Coalfire centralizes content for simplified, stronger security

As a company that helps other organizations avoid cyber threats and decrease data risk, Coalfire can’t take any chances with its own or its customers’ information. Some of its customers are very high profile in industries regularly scrutinized for compliance adherence —  technology organizations like GoDaddy, manufacturing conglomerates like 3M, finance companies like Sunwest and respected legal organizations like LexisNexis.


Given the profiles of its customers and the service it provides, Coalfire must ensure customers remain compliant and keep sensitive information secure when working with the company. For Robert L. Flores, Vice President of Information Technology Services for Coalfire, decisions around information governance and security are paramount. Flores looks for information-management solutions that make things simpler and thus easier to control.


Enhanced governance for sensitive content

Before Flores came on board, there wasn't a cohesive strategy around information management. Coalfire had been using a combination of SharePoint and network drives to store most information, and there was no uniform way to manage assets.


With 12 offices in the U.S. and one in the U.K., it was time to consolidate and start bringing all of Coalfire's data onto one content platform. Flores considered Office 365 and G Suite, then finally turned to Box.  “Box was a common denominator for all of the other platforms,” he explains. “It could direct to a common source behind the scenes, so users didn’t have to change their behavior on the front end.”

Enhanced governance for sensitive content

Adopting Box as a content platform is just one of the first of three steps Flores envisions. The next step involves partnering with Coalfire's CISO to create a governance strategy, from both an operational perspective and a technology perspective. Implementing Box Governance gives Coalfire enhanced protection for sensitive content; it's now easier to strictly manage sensitive customer assets and information.


Flores is also using the guardrails of Box Governance internally to discover archives of data that need retention or security policies. With Box Governance, he’s creating retention rules and using Box to more deeply understand what the company has in its archives, and what’s at risk.


"Usable, highly secure and manageable. We couldn't have asked for a more perfect solution for governance."

— Robert L. Flores, Vice President of Information Technology Services, Coalfire


A simplified security environment with deep control of privacy

The third step of content security for Flores is to institute Box KeySafe. Coalfire company policy requires all digital content to be secured in Box with self-managed ownership of encryption keys for peace of mind.


But, content security can't disrupt the way people work. By leveraging Box KeySafe's hardware security model to store and protect encryption keys, Coalfire gains complete independent control over encryption keys without impacting user experience. The company is able to control its encryption on site, abiding by the specific compliance rules it's beholden to, without creating friction for users. This has been a key selling point for sales representatives, because the encryption-key aspect of security is paramount for prospective clients.


For Flores, too, an absolute control over encryption is critical: “Not only does encryption have to be wrapped in security, it must have a kill switch.” The features that drew Flores to KeySafe include the capability for an administrator to log in and see detailed records of how keys are being used, and to control a safety switch.


With all content now on Box, KeySafe adds to Flores’ goals of simplifying the security environment.


"Managing our own encryption keys was absolutely table stakes when it came to any platform we chose."

— Robert L. Flores, Vice President of Information Technology Services, Coalfire


As a security expert, Coalfire's approach to collaboration, governance and security involves deep scrutiny of any technology partner. Teaming up with Box to store and govern content, plus layer encryption over that effort, allows the technology company to stay at the forefront of digital security without getting bogged down in the details.