...

ETHICAL WALL FOR SKYPE-FOR-BUSINESS

INFORMATION BARRIER FOR SKYPE-FOR-BUSINESS

Enabling federation is an important feature for extending communication outside company boundaries. SphereShield has therefore developed a Federation Information Barrier which addresses ethical regulations and compliance, security and data protection issues for Skype for Business federation by establishing granular ethical firewall policies.

SphereShield also offers the ability to use the same functionality internally, applying specific rules between different users or groups.

 

Background

Allowing federation raises several business and security issues that need to be addressed by applying granular policy rules defining permitted operations between communicating parties.

Applying a policy can also be required from a compliance prospective, preventing conflicts of interest that might result in the inappropriate and dangerous release of sensitive corporate information. Federation itself exposes privacy sensitive information that a company might not wish to share with all external federated users. Such private information includes availability (online/away) and personal details such as mobile phone number and location.

Another example is when a company wishes to conceal from externally federated companies any information on executive team availability via presence information.

To prevent such a situation, organizations need to be able to allow federation with a specific company only for specific internal users or groups.

Additional security measures can be achieved by controlling which modalities are permitted for each conversation, such as IM, audio, video, conference (meeting), desktop sharing and file sharing.

Information Barrier features

SphereShield’s Information Barrier addresses security requirements and offers the following capabilities:
 

Defines granular policy rules based on a user/group communicating with a specific company (SIP domain) or another group in the same company

Provides independent control of each activity: IM, audio, video, conference (meeting), desktop sharing, file transfer

Information Barrier for external (Federation) and internal usage

The Information Barrier can be configured to control traffic between internal and external sides and between different users or groups in the same company, helping to implement compliance regulation in companies and solving security issues.

The user interface (UI) of the ethical firewall offers a clean and simple interface allowing control of each activity and the ability to control communication direction. For example, it is possible to allow one side only to start a chat with the other side.

SphereShield’s capabilities support blocking a specific group in the company from communicating with another group in the same company. For example, a certain employee group may be prevented from calling management level group, or communication may be blocked between the procurement group and the tender writing groups or between the research and the traders groups in a finance company.

Ethical-Wall-Information Barrier
Highlights
· Solves ethical and compliance regulations , security and data protection issues
· Controls communication initiation direction
· Applies specific modality/activity policy control
· Enables federation with specific users or groups
· Enforces policy in the DMZ and blocks non-approved traffic from entering the network
· Blocks presence information from external users depending on policy
· Supports one-way initiation of communication, for example, blocking external users from initiating an IM conversation while still allowing internal users to initiate and communicate with external users
· Changes policy for users that are added to the contact list, allowing users some local policy management by applying different policies based on inclusion in a user’s contact list. Thus, by adding the federated user to the internal user’s contact list, the policy will allow more federation such as presence information.
· Enforces policy in the DMZ and blocks non-approved traffic from entering the network