Kiteworks Europe AG

Kiteworks

Kiteworks comprehensive platform facilitates secure file sharing and collaboration within organisations. Offering features such as document management, secure file transfer, real-time collaboration, workflow automation, SFTP, Enhanced DRM and compliance tools. Users can access, share, and collaborate on files securely across devices, enhancing productivity while ensuring data security and compliance.

Features

Transfer content via multiple channels with FIPS140-2 certified encryption standards.
Next Gen Digital Rights Management with SafeView and SafeEdit.
NIST-CSF content-based risk policies, manage cyber-risk from exposed sensitive content.
Secure managed file transfer, streamlined workflows, automating manual tasks.
Integration with AV, DLP, CDR and ATP
Extensive Audit Trail for meeting GRC needs
Rest API’s and integration framework, quickly develop apps and integrations.
Data Sovereignty, Geofencing and IP-Restrictions, controls based on Geography, IP.
Virtual Data rooms, expedite secure collaboration with external parties.
Regular security updates and Compliance certifications inc ISO27001, SOC2, CE+

Benefits

Secure file sharing and collaboration regardless of file type/size
Address third party supply chain risk with Kiteworks granular controls.
Meet regulatory compliance providing audit trails, reporting tools, granular access-controls.
Centralised content management: unified hub of organised collaboration and documents
Cost saving by consolidating disparate solutions into a single platform.
Integration with best of breed systems and applications
Low maintenance including automated updates, Cloud hosting auto scalability.
Zero trust security model with granular access controls
Comprehensive immutable Audit and Logging for compliance monitoring.
Mobile productivity, share files and collaborate on the go.

£34 to £202 a user a year

Education pricing available
Free trial available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales.gcloud@kiteworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

Kiteworks Europe AG Scott Chenery
Telephone: + 44-20-3398-6958
Email: sales.gcloud@kiteworks.com

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud

Private cloud

Hybrid cloud
Service constraints: No
System requirements: None

User support

Email or online ticketing support: Email or online ticketing
Support response times: Kiteworks shall provide technical support by telephone, email, online portal seven (7) days per week, twenty-four (24) hours per day.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: All customers have a designated deployment manager to assist with on boarding. A support team is available 24/7, 7 days a week. Support is included in the service list price.

There is an option to pay extra for Premium technical support level .
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Free demo
Free Trial
Free deployment and configuration help
Free administrator train the trainer
Easy to access admin and user documentation if required
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Users control their data at all times. They simply delete/move their data. Kiteworks do not have access to customer data
End-of-contract process: No additional costs. At the end of the contract service ceases

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: All end user functionality works on mobile devices
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: The service interface is accessible via the internet. Admin and users login here to access their account
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: N/A
API: Yes
What users can and can't do using the API: The Kiteworks RESTful Enterprise API is programming language agnostic and enables you to quickly develop apps that leverage the power of the Kiteworks platform. Developers can build custom apps tailored to specific industries, business use cases, and integrate them within an existing IT infrastructure. The APIs allow you to do an HTTPS GET, POST, DELETE or UPDATE.

Kiteworks Developer site displays all available resources with APIs and lets you explore the API with your own data. API Guides contain the series of guides that explain how to use Kiteworks API to perform many different types of functions.

All API documentation can be found here
https://developer.kiteworks.com/getting-started/introduction.htm
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: Kiteworks can be customised

Scaling

Independence of resources: Kiteworks offer multiple deployment types On-prem, Kiteworks cloud hosted (AWS), Customer cloud hosted (AWS,Azure), Hybrid, FedRamp.

All Kiteworks deployments scale from small to very large deployments.
– From single appliance to large multi-tier deployments
– Add servers at any tier as needed (Kiteworks Hosted customers dployments are scaled automatically)
– Unlimited horizontal scale on each tier
– Zero configuration load balancing at each tier.

Analytics

Service usage metrics: Yes
Metrics types: With Kiteworks all activity on the platform is tracked and logged in real time. This includes user, admin and system actions (send/receive emails, upload/download/view files, etc.). Metrics on storage and licensing are logged. The audit log can be sent to a SIEM via normalised syslog.
Reporting types: Real-time dashboards

Regular reports

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: Users can export their data multiple ways for example use of the desktop sync client, via Enterprise connect to other connected data sources.
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: If Customer has elected to utilize Hosting Services from Kiteworks, then Kiteworks agrees that Hosting Services will be available 99.9% of the time, seven (7) days per week. Further details can be found here https://www.kiteworks.com/legal/hostingsla/
Approach to resilience: For hosted Kiteworks systems via Amazon Web Services (AWS), please see the following FAQ: http://aws.amazon.com/s3/faqs/. Amazon provides highly secure and highly scalable infrastructure to some of the largest organisations. Kiteworks has partnered with AWS for hosted deployments of kiteworks because of resiliency and security of their products. For on-prem deployments, customers can solely own all aspects the system design, security and overall system lifecycle management.

Kiteworks offers high-availability in which the system operates continuously without failure for a long period of time.
Kiteworks provides the following three options for recovery and DR when a server is deleted or becomes unusable:
1 Single-server recovery with snapshots
2 Three-server, high-availability cluster with DR
3 Central replication of locations around the globe
Outage reporting: Customer Dashboard and email alerts

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Access to management interfaces and support channels are restricted by both procedural and technical enforced security including infrastructure restrictions and privileged access management software.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Authorised by Cadence - ANSI National Accreditation Board
ISO/IEC 27001 accreditation date: 20/10/2022
What the ISO/IEC 27001 doesn’t cover: N/A
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: SOC2+HITRUST Type2

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: SOC2 Type2
Information security policies and processes: Kiteworks are ISO27001, SOC2 Type2 certified, with a mature ISMS comprised of relevant adhered-to policies & procedures by all staff. Kiteworks has formal (documented and implemented) information security policies and operating procedures. The Information Security Policy can be provided as part of the Kiteworks Security Documentation package to specific emails by our legal team.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: All changes are controlled by the use of formal change control procedures. All systems within the SDLC follow a process of documentation, testing, quality control and managed implementation.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Kiteworks provide quarterly penetration tests, routine automated security. Kiteworks is also required to have independent, third party assessments for SOC2, ISO27001 and FedRAMP compliance. Customers may also perform penetration testing of their own systems.

Patches are released when needed and to close vulnerabilities. Kiteworks has a full assessment and remediation program. including validation, ranking, fix prioritisation
Response SLAs are based on CVSS scoring.
•Low Severity P3, 180 days
•Medium Severity P2, 90 days
•High Severity P1, 30 days
•Critical Severity P0, 7 days
Customers are promptly notified of security warnings, recommendations, resolution of security vulnerabilities, the release of security patches.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Kiteworks uses tools to monitor the production environment. When an alert meets a specific threshold a ticket is created and alert sent to authorised personnel. In addition an external penetration test is carried out annually, findings reviewed by senior management with high risk findings documented and tracked to resolution.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: In an event of security incident, evidence is properly collected and maintained. There is an established incident management response plan. This is required as part of Kiteworks SOC2 compliance.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Pricing

Price: £34 to £202 a user a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: Kiteworks Free trial includes all functionality of the Private Content Network for 30 days

Service documents

Request an accessible format

Cookies on Digital Marketplace

Kiteworks

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents