Collaboration: file sharing made secure
Many collaboration efforts are document-centric and require sharing numerous and sometimes very large files. The use of e-mail for distribution has proved unsatisfactory at the enterprise level because access cannot be controlled and tracking is virtually impossible. Consumer-oriented file sharing applications have come in to fill the void, but enterprises often do not want to use them, again because of the lack of control over the documents. A number of file sharing solutions geared toward organizations are offering the security and collaborative features that enterprises need.
Needham Bank was established in 1892, but despite its early roots, the midsize community bank is not mired in the past and has enthusiastically embraced technology. "We had been looking for an efficient and secure way to collaborate both internally and with customers and our partners," says James Gordon, first VP for operations and technology at Needham Bank, "but we also have very stringent security requirements."
One of the bank's most pressing needs was to find a way to share sizeable files. "Some of our large projects such as construction loans or high-end leased office parks might have 100 different appraisals, and we needed to provide lawyers and appraisers with secure access to those files," Gordon explains. However, the bank did not want to be dependent on a particular operating system or version of Java or Flash.
After looking for the right solution for a while, Needham Bank discovered Accellion, which was founded originally to provide a secure file transfer alternative to FTP. The company has since expanded its products to include a range of options targeted at the mobile workforce, including team collaboration, virtual data rooms and access to enterprise content management systems. Gordon says, "Accellion is agnostic about the user's system, so we can interact with any of our colleagues, on any device."
The bank is also committed to allowing access through the full range of mobile devices. "We were very early adopters of the iPhone, and we see mobile usage as a clear trend for the future," Gordon says. However, when it came to sharing files via the popular consumer technologies, Needham Bank took a hard line. "We blocked access to file sharing applications other than Accellion, because we can't risk having our data compromised," he says.
Besides sharing files among members of teams within the bank and participants in operations such as loans, Needham Bank must deliver information to auditors. "We offer our portal as the best way to provide documents to the auditors," Gordon says. "All the documents they need for the audit are available there, and because all the data is on our own server, we have a complete record of who is accessing each document."
Typical customers for Accellion are in industries such as healthcare, government, financial services, pharmaceutical and energy. "These industries manage an enormous amount of data," says Colman Murphy, director of product marketing, enterprise solutions at Accellion. "For example, when an oil company is doing field analysis to determine whether it should continue exploration in a certain area, the data could include large files with detailed topographical or scientific data or environmental video footage that needs to be shared easily and securely."
Last year, Accellion announced support for integration with enterprise content management (ECM) and network file systems, extending its reach beyond data stored in the Accellion application. "Users can go right from their mobile device to connect to a backend repository such as SharePoint or Windows file shares," says Murphy. "They gain access through their existing permissions on the network." However, many other levels of control are available, including limiting what ECM systems can be accessed, shutting down mobile devices and remotely wiping content stored in the Accellion app on mobile devices.
Federal and international laws require an independent ethical review of any research conducted on human subjects as defined in regulations. Institutional review boards (IRBs) provide that oversight for clinical research and numerous other types of studies involving human subjects.
The boards examine certain required documents such as protocol and consent forms for the study, with particular attention to the rights and welfare of human research subjects. Then, the boards communicate their decision about what will be required in order to receive approval and begin the study.
Once the board OKs the plan, the approval documents are issued and transmitted to the pharmaceutical company and associated researchers. The documents become part of the regulatory package that the pharmaceutical company must maintain and submit to the FDA once the clinical trial is completed.
IRB Services has established the boards that review the research to be conducted by pharmaceutical companies on new or existing drugs. Because the review process involves collaboration among industry, government and ethics boards, an effective document sharing application is a logical step. "We wanted to make it easier to share information," says Simon Corman, director of business operations at IRB Services. "However, because the material is sensitive, we have been very conservative in adopting new technologies for this purpose."
Through the pharmaceutical companies it works with, IRB Services became aware of Intralinks, which developed software to support the merger and acquisition (M&A) process and then expanded into other collaborative functions. "Although Intralinks' software was oriented toward large enterprises," Corman says, "its newly released product, VIA, fit our needs perfectly."
VIA allows users to collaborate while retaining control over documents, even providing the capability to "unshare" a file, making it unusable. "What we liked best about VIA was that there was no doubt about security and compliance," Corman says. "They provided information that validated all aspects of its performance." In addition, IRB Services found the software to be easy to use. "You literally do not need any training," he adds. "This was a key factor—our users do not have time to learn yet another complex computer application."
Once the approval documents are created, a function called a "work stream" (a simple mechanism for managing work around file sharing) keeps the research process flowing. "In the past, we sent the approval documents through e-mail, which was cumbersome and hard to track," Corman says. "Now, we create a work stream that sets security parameters to the desired levels, sends an alert to the researchers, and after entering their credentials, they can download the approval document, which accelerates the entire process."
The proliferation of file sharing options is a double-edged sword, according to Mike Lees, VP of enterprise solutions at Intralinks. "These applications are responding to a legitimate business need," he says, "but they don't have the control that an enterprise requires. Intralinks appeals to users who are familiar with the new generation of file sharing, while keeping the industrial-strength backend that ensures content is controlled and auditable."