If you’re in the defense industrial base, you may have heard about geofencing, the ability to limit access to data depending on a user’s location, and wondered if it applies to your business.
Yes, you’re aware that letting any regulated information leave the boundaries of the U.S. would constitute unauthorized disclosure. But you’ve already put advanced data access controls in place and don’t anticipate that any of your data would be leaked across borders.
If all of this sounds true so far, consider this scenario: Bob, one of your hardest workers, takes a vacation with his wife in the Bahamas. On his first day there, he decides to get a head start on a project he’ll have to complete when he gets back. He opens his personal laptop and downloads some controlled unclassified information (CUI). But his laptop isn’t encrypted. Bob just unwittingly violated regulations and exposed your organization to potential penalties.
If your advanced data access controls include geofencing, you'll be able to prevent incidents like Bob's from recurring. You can put up an electronic fence that makes it impossible for anyone to open certain files on devices that are located outside a specified geographic area. Let’s explore the advantages of including geofencing in your advanced data access controls.
Three More Use Cases for Geofencing
Here’s another scenario that illustrates the value of using geofencing. The U.S. Army requires multi-factor authentication (MFA) of all its personnel who access controlled information. But MFA generally involves cell phones, and Army personnel can’t carry them. To further complicate matters, they can’t install MFA software on their laptops because it’s not authorized. Installing any new application—even one that’s designed to increase security—involves a tremendous amount of red tape.
So, for any of its data that requires MFA, the Army is using geofencing as one form of authentication. Army personnel must be in a certain physical location to access that data. The fact that these locations are secure facilities qualifies this approach as layered security.
Consider also a situation in which an organization has multiple offices but only the employees at its headquarters need to access CUI. Rather than give employees from headquarters the flexibility to access CUI from any office—which may be great for their efficiency—the organization might make the strategic decision to include geofencing in its advanced data access controls and eliminate the chance that unauthorized employees at its other locations could access CUI.
An even more common example is for an organization to protect itself against the increasing number of bad actors around the world who are using IP spoofing and virtual private networks (VPNs) to disguise their locations as they seize controlled information. They can easily conceal a bug in a software update—often something as simple as a printer driver. Once that update is installed, it can spread from the client to other areas of the network, enabling the criminal to capture files and sell them on the global dark web. But with geofencing as part of your advanced data access controls, you can prevent these files from being opened anywhere but in the U.S. This is not to say that there are no hackers in the U.S., of course. But cybercrime is much easier to track—and prosecute—when it stays within our borders.
Incorporating Geofencing into Your Security Infrastructure
By now you may be wondering: how exactly does geofencing work as part of advanced data access controls? Believe it or not, if you’ve ever logged onto a proxy server or VPN so that you can watch Netflix shows that are airing in another country, then you’ll understand this concept.
When you log onto that proxy server, Netflix looks at your IP address, gets an idea of your region, says “close enough!”, and allows you to watch the show. But advanced data access controls such as Cocoon Data’s look at more than just an IP address. Cocoon Data also detects the high latency introduced by the world’s unlisted VPNs and proxy services. If the latency is too high in any connection, Cocoon Data will simply deny access to files. Longitude/Latitude triangulation with SSIDs and cellular radio information can also be used by Cocoon Data to validate location.
While the functionality is intricate, it’s easy to use. Watch this video to see how you can set location boundaries in just a few easy steps using Cocoon Data’s file sharing solution.
This is the level of protection your business deserves, and we would love to talk with you about how to use Cocoon Data’s geofencing technology to enhance your security.