MyWorkDrive File Sharing Compliance

MyWorkDrive provides the necessary safeguards to help companies meet their security requirements and compliance standards such as CMMC, FIPS, FINRA, FEDRAMP HIPAA, and the EU General Data Protection Regulation (GDPR). By allowing organizations to establish their private cloud on their Windows file server infrastructure, MyWorkDrive facilitates compliance while ensuring users have access to an enterprise file collaboration and remote access solution under their corporate control.

FIPS Compliance

FIPS compliance

MyWorkDrive has been issued a FIPS 186-4 RSA algorithm validation certificate #3018 from the US Government National Institute for Standards and Technology (NIST). FIPS compliance adds to the list of MyWorkDrive’s data security compliance partners including Duo Security and SkyHigh CloudTrust.™ Government agencies can deploy MyWorkDrive infrastructure on-premise, creating a 100% private cloud set up to fulfill security and compliance requirements, or they can choose a hybrid cloud deployment. In a private cloud set up, all files, transmissions, and document edits are contained within the government agency’s infrastructure including support for a Local Office Online Server. When deployed as a hybrid cloud, Office documents can be viewed and edited in Office 365 online in Microsoft’s FEDRAMP compliant Office 365 editors with a direct secure tunnel between the agency and Microsoft.

HIPAA compliance

MyWorkDrive enables healthcare organizations and their supporting business associates to implement controls in a manner that assists them in complying with HIPAA and HITECH. Download our whitepaper for additional details on how MyWorkDrive enables organizations to implement controls that meet the HIPAA compliance standards for file share access.

GDPR Compliance

GDPR

All 28 EU countries have moved forward with enforcing compliance. GDPR compliance is a regulation where the EU will strengthen and unify data protection for all individuals within the European Union. The fines for not being compliant could reach 20 M Euros are significant. GDPR compliance should be taken extremely serious by any company doing business in this global marketplace. MyWorkDrive ensures data remains private and under the customer’s control. Learn more..

Data Privacy Framework

MyWorkDrive software does not store or process personal data. What little data we do process complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (“DPF”) program and to view our certification page, please visit our data privacy framework policy page.

Security Overview

Using MyWorkDrive, organizations can provide secure file share access for their employees. MyWorkDrive supports the complex username/password requirements built into Active Directory as well as DUO two-factor authentication. All data exchange transmitted is encrypted using SSL, a standard security technology for encrypting data transmission. MyWorkDrive ensures data is fully encrypted using advanced AES-256 encryption with TLS 1.2 during transmission. In addition, MyWorkDrive fully supports accessing files encrypted with Windows Server file encryption (Encryption at rest).

With native support for NTFS and Access Based Enumeration no login information or access to files is ever stored or used by MyWorkDrive. All file access is granted in the context of the currently logged on user only. As an additional security precaution we have designed MyWorkDrive so that it is not possible to grant more privileges to shares in MyWorkDrive than are already provisioned in Windows under NTFS – we inherit existing permissions providing for least privilege access.

MyWorkDrive has been awarded the Skyhigh CloudTrust™ rating of enterprise-ready for its MyWorkDrive Secure FileShare remote access software. Skyhigh identifies and classifies thousands of cloud services and provides an objective and detailed evaluation of the enterprise-readiness of each cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). More…

Data Retention and Archiving

MyWorkDrive allows customers to enable cloud access to files with existing data retention and archiving policies. Since no data is ever exchanged or stored by MyWorkDrive, existing backup software, archiving and data retention procedures may be maintained or customized to meet the needs of the business. With the entire suite of Windows server features still available, MyWorkDrive can be configured to meet the needs of organizations of any size. Should the customer ever need to restore data, retrieval is simple since it remains in NTFS format. Typical Enterprise File Sync and Share (EFSS) products require backing up complicated SQL databases and restoring entire virtual machines – sometimes many years later. With MyWorkDrive customers need only restore the original NTFS bases file system.

Logging and Reporting

All access, modifications, deletions and user activity is logged. Any file changes are logged with an audit trail and information about who changed the file and when (Date and Time) it was changed. Audit logs can be searched based on keywords or exported as needed for additional discovery and reporting.

Data Loss Prevention

MyWorkDrive helps organizations prevent file records from accidental deletion. If a user deletes any sensitive files, this information is logged. Since MyWorkDrive ties into Windows Server shadow copies, previous versions or deleted files can be restored easily. MyWorkDrive administrators can also enable our Data Loss Prevention (DLP) feature. This feature restricts users to edit or view files exclusively, blocking their ability to download or delete files at the share, user, or global system level.

Secure Search

MyWorkDrive’s integration with Windows Search (all versions) and dtSearch (enterprise) enables users to search for files by name or content within the files. Only files the user has permissions to are returned in any search results. All access controls are maintained and presented to the user.

Device Approval

With Device Approval, the administrator can control what devices with install clients are able to connect to the MyWorkDrive server – including Windows, macOS, iOS, and Android. Devices which have not been approved will not be allowed to connect. Users attempting to connect from an unapproved device will be provided with a message that indicates approval is required in order to use that client.

Robust Remote Access

MyWorkDrive provides multiple options for secure remote access. Our browser based web interface provides the most elegant and functional user experience in the industry without requiring syncing of documents to local PCs and enables users to edit documents online in Office 365 without moving them to the cloud (MyWorkDrive is the only software vendor that provides this option). In addition, MyWorkDrive provides our mapped drive and mobile clients that enhance and improve end user productivity for file access from anywhere without the security concerns and management of VPNs.