Content-based risk policies aligned to NIST CSF enable comprehensive control and tracking for the compliance era.

PALO ALTO, CA, US, April 18, 2023/ — Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network, announced today the industry’s first compliant and modernized secure file and email data communications platform is being built on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). As organizations most often cite NIST CSF as their preferred cybersecurity standard, the rollout of version 8 of the Kiteworks Private Content Network enables efficient demonstration of compliance for the growing number of regulations governing businesses across the globe.

Benefits of NIST CSF-aligned Content-defined Zero Trust
This rollout of version 8 of the Kiteworks Private Content Network (PCN) allows public and private sector organizations to track and control all sensitive file and email data communications in a single NIST CSF-aligned platform. Kiteworks’ content-defined zero-trust approach permits administrators to centrally manage and track security and compliance requirements aligned to NIST CSF as well as government and industrial regulations, such as ISO 27001, 27017, and 27018 and SOC 2, among others, at the content layer. And because Kiteworks is assessed for FedRAMP Authorized for Moderate Level Impact and Information Security Registered Assessors Program (IRAP) to PROTECTED level controls, customers have additional assurances that their private content that is shared, sent, received, and stored will be protected from malicious cyberattacks.

Unlocking Advanced Digital Rights Management
Full integration of NIST CSF into the Kiteworks platform will also unlock advanced digital rights management (DRM). This “reboot” of DRM is critical due to the explosion of the third-party information supply chain. With Kiteworks, compliance and risk teams can track and control who views sensitive content, who can edit it, to whom it can be sent, who can send it, and where it is sent using NIST CSF standards. Content-based risk policies can be customized based on user, action, and asset. A comprehensive audit log provides full transparency around the assignment of an asset class that can be fed into security operations for near real-time incident response and event management.

“NIST CSF is now a bellwether standard in both private and public sectors,” said Yaron Galant, Chief Product Officer at Kiteworks. “The Kiteworks version 8 release is being built on the core tenets of NIST CSF. This allows customers to manage security and compliance exposure risk across all sensitive content communication channels, including email, file sharing, managed file transfer, and web forms. Furthermore, it provides them a common language with their compliance auditors and boards of directors.”

Content-based Risk Policy Management for the Compliance Era
To address data privacy impacts on their citizens, governments worldwide are responding with an emergence of new, evolving, and overlapping regulations. Organizations cannot rely solely on employee training to ensure sensitive content is only shared or sent to authorized internal users, third parties, and geographies. Gartner found, for example, that 90% of employees admit to undertaking actions that increase risk to their organizations but did so anyway.

At the same time, organizations that can demonstrate compliance with data privacy regulations will differentiate themselves from competitors. Much work remains to be done here, however, as Gartner reported that less than 10% of organizations have successfully harnessed privacy as a competitive advantage today.

This new “Compliance Era” demands a different approach that integrates compliance and security. Kiteworks employs content-based risk policy enforcement aligned with NIST CSF for advanced tracking and control of file and email data communications. These additions to the Kiteworks platform leverage existing tags for risk management. A centralized compliance console will provide compliance reports aligned with data privacy regulations while enabling compliance teams to define policies based on the sensitivity of content assets, the attributes of users, and the risk levels of the actions they seek to perform. A policy can require approval flows or justification forms or block the transfer altogether. It can also leverage industry-first SafeVIEW and SafeEDIT innovations that enable full fidelity, full dynamic file viewing and editing to ensure that sensitive assets never leave the protected centralized server while not interrupting end-user productivity.

“We’re very excited to realize the promise of advanced digital rights management for our customers,” said Galant. “Sensitive content communications in the Compliance Era require tracking and controls that protect the private content that is sent or shared via email or other channels, including managed file transfer, as well as enable the ability to demonstrate regulatory compliance quickly and easily.”

About Kiteworks 
Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications. Headquartered in Silicon Valley, Kiteworks protects over 35 million end users for over 3,800 global enterprises and government agencies.

Patrick Spencer
Visit us on social media: