Do you only use the applications that are installed on your computer? Probably not. If you are a user of the internet, you probably use web applications as well. In fact, the average employee uses more than 17 online applications. If all of your employees use this many applications, are all of them GDPR-proof? Again, probably not. Which is why you should be careful where you store your sensitive data.
But first, let’s talk convenience. If someone uses 17 different applications, there’s a good chance that they’re not going to remember all the corresponding passwords. That’s when sticky notes tend to appear: post-its stuck to computer screens with passwords on them – not safe at all. Other people may use one simple password for all their applications, which means that if one is hacked, all of them could be. That’s when data breaches happen. And that is why we integrate with Azure to provide Single Sign-On to all your web applications. This allows you to manage all the passwords of your users and helps you to keep them safe. Because a user doesn’t want to think about security, they only focus on their job. And that is why it’s your role to keep the data safe.
Clientless Single Sign-On
As an additional security option we now provide Clientless Single Sign-On. We offer one simple login to your workspace and with that, all your applications. It is an addition to our current method using Azure, as we’ve noticed that our partners are struggling with some of the limitations of Azure. That is why we have introduced our own Clientless Single Sign-On. With this, you can login anywhere, from any device, without having to install a plugin in the browser. Next to this, we can create Single Sign-On to applications which aren’t yet available in Azure. Would you like to request Single Sign-On? Go to our Single Sign-On page.
Clientless Multi-Factor Authentication
So how do you make sure that Single Sign-On stays safe? You can do that with Multi-Factor Authentication (MFA). This means that there will be an extra security step with logging in, by adding an extra security code with text message, token or app. Before, we only used to do this with Azure, but now we have created our own Clientless MFA. The difference is that with Azure, you could use MFA for the entire workspace. With Clientless MFA, you can set up MFA for either the entire workspace or just specific applications, or both. It’s also possible to set up the MFA only if an employee is trying to login to their workspace or certain application from outside the company network. This can be customized to specific users, so that people who only use the workspace for non-sensitive company information, don’t have to go through unnecessary security-steps. We think that is important as our goal is to keep the workspace as easy and as simple as possible for the user.
As we mentioned, you can customize MFA based on a persons’ role within your company. Besides this, you can also customize access to information, applications or even the entire workspace. If someone is for instance no longer an employee at your company, you can deny them access to the workspace. It is also possible to deny a person access to certain applications, information, folders and files. And the great thing is, the user only sees the applications, information and documents which they need to do their work.
The future: Safer e-mail
For companies sending sensitive data via e-mail there currently are challenges. Many e-mail applications don’t monitor what goes in and out of the organisation and if you send a mail with sensitive data as an attachment you can’t pull it back. Even if you’ve sent it to the wrong person. Also, one sent e-mail goes through several stages before it is delivered to the recipient, all of which are stages where someone could intercept it. So, at the moment, e-mailing sensitive data is not safe without extra security measurements.
Another thing which is even worse, is when a document is too big to add as an attachment and people use services like WeTransfer, which makes a link for anyone who gets their hands on it to access your sensitive data.
That is why we are working on an extra secure mailbox for Workspace 365. To do this we will use encryption to send mails. When you send an e-mail and encrypt it, you should put the recipients phone number in it. The recipient will then receive a code through text message which they use to open the attachments. This way, the e-mail, even if it gets hijacked, can only be opened by the person it was meant for.
On the roadmap: Conditional access
We already have role-based access for applications and information, but we are now also researching the possibility of conditional access. This would give the IT admin the possibility to, for instance, set an IP range or block specific types of devices from reaching certain applications. If you have ideas about this, or would like to discuss this with us please contact us.
We are already doing a lot to keep you and your data safe and enable you to stay compliant with the GDPR. We’re still working on more features to keep your data even more secure, allowing you to guarantee the highest security levels. Do you have any requests or suggestions? Vote on or submit a feature request or contact us to discuss!
StorytellerDo you have any further questions about the demo environment, Workspace 365 or do you have feedback for us? Contact us!