How one financial services CTO got users to share info more securely

Credit: Ivoryelephantphotography via Flickr

Investment firm Blackstone was so impressed with document security vendor Watchdox, it took a small stake in the startup in March to make sure it would thrive.

But CTO Bill Murphy knew he couldn't force a new tool onto employees in the name of security.

"We could have gone top down, but that breeds resentment," Murphy told CITEworld. Instead, he positioned Watchdox as a convenience – it allowed users to share information without violating the company's strict compliance policies.

"We had policies like you can't send confidential information outside the four walls, you can't access a Gmail account, and so on. What we said is, 'Here's the policy, now here's a tool that makes it possible not to violate policy. It gives you more freedom and makes things easier for you.' You catch more flies with honey than with a flyswatter – that's very key."

The end result?

"A lot of people have no idea Watchdox is more secure than other systems. They just think it's more convenient than other solutions we have right now."

Blackstone first used Watchdox more than a year ago to solve a very specific problem: communicating transparently with its limited partners (outside investors) about the companies it was investing in. But those communications also had to be absolutely secure – a leak would have huge competitive and legal ramifications.

So it created a web portal for these limited partners, then built Watchdox into a custom app the partners used to access these documents. Eventually, Blackstone decided Watchdox would be a great tool for confidential internal communications as well, like financial projections and results. Later, they started using it for conferences as well, saving a lot of money on printing costs.

"We've now rolled it out to over half the organization," Murphy told us.

Murphy believes Watchdox is more secure than services like Dropbox or Box because it embeds permissions in the files themselves, so no matter where they end up, Blackstone retains control over who can access them and exactly what those users can do, such as editing, forwarding the file via email, or copying text into another file. Blackstone can also revoke access in case a relationship changes – like a customer moves to a different firm, or an employee gets fired.

"We're confident that even if I downloaded every Watchdox document to my iPad, if I left the firm tomorrow, there's no chance I could access those documents."

There's always a trade-off between security and usability, so using Watchdox isn't as simple  as using a totally unprotected file-sharing service like Dropbox. For instance, a user's device has to access a remote server for authentication the first time a protected file is opened, and periodically after that to check for revocation. On mobile devices, files have to be viewed in a Flash application in a mobile browser or, in the case of iOS (which doesn't support Flash), in a Watchdox viewer app.

Even so, Watchdox is a lot more convenient than what Blackstone employees were doing before – sending confidential files back and forth as email attachments.

"With Watchdox I have my documents organized in folders," says Murphy. "I have 40 different workspaces, can just drill into them whenever I want."

Murphy acknowledges that other vendors like Box are moving toward better security with features like watermarking.

But, he says, "Watchdox was born out of guys who focused on security first, usability second. My view is it's a little easier to build a company from restrictive to less restrictive, rather than open to restrictive. The DNA of the place gives me confidence."

From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies