How to find the right tool for the specific requirement
As digitization progresses, which has experienced additional acceleration due to the effects of the pandemic, companies are feeling increasing pressure to migrate their data and work processes to the cloud. However, many of them, especially medium-sized companies, depend on their traditional on-premise constructs with their own servers on site. They fear for the security of their data and are afraid to give it into someone else’s hands.
In addition to medium-sized companies, it is above all highly regulated industries such as legal representation, consulting or finance that have concerns about the integrity and confidentiality of their data in the cloud. Because they are subject to particularly strict regulations. The requirements for data protection in these business areas go far beyond those of the GDPR. Public cloud services are simple and convenient for sharing files, but do not provide the required level of protection for every type of data and can even violate compliance policies. So do lawyers, consultants or financial service providers have to forego the advantages of the cloud in order not to get into legal uncertainty?
Data rooms offer an audit-proof alternative for sensitive data
In order to make the user experience as intuitive as possible for everyone, web services (SaaS) are usually preconfigured with the necessary minimum of security barriers. For the private application, most users often see this as sufficient.
However, the situation is different when working with digital documents in a professional context. Anyone who sends or processes particularly sensitive data – such as personal data or company secrets-may have to comply with further requirements:
- Is there an internal classification policy for data?
- Is there a personal reference?
- Is it necessary to ensure that documents can only be received by a certain circle of people?
- Is there a need for further dissemination protection? For example, can documents only be viewed but not edited?
- Do accesses have to be logged meticulously and audit-proof?
Depending on the need, file sharing services are not sufficient here. The situation is different with virtual project and data rooms. These not only offer necessary functions such as access restrictions, distribution protection and protocols, but also the level of security that makes secure content collaboration – i.e. the secure exchange and sharing of sensitive documents – possible. This is important in order to be able to meet legal data protection requirements and also to meet strict and often industry-specific compliance requirements.
Privacy thanks to Confidential Computing
The necessary level of protection in the virtual data room is best achieved with a confidential computing approach. This special technology enables companies to store and transfer their data in encrypted form and to process it in a sealed manner. This is ensured by a special security architecture with reduced interfaces and several interlinked technical protection measures. Neither outsiders nor the cloud operator have access to the data rooms secured in this way. The data room customer alone holds the key to the data. The advantages of confidential computing can reliably prevent unauthorized access by third parties( including the provider) and thus comply with even the strictest data protection regulations. In addition, this technology also reliably protects metadata.
“Many representatives of particularly tightly regulated industries, such as lawyers or financial service providers, should be concerned with more than just demonstrably not breaking the GDPR bar and avoiding possible horrendous fines.”says Jörg Horn, Chief Product Officer of TÜV SÜD’s Munich subsidiary uniscon. “They want to offer their clients the best possible data protection without having to renounce the advantages of digital cooperation.“
File sharing services from the public cloud and highly secure data rooms fulfill their specific roles for the respective application and will continue to coexist next to each other in the future. Before migrating your data to the cloud, users – and especially companies – should carefully consider which solution is right for them. Public cloud services can continue to be used for the digital exchange of non-critical data. However, personal data and company secrets receive the necessary protection only in highly secure data rooms, which put a stop to any unauthorized third-party access and the misuse of privileges through confidential computing.