SDigitalOcean – cloud hosting, built for startups and developers; Helping startups take their ideas to the next level!

Brainloop Inc. – Securely Manage And Collaborate On All Your Confidential Documents

Listen to this article

Brainloop Inc. is a national provider of commercial confidential storage, management and collaboration products and services, including an ITAR-compliant, secure solutions for enterprise-wide protection, collaboration and exchange of technical data. Brainloop Inc. is the official ITAR Technical Data Storage Sponsor for Team Miles, a participant in the NASA CubeQuest Challenge. Below is our interview with William O’Brien, President and Chief Executive Officer at Brainloop Inc.:


Q: So much of what we hear when it comes to best cybersecurity practices involves user awareness and continually refreshed training. What should a well-run organization know and implement in addition to that?

A: Once cybersecurity plans are in place and organizations (and their employees) are aware of the threat potential and trained for proper responses, they must realize that the journey has just begun. We recommend that companies continue to enhance security by following a disciplined and reiterative process that can be reflected in a cybersecurity checklist. With this kind of checklist, which should include the elements listed below, companies can continue the journey to not only ensuring end-to-end security, but to also achieving full regulatory compliance.

Step 1: Recognize the Classified Information and Prioritize It

It’s a common misconception that companies should secure every digital document or snippet of data they handle. That’s simply untrue, and far too tedious and costly. Instead, we need to take a small, but extremely important step in the right direction. We need to recognize, identify, prioritize and protect the most sensitive information and know the ins and outs of who, when, where and how it is being stored.

The practice here should be to think about what a malicious hacker would want and what should and must be protected – envision the blueprints outlining future product plans; any email chains discussing pricing options; intellectual property that would harm a business’ reputation or value if it was ever stolen; technical data subject to export controls. These types of files should be prioritized and, most importantly, fully safeguarded.

Step 2: Be Aware of Insider Threats

Surprisingly, more often than not, the majority of data compromises are, through malice or carelessness, lost through the action of insiders, most famously demonstrated by Edward Snowden’s last days at the National Security Agency. And while external stakeholders pose huge risks, internal stakeholders can cause even more damage, with immediate access to all confidential documents and industry trade secrets.

Organizations need to be aware of, and be imaginative about, insider threats, with the malicious often being the most significant. Despite the high levels of trust within organizations, the most significant data breaches do not most often come at the hands of just careless employees. The malevolent, but insufficient vetted and overly permissioned invitee into a corporate network is most often the most harmful because the most significant information is targeted and the wrongful dissemination of that information is intended.

Focusing on areas such as access and privacy controls, aberrant behavior screens, and other approaches that guard against security threats – not just at the firewall but granularly throughout the system, including at the user group, user, folder, file, document and content levels, are required to achieve the most successful security policies and compliance measures. Only when an organization guards against both internal and external threats with targeted precision by asking the questions of who needs access (and who doesn’t) and how extensive should be that access can organizations be sure that they are passing the threshold into acceptable risks.

brainloop Related: System Surveyor Makes Designing and Maintaining Electronic Security Systems Easier and More Efficient

Step 3: Choose the Proper Secure Technology for the Business

The rise in cyber-attacks brings with it a saturated market of secure technology vendors. It’s important to not fall for the best “bang for your buck” offering or the first vendor proposal that lands in your inbox. There is, of course, a responsibility to conduct proper due diligence.

Organizations need to ensure the security “basics” are in place. These essential features include anti-virus and anti-malware, firewalls, e-mail and web content filtering, encryption, secured storage with access controls at the firewall and within, folder and file level permissions, group permissions, document rights management, dual or even multi-factor identify authentication, and security information management systems.

Data encryption is also pivotal when sharing confidential financial information. Whether in transit, in use or at rest, in an appropriately secured operation, data should be encrypted at rest and certainly before it enters the cloud. Identity and contents should be protected by appropriate operator and administrator shielding. Likewise, passwords should be complex and dynamic in nature – one of the more basic, yet most overlooked, preventative measures.

Step 4: Educate your Employees

We must also return to training. Employees within an organizations are extremely important to its overall security. As technical process and tools are put in place, we need to step back and ask ourselves: “Does this technology integrate seamlessly with employee workflow?” If secure tools and resources are too time-consuming or complex to understand, employees simply won’t use them. Technology must be intuitive and have a recognizable user interface that mimics popular business tools, such as Microsoft Outlook, for example.

In addition to evaluating how secure tools will integrate with employee workflow, one must also hold regular employee training sessions, to ensure everyone within an organizations is aware of the newest security threats and prevention methods. In addition to in-person sessions, conduct online seminars for those working remotely.

Ensure these training seminars cover the most relevant, popular vulnerabilities in the industry today, such as how to identify (and avoid clicking through to) a phony email containing malware. And ensure that use of these procedures and tools is not just followed but also becomes routine within the organization.

Step 5: Don’t Ignore Compliance

Compliance is key to avoiding large financial and reputational penalties. After all, it often becomes public knowledge once an organization violates compliance regulations, which is often more damaging than having to pay a fine. We need to educate ourselves – and our employees – on the appropriate compliance mandates within the industry. Once identified, don’t ignore these critical mandates.

For instance, each year, organizations are charged with substantial fines, totaling tens of millions of dollars, for not adhering to compliance regimes. Every organization should have the means to avoid those penalties.

brainloop1 Related: Le VPN – Provides The Highest Level Of Internet Security And Anonymity

Q: How do you anticipate computer security will evolve over the next several years?

A: Computer security will increasingly evolve into relying on, and constituting, multi-faceted and multi-vendor networks where specialization areas constantly bring the most current best cybersecurity practices to the network, which are then integrated into a constantly evolving, but increasingly robust solution.

Security will be granular and, therefore, existing and protective throughout the network. Leading security solutions will promote having networks be increasingly automated to avoid unnecessary reliance on the human element. They will be self-healing and interpretative when dealing with security threats.

Cybersecurity networks will include, and rely on, pro-active detection of anomalies, reporting and reactions. They will have robust tamper proof auditing capabilities allowing lessons to be learned and retained.

In summary, they will evolve to meet a constantly evolving threat.

Q: Do only large enterprises have to worry about aggressive and directed hacking, or do this issue also involve smaller and medium sized companies?

A: Large enterprises are often have the most hardened networks, so while the benefits to a hacker from compromising a larger target are themselves greater, the difficulty of intrusion and compromise is likewise heightened. Smaller and medium-sized enterprises (SMEs) can have the same confidentiality needs as larger companies, as well as the same immediate impact on the enterprise when security fails, and yet their security is often more elementary or lacking entirely. As a consequence, SMEs do find that they are the subject of sophisticated and effective cyber-intrusions and have little or no structure to prevent or even detect the attacks. SMEs need to be as aggressive as larger enterprises to protect their computer and IT assets. Fortunately, with available commercial alternatives, the opportunities exists for SMEs to be as effective in their counter-hacking efforts.

brainloop2 Related: Sqrrl – A Better Approach To Detecting And Investigating Cybersecurity Incidents

Q: Tell us something more about Brainloop and your history?

A: Brainloop in the US is a market-leading provider of highly intuitive SaaS and on premise solutions that enable our customers to securely manage and collaborate on confidential documents and information, whether inside or outside of their IT environments. It has developed a unique, patent pending storage, management and collaboration solution for companies with ITAR technical data requirements. It also has significant presence in meeting the collaboration and confidentiality needs of boards of directors as well as companies in the financial services, manufacturing, and aerospace and defense industries.

Q: What are your plans for the future?

A: Brainloop in the US is going to grow to be increasingly granular in its security options and broader in providing tools to allow for both greater interdiction and avoidance of compromises, as well as integration of these solutions into the dynamic cybersecurity environment that will characterize secure networks of the future.

Activate Social Media: