How one financial services CTO got users to share info more securely
But CTO Bill Murphy knew he couldn't force a new tool onto employees in the name of security.
"We could have gone top down, but that breeds resentment," Murphy told CITEworld. Instead, he positioned Watchdox as a convenience – it allowed users to share information without violating the company's strict compliance policies.
"We had policies like you can't send confidential information outside the four walls, you can't access a Gmail account, and so on. What we said is, 'Here's the policy, now here's a tool that makes it possible not to violate policy. It gives you more freedom and makes things easier for you.' You catch more flies with honey than with a flyswatter – that's very key."
The end result?
"A lot of people have no idea Watchdox is more secure than other systems. They just think it's more convenient than other solutions we have right now."
Blackstone first used Watchdox more than a year ago to solve a very specific problem: communicating transparently with its limited partners (outside investors) about the companies it was investing in. But those communications also had to be absolutely secure – a leak would have huge competitive and legal ramifications.
So it created a web portal for these limited partners, then built Watchdox into a custom app the partners used to access these documents. Eventually, Blackstone decided Watchdox would be a great tool for confidential internal communications as well, like financial projections and results. Later, they started using it for conferences as well, saving a lot of money on printing costs.
"We've now rolled it out to over half the organization," Murphy told us.
Murphy believes Watchdox is more secure than services like Dropbox or Box because it embeds permissions in the files themselves, so no matter where they end up, Blackstone retains control over who can access them and exactly what those users can do, such as editing, forwarding the file via email, or copying text into another file. Blackstone can also revoke access in case a relationship changes – like a customer moves to a different firm, or an employee gets fired.
"We're confident that even if I downloaded every Watchdox document to my iPad, if I left the firm tomorrow, there's no chance I could access those documents."
There's always a trade-off between security and usability, so using Watchdox isn't as simple as using a totally unprotected file-sharing service like Dropbox. For instance, a user's device has to access a remote server for authentication the first time a protected file is opened, and periodically after that to check for revocation. On mobile devices, files have to be viewed in a Flash application in a mobile browser or, in the case of iOS (which doesn't support Flash), in a Watchdox viewer app.
Even so, Watchdox is a lot more convenient than what Blackstone employees were doing before – sending confidential files back and forth as email attachments.
"With Watchdox I have my documents organized in folders," says Murphy. "I have 40 different workspaces, can just drill into them whenever I want."
Murphy acknowledges that other vendors like Box are moving toward better security with features like watermarking.
This week, a National Transportation Safety Board judge dismissed a $10,000 fine that the U.S. Federal Aviation Administration had lodged against a photographer who had used a drone to take aerial photos for the University of Virginia. The judge found that the FAA hadn't actually issued any enforceable rules regarding the use of commercial drones.
If you've got a Windows XP machine -- either at home or in the office -- consider yourself lucky. In the past, you'd upgrade to a more recent Windows operating system without a thought. Today, you have many options.
It's designed for the 3.5 billion people who have feature phones today. It solves technical problems Google is not interested in and is a better fit for the pre-paid phones popular in developing countries. The only trick is getting developers on board.
The cloud has overcome a lot of its technical challenges, especially when it comes to security. But the biggest problems in cloud computing now are cultural.