Coalfire

Centralizing content for simplified, stronger security

PROBLEM

For a company like Coalfire whose singular purpose is to protect customer data, security and compliance are top of mind. But securing content was holding the company back from keeping processes running smoothly.

 

SOLUTION

By centralizing all content on Box, Coalfire has improved security and governance for customer projects across industries. Box Governance and Box KeySafe allow Coalfire to manage sensitive customer assets with absolute control while still letting employees collaborate seamlessly.

 

OUTCOME

With Cloud Content Management, Coalfire has unified its content, ensured compliance, and adopted a frictionless security strategy — all without disrupting the way people work. Coalfire is now truly at the vanguard of content security.

 

As a company that helps other organizations avoid cyber threats and decrease data risk, Coalfire can’t take any chances with securing information. Some of its customers are regularly scrutinized for compliance because of their domains — technology organizations like GoDaddy, manufacturing conglomerates like 3M, finance companies like Sunwest, and legal organizations like LexisNexis. 

Given its high-profile customers, Coalfire must ensure compliance and keep its sensitive information — and that of its clients — secure. For Robert L. Flores, Vice President of Information Technology Services for Coalfire, decisions around information governance and security are paramount. 

In the past, all that content had gotten widely dispersed and siloed, and as data regulation laws increased and changed, content bloat was putting Coalfire under real pressure. So Flores began a search to replace multiple legacy solutions with a single-platform solution to simplify things and bring them under absolute control. That’s how Coalfire arrived at Box.

 

“Box played a key part in allowing us an easy path toward consolidated data store that made sense for us — still usable, but highly secure and manageable.”

 Robert L. Flores, Vice President of Information Technology Services, Coalfire

 

A content platform that doesn’t hinder process

Before Flores came on board, there wasn't a cohesive strategy around information management. Various teams were using multiple content repositories, from SharePoint and network drives to rogue solutions individual users had adopted without company sanction. There was no uniform way to manage assets. In fact, he says, “It was a challenge just identifying all of the nooks and crannies where data existed. A lot of people were data hoarders. It was like watching an episode of TLC. Every time you opened a closet, stacks of data fell out.”

With 12 offices in the U.S. and one in the U.K., it was time to consolidate all of Coalfire's data onto a single content platform. Flores was determined to find a platform that would offer centralized security without hindering optimal processes. “I’ve always believed that processes have to take precedence over technology, and not the other way around,” he explains. “Start with the ideal, then try to go out and find the technology to make those processes workable. That’s the approach we took.”

Other solutions such as Office 365 and G Suite were not quite right for Coalfire because they didn’t align with the processes that users preferred. On the other hand, “Box was a common denominator for all of the other platforms,” he explains. “It could direct to a common source behind the scenes, so users didn’t have to change their behavior on the front end.”

With Box as the content layer, Coalfire has now built an internal workspace platform called Coalfire One that they use to communicate directly with customers, exchange information securely, and archive past projects. “Once identified,” he says, “it was really easy to migrate to Box. That was one of the things that really sold us on Box as a solution.” There’s no need for employees to master multiple platforms, and managing content has gotten much simpler and more secure for Flores’ team.

 

“We just couldn’t beat the suite of products and services that are built around Box. Secure encryption and file management already built into platform at an advanced level meant less development and quicker go to market for the products, ultimately allowing our business to scale.”

 Robert L. Flores, Vice President of Information Technology Services, Coalfire

 

Enhanced governance for sensitive content

In addition to using Box as a single content platform, Coalfire brought in Box Governance, a critical piece of the puzzle for a company working with valuable customer data across many different types of industries. Coalfire conducts all kinds of compliance audits for customers, and each type of audit has a retention policy around it with specific and unique parameters. Information must be retained for the exact amount of time — then destroyed immediately.

With Box Governance, he’s now creating retention rules and using Box to more deeply understand what the company has in its archives and what’s at risk. “The governance solution Box offered was perfect,” says Flores. “I can’t tell you how overjoyed our legal department was to find out there was a tool out there that just made information disappear when it was supposed to. To be able to provide them with a turnkey solution for document retention and management — they were doing cartwheels down the hall.”

Flores is also leveraging Box Governance for projects including security classifications and GDPR adherence. Regarding the latter, he says: “There are a lot of different requirements, with only a little overlap with the U.S. We’re just starting to manage those processes, but I can’t imagine we would throw anything at Box Governance that it wouldn’t be able to handle.”

 

“We could not have asked for a more tailored solution for governance around the specific workflow we have to support, right out of the  box. This was so much of a slam-dunk it was obvious.”

 Robert L. Flores, Vice President of Information Technology Services, Coalfire

A simplified security environment with full privacy control

The final piece of Flores' content security plan is encryption key management. After all, Coalfire company policy requires self-managed ownership of encryption keys for all digital content.

But content security can't disrupt the way people work. By leveraging Box KeySafe's hardware security model to store and protect encryption keys, Coalfire gains complete independent control over encryption keys without impacting user experience. The company is able to control its encryption onsite, abiding by the specific compliance rules without creating friction for users. This has been a key selling point for sales representatives, because the encryption-key aspect of security is paramount for prospective clients.

“We absolutely have to be able to hold the keys for any repository that we use,” Flores confirms. “In fact, that was one of the key differentiators that brought us to Box. We hold very sensitive information for all of our clients. There’s no margin for error in securing that information. KeySafe was table stakes for us.”

For Flores, too, absolute control over encryption is critical: “Not only does encryption have to be wrapped in security, it must have a kill switch.” With KeySafe, an administrator can log in to see detailed records of how keys are being used and to control a safety switch. And with all content now on Box, KeySafe adds to Flores’ goals of simplifying the security environment.

 

"Managing our own encryption keys was absolutely table stakes when it came to any platform we chose."

Robert L. Flores, Vice President of Information Technology Services, Coalfire
 

Building security on a single content platform

As a security expert, Coalfire's approach to collaboration, governance, and security involves deep scrutiny of any technology partner. Teaming up with Box to store and govern content, plus layer encryption over that effort, allows the technology company to stay at the forefront of digital security without getting bogged down in the details.