Kiteworks & Concentric AI partner on data security

Kiteworks has entered a strategic partnership with Concentric AI that links data discovery and classification with automated controls on external data sharing.

The agreement brings together Concentric AI’s data security governance products and Kiteworks’ Private Data Network. The companies target organisations that move sensitive information across email, managed file transfer, SFTP, web forms, file sharing tools and APIs.

The joint approach focuses on data in motion. It extends Concentric AI’s data-at-rest and application-focused protection into Kiteworks’ environment for exchanging files and messages with external parties.

Concentric AI’s Semantic Intelligence platform uses AI to discover, classify, monitor and remediate sensitive data in cloud and on-premises systems. It covers data at rest, data in motion and data used in a range of generative AI applications.

Kiteworks’ Private Data Network consolidates and controls traffic that involves private data entering or leaving an organisation. It provides centralised policy enforcement across channels such as file transfer, email and APIs.

Under the partnership, Kiteworks consumes Microsoft Information Protection labels that the Concentric AI platform applies to data. Administrators can map those labels to policies inside Kiteworks that then trigger automatically when data is shared externally.

The rules can restrict whether a recipient may copy or download content. They can also limit how long external users retain access. These controls apply consistently across the Kiteworks environment.

David Byrnes, VP of Global Channels at Kiteworks, said many organisations now invest in data security posture management tools.

“Organisations invest in DSPM to understand their sensitive data, but protecting this data requires comprehensive security data governance,” said David Byrnes, VP of Global Channels, Kiteworks. “Kiteworks transforms Concentric AI data risk insights into automated protection that follows data wherever it travels. Together with Concentric AI, we're helping customers achieve continuous data protection. From discovery through secure external collaboration.”

Concentric AI positions its service as a way to interpret how data is used and shared, and then adjust security controls accordingly.

“Enterprises struggle not just with discovering sensitive data, but also with maintaining control when that data needs to be shared with partners, customers, or vendors,” said Jain. “Our end-to-end data security governance capabilities combined with Kiteworks' automated enforcement capabilities help ensure that data classifications drive real-world protection.”

The partnership links Concentric AI’s context-driven classification with specific enforcement steps in Kiteworks. When Concentric AI labels a document as “Confidential” or assigns a compliance tag such as “HIPAA” or “GDPR”, Kiteworks can apply predefined controls at the point of sharing.

These controls can include encryption, access restrictions, watermarking or possessionless editing. The rules activate automatically when labelled content moves outside the organisation through the Kiteworks platform.

The companies state that this removes the need for many manual checks and interventions. It also generates complete audit trails on who accessed what information and when.

The audit records support internal reviews and external regulatory inspections. They also provide evidence for security investigations after a suspected incident.

Kiteworks and Concentric AI plan joint engagement with customers through field events, enablement programmes and industry-focused initiatives. The activity will target heavily regulated sectors such as healthcare, financial services, energy and government.

The companies say their combined offerings map to frameworks including HIPAA, GDPR, CMMC and NIST 800-53. Organisations can align classification schemes and technical controls with specific regulatory requirements for handling personal and confidential data.

Kiteworks states that its Private Data Network is in use at enterprises and government agencies worldwide. Concentric AI says its technology is in use across cloud environments and on-premises systems, and within a range of generative AI tools.

Both firms base their strategy on the idea that data security needs coordinated governance and enforcement across channels and infrastructure types. They argue that classification alone is not sufficient without binding controls at the point of data exchange.

The partners intend to expand their collaboration through more joint initiatives in regulated industries and through further integration of their products. They also plan continued alignment with emerging security and privacy standards.