Safe passage: Case study
Pasona N A provides human resources services for companies of all sizes.
The services provided by New York-based HR firm Pasona N A are data- and collaboration-intensive. During the course of doing business, its operations manage thousands of files containing sensitive and regulated data. This was enough to motivate its security team to enhance security capabilities so as to protect its shared files from unauthorized access. Also, like many other companies, it wished to enhance the security of files traversing outside its network.
Pasona N A has more than 100 employees and provides human resources services – such as temporary staffing and recruiting, as well as accounting, payroll and benefit administration – for companies of all sizes. Its headquarters are located in New York and it has 10 offices throughout the United States – in New York, California, Georgia, Texas, Illinois and Michigan. But its reach extends beyond North America with thousands of customers, temporary employees and job applicants and nearly 8,000 employees worldwide.
The information that Pasona N A processes often contains financial records, business analytics and personal identifiable information (PII) which may include email, bank accounts and Social Security numbers, says Sayaka Doi, director of professional services, Pasona N A. “We wanted to make sure our staff around the world could secure files being accessed internally and shared with customers and candidates.”
As director of professional services, it is Doi's responsibility to not only ensure Pasona N A's systems are appropriate and available, but also that they are secure. She wanted to see if she could enhance security capabilities for file collaboration – which represents a good part of the company's business. But she wanted to achieve this in a way that would be cost-effective and also have broad application.
She and her team looked into cloud-based file-sharing products and also approaches that applied encryption based on password protection. “We felt that the security controls outside the service were not strong or flexible enough,” she says. She found that cloud file-sharing products were very useful, but still did not offer data protection outside their application, so an authorized end-user receiving a file would have the ability to share the file with others and that file could not be tracked. “As a result, we could still have an exposure of sensitive information.”