Kiteworks
Kiteworks comprehensive platform facilitates secure file sharing and collaboration within organisations. Offering features such as document management, secure file transfer, real-time collaboration, workflow automation, SFTP, Enhanced DRM and compliance tools. Users can access, share, and collaborate on files securely across devices, enhancing productivity while ensuring data security and compliance.
Features
- Transfer content via multiple channels with FIPS140-2 certified encryption standards.
- Next Gen Digital Rights Management with SafeView and SafeEdit.
- NIST-CSF content-based risk policies, manage cyber-risk from exposed sensitive content.
- Secure managed file transfer, streamlined workflows, automating manual tasks.
- Integration with AV, DLP, CDR and ATP
- Extensive Audit Trail for meeting GRC needs
- Rest API’s and integration framework, quickly develop apps and integrations.
- Data Sovereignty, Geofencing and IP-Restrictions, controls based on Geography, IP.
- Virtual Data rooms, expedite secure collaboration with external parties.
- Regular security updates and Compliance certifications inc ISO27001, SOC2, CE+
Benefits
- Secure file sharing and collaboration regardless of file type/size
- Address third party supply chain risk with Kiteworks granular controls.
- Meet regulatory compliance providing audit trails, reporting tools, granular access-controls.
- Centralised content management: unified hub of organised collaboration and documents
- Cost saving by consolidating disparate solutions into a single platform.
- Integration with best of breed systems and applications
- Low maintenance including automated updates, Cloud hosting auto scalability.
- Zero trust security model with granular access controls
- Comprehensive immutable Audit and Logging for compliance monitoring.
- Mobile productivity, share files and collaborate on the go.
Pricing
£34 to £202 a user a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 9 0 3 4 8 8 3 9 0 0 1 7 0 8
Contact
Kiteworks Europe AG
Scott Chenery
Telephone: + 44-20-3398-6958
Email: sales.gcloud@kiteworks.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- No
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Kiteworks shall provide technical support by telephone, email, online portal seven (7) days per week, twenty-four (24) hours per day.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
All customers have a designated deployment manager to assist with on boarding. A support team is available 24/7, 7 days a week. Support is included in the service list price.
There is an option to pay extra for Premium technical support level . - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Free demo
Free Trial
Free deployment and configuration help
Free administrator train the trainer
Easy to access admin and user documentation if required - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Users control their data at all times. They simply delete/move their data. Kiteworks do not have access to customer data
- End-of-contract process
- No additional costs. At the end of the contract service ceases
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- All end user functionality works on mobile devices
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- The service interface is accessible via the internet. Admin and users login here to access their account
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
-
The Kiteworks RESTful Enterprise API is programming language agnostic and enables you to quickly develop apps that leverage the power of the Kiteworks platform. Developers can build custom apps tailored to specific industries, business use cases, and integrate them within an existing IT infrastructure. The APIs allow you to do an HTTPS GET, POST, DELETE or UPDATE.
Kiteworks Developer site displays all available resources with APIs and lets you explore the API with your own data. API Guides contain the series of guides that explain how to use Kiteworks API to perform many different types of functions.
All API documentation can be found here
https://developer.kiteworks.com/getting-started/introduction.htm - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Kiteworks can be customised
Scaling
- Independence of resources
-
Kiteworks offer multiple deployment types On-prem, Kiteworks cloud hosted (AWS), Customer cloud hosted (AWS,Azure), Hybrid, FedRamp.
All Kiteworks deployments scale from small to very large deployments.
– From single appliance to large multi-tier deployments
– Add servers at any tier as needed (Kiteworks Hosted customers dployments are scaled automatically)
– Unlimited horizontal scale on each tier
– Zero configuration load balancing at each tier.
Analytics
- Service usage metrics
- Yes
- Metrics types
- With Kiteworks all activity on the platform is tracked and logged in real time. This includes user, admin and system actions (send/receive emails, upload/download/view files, etc.). Metrics on storage and licensing are logged. The audit log can be sent to a SIEM via normalised syslog.
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Users can export their data multiple ways for example use of the desktop sync client, via Enterprise connect to other connected data sources.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- If Customer has elected to utilize Hosting Services from Kiteworks, then Kiteworks agrees that Hosting Services will be available 99.9% of the time, seven (7) days per week. Further details can be found here https://www.kiteworks.com/legal/hostingsla/
- Approach to resilience
-
For hosted Kiteworks systems via Amazon Web Services (AWS), please see the following FAQ: http://aws.amazon.com/s3/faqs/. Amazon provides highly secure and highly scalable infrastructure to some of the largest organisations. Kiteworks has partnered with AWS for hosted deployments of kiteworks because of resiliency and security of their products. For on-prem deployments, customers can solely own all aspects the system design, security and overall system lifecycle management.
Kiteworks offers high-availability in which the system operates continuously without failure for a long period of time.
Kiteworks provides the following three options for recovery and DR when a server is deleted or becomes unusable:
1 Single-server recovery with snapshots
2 Three-server, high-availability cluster with DR
3 Central replication of locations around the globe - Outage reporting
- Customer Dashboard and email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access to management interfaces and support channels are restricted by both procedural and technical enforced security including infrastructure restrictions and privileged access management software.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Authorised by Cadence - ANSI National Accreditation Board
- ISO/IEC 27001 accreditation date
- 20/10/2022
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- SOC2+HITRUST Type2
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- SOC2 Type2
- Information security policies and processes
- Kiteworks are ISO27001, SOC2 Type2 certified, with a mature ISMS comprised of relevant adhered-to policies & procedures by all staff. Kiteworks has formal (documented and implemented) information security policies and operating procedures. The Information Security Policy can be provided as part of the Kiteworks Security Documentation package to specific emails by our legal team.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All changes are controlled by the use of formal change control procedures. All systems within the SDLC follow a process of documentation, testing, quality control and managed implementation.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Kiteworks provide quarterly penetration tests, routine automated security. Kiteworks is also required to have independent, third party assessments for SOC2, ISO27001 and FedRAMP compliance. Customers may also perform penetration testing of their own systems.
Patches are released when needed and to close vulnerabilities. Kiteworks has a full assessment and remediation program. including validation, ranking, fix prioritisation
Response SLAs are based on CVSS scoring.
•Low Severity P3, 180 days
•Medium Severity P2, 90 days
•High Severity P1, 30 days
•Critical Severity P0, 7 days
Customers are promptly notified of security warnings, recommendations, resolution of security vulnerabilities, the release of security patches. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Kiteworks uses tools to monitor the production environment. When an alert meets a specific threshold a ticket is created and alert sent to authorised personnel. In addition an external penetration test is carried out annually, findings reviewed by senior management with high risk findings documented and tracked to resolution.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- In an event of security incident, evidence is properly collected and maintained. There is an established incident management response plan. This is required as part of Kiteworks SOC2 compliance.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Equal opportunity
- Wellbeing
Equal opportunity
Kiteworks is an equal opportunity employer. We eagerly seek applicants of diverse background and hire without regard to race, color, gender identity, religion, national origin, ancestry, citizenship, physical abilities (or disability), age, sexual orientation, veteran status, or any other characteristic protected by law.
Interested in the details of our privacy policy? Read more here https://www.kiteworks.com/privacy-policy/.
In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification. Note: Our stewardship of the data of thousands of customers means that a criminal background check is required to join Kiteworks.Wellbeing
Kiteworks offers a number of wellbeing policies to employees, these include, but are not limited to, Mental wellbeing, counselling, Health programme.
Pricing
- Price
- £34 to £202 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Kiteworks Free trial includes all functionality of the Private Content Network for 30 days