Cloud-based App - RASP/Shielding

Boards of Directors Rely on Application Shielding to Protect Sensitive Docs and Communications in the Cloud

The Client

Few documents in organizations are as sensitive as those shared by members of the Boards of Directors. At a minimum, cybersecurity breaches of these essential materials can embarrass an organization. At worst, they can sink the entire operation with the legal and financial fallout that can last years.

However, with end-users the world over moving more of their private- and work-related activity to mobile devices, such documents are more vulnerable than ever before. After much market research, the client found Application Shielding and RASP security (Runtime Application Self-Protection) to be the most effective protection against malware intrusions that get past network and operating system defences.

The client provides a cloud-based portal permitting board members and other company stakeholders to share, develop and maintain critical documentation pertinent to the governance of an organization. The application also enables Boards to plan their schedules for the entire year, prepare digital agendas, book and prepare meetings, and sign meeting minutes.

The Cyber Security Issue

The client’s application is self-contained. It is a virtual environment that enables the creation of new documents, development and maintenance of current documents, and archiving of materials. The enclosed system also permits communications between authorized users. Participants can send text messages to one another, annotate documents, make comments, vote on motions and sign documents electronically.

However, in the instance participants use mobile devices, they may use the device for private as well as corporate business. Centralized cybersecurity measures have their limitations, and the Bring-Your-Own-Device (BYOD) approach presents substantial challenges to corporate IT departments. For one, BYOD devices exist outside corporate firewalls; also, users may chafe at frequent, automatic security updates, especially if they hamper the personal use of their devices.

The probability is high that any cyber intrusion into corporate applications through BYOD devices occurs through the private use of the device. The links in phishing emails and text messages may lead to malicious websites and files that drop destructive payloads.

Some of these payloads are meant to spy on any and all activity on the device. Other malware may be intended to rewrite software to suit hacker objectives. Additionally, some Malware will completely take over operation of a device. Cybercriminals can then download any of the many sensitive documents and communications board members believe to be securely stored.

Promon SHIELD™ resolves client concerns

The client felt the data managed by its software would be most effectively protected at the application level. It found Promon SHIELD™ to be the appropriate answer to its requirements. Promon SHIELD™ offers an Inside-Out approach to cyber security on mobile and desktop devices called Application Shielding/Runtime Application Self-Protection (RASP). As the name suggests, Promon’s approach provides apps with the tools to proactively and intelligently protect themselves.

Promon SHIELD™ hosts a wide range of security features, some of which were of particular use for protecting the client’s IP and the sensitive board data residing on devices. Promon’s active protection technology is also preventing competitors from reusing or piracy of this unique technology while preventing malware authors from exploiting flaws in their technology.

Another reason the client chose Promon SHIELD™ over other solutions was that Promon SHIELD™ is “lightweight”, with minimal impact on the software development process and on final runtime performance.

With the help of Promon security engineers, the client developed a risk profile for its application and the data it supported. Within a short time, the clients’ developers integrated and configured SHIELD™ in the company’s app.

Promon continued to work closely with the client to update the app’s risk profile and to ensure Boards of Directors all over the world could work together in a secure and uncompromised way.