most data security tools are coming from the cloud, and if the employee is working remotely, data will move straight from the application to the external user, making perimeter security completely irrelevant. Actifile can secure data on the device level. We do not spy on the employees or track their web history and unrelated applications. Rather, we only track whatever is relevant for the employer. We have seen use cases where companies are working with offshore employees, for obvious economic reasons, arousing difficult questions like whether or not they can actually employ people in certain countries where there are no data security regulations whatsoever. Data security compliance is difficult enough to enforce, let alone when your employees are on the other side of the globe. And the third shift is from reactive to proactive mode, which is highly important when it comes to compliance. Actifile supports compliance with privacy regulations, dealing mainly with insider threats, so that eventually the organization will be able to safely employ people anywhere in the world, and that’s a huge challenge which can be solved easily with Actifile.

What are the risks of using a data source like CRM, HR or BI  without Actifile?

The risk is that employees will extract sensitive information from applications, misuse it, misplace it or even steal it. It could be a contractor, a shipping officer or an HR administrator who will capture the customer or user data and exploit it for their own personal benefits. Actifile draws a fine line between giving employees free access to the application, or blocking them completely, which will make them less productive in what they do. If you choose not to authorize them, they will eventually find a way to get to the information in order to do their work, and you will have no control over how secure that process will be. It’s important to understand that although cloud applications are handling data security on their end, by classifying and redacting sensitive data, eventually there’s a user at the endpoint, which cloud applications are blind to. Think about it as an applicative barrier or guardian.

Can Actifile be integrated with existing applications? What would be the benefit for service providers?

We currently have two roadmap directions and this is certainly one of them. We are versatile so we can work with any app, but we can make the impression deeper and more interesting using a Cloud Access Security Broker (CASB), which is a way to manage authorization and authentication to cloud applications. Organizations can then enable authorized and authenticated users to extract or download data, without being concerned about data leak.

Is Actifile enough for an organization to comply with GDPR?

Yes. More particularly, our built-in data protection analysis can help to comply with articles 32-34 and 35 of GDPR. The rest of the articles talk about how to protect the data, but if your content is encrypted, the technicalities become less critical, therefore we can eliminate the risk of non-compliance.

How do you expect GDPR to change the way modern business is done?

GDPR is already changing how people do business, first and foremost, at the awareness level. We can already see how organizations are starting to pay attention to how they handle private information and as a result, consumers are also more aware of their rights. This is where innovative software like ours can help, not only with compliance but also with creating trust between service providers and their customers.