Is Secure Collaboration an Oxymoron?

These are dangerous times—for humans and for data. And the danger for humans has exacerbated the danger for data.

That was the short message delivered during a briefing from Boston-based Nucleus Cyber, which offers an advanced information protection solution that finds, classifies and secures data for safe collaboration.

Covid has dispersed workforces everywhere, said Steve Marsh, VP of product. And that’s forced colleagues to collaborate as never before. When users loosen environments in which they collaborate, data can go flying. “Accidents happen,” Marsh said.

“How do people collaborate?” asked Kurt Mueffelmann, the company’s founder and CEO. Lots of ways: email, file sharing, Office 365, SharePoint, Dropbox, Yammer and Microsoft Teams, which saw its average number of daily users double in a month, he said, as a result of working from home.

Different products require different rules, he continued. Some are permission-heavy. Some require encryption. When he founded Nucleus Cyber in 2018, Mueffelmann said, they were looking for a solution that would span the diverse business teams and their different needs, and offer data-centric security, which had to be centralized. That central concept was the “nucleus” that led to the company’s name, he explained.

The work world has changed. People are on the move and they use different devices. “‘Secure collaboration’ is an oxymoron,” Mueffelmann said. The two words don’t sound as if they belong together, but the concept is necessary. What don’t make sense, he added, are the traditional static defenses, which tie permissions to specific locations and no longer work. The world is too dynamic.

Using the Nucleus Cyber solution, securing data is broken into three tasks. The first, said Marsh, is for the organization to define sensitive data. Then locate and classify it. The second is to set dynamic policies and rules to guide users to safely share data and proactively prevent loss or misuse. The third task is to track file and user activity to ensure compliance through comprehensive audits. Alerts for risky behavior should elicit immediate responses so that problems are fixed before incidents occur.

The Nucleus Cyber product is designed to prevent inappropriate access or sharing violations, Marsh said. Who is trying to use a file and from what location can determine whether access is permitted or denied. In some cases a company may want to prevent a user from even seeing a file, and that can be done.

In Microsoft Teams or Office 365, a company can prevent an employee from copying and pasting or printing a file from a public location such as a hotel, or prevent a remote worker from printing a file with sensitive information like social security numbers. Also, Marsh noted, the company can use watermarks—and not just to mark a document as confidential. Watermarks can be deployed to imprint the date, time and the user’s name on a document. It reminds the user that the system is watching and reinforces company training to secure the data.

Changing regulations drive demand for the product, Mueffelmann said. As do the many ways it can be used. An insurance company had a delicate compliance matter it needed to solve, he recalled. It needed to protect court-authorized documents on the settlement of a child sexual abuse lawsuit. The court ruling said that only six people were allowed to access the settlement claims document. The Nucleus Cyber software ensures that no one else had the ability to do so, or even to know that the documents existed. Problem solved—or averted.

The key to the product’s success, Mueffelmann said, is the way the software maps and matches the attributes of the data with those of the user. It has the document’s metadata: who created it, when, where, etc. And it knows not only the user’s permissions and directory group memberships, but also location. Is it the office, a hotel, a coffee shop? The context can be used to determine what the user can do. If the user is overseas, some data may be invisible.

Marsh said that when a new client gets started, some of the configurations can be set up quickly—in minutes. But there are often special cases that will require tweaking. They generally advise companies to focus first on their top priorities and save issues that require more time to resolve for later. A key selling point is that the software is easy to use. They can help match the rules to the client’s needs, and then give project managers and team owners the power to tweak rules later to meet changing or newly emerging developments.

There was one more point about collaboration that came across throughout the briefing. Collaboration may be one of the causes of the risk that this software seeks to mitigate, but the collaboration between Nucleus Cyber and Microsoft is one of the reasons it works as smoothly as it does, the two executives said.

It was not a coincidence that they kept referring to Microsoft products. Nucleus Cyber and Microsoft are supposed to mesh. The company’s technology integration is certified as part of its membership in the Microsoft Intelligent Security Association. Marsh, who once worked for Microsoft, is based in Redmond so that he can continue to collaborate with his former employer and expand the partnership.

The message seems clear. Collaboration can pose problems, but ultimately it is, and will be, a bigger part of the solution.