We explore the hosting, privacy and security risks for business associated with using mass market cloud storage providers, and how our DoxShare Data Room solution addresses these
Despite many organisations, particularly law firms and corporate service providers, viewing compliance, data security, auditability and information control as crucial regulatory aspects of their business, many are simply not aware of the security implications of many common cloud solutions.
To address these issues, local software development company, PDMS has launched their DoxShare Data Room (www.doxshare.com) solution for law firms and Corporate Service Providers on the Isle of Man. Designed for business users storing and sharing sensitive commercial information, DoxShare can mitigate against these issues, delivering exceptionally high levels of security and privacy for your data over and above what many of the mass market document sharing solutions can deliver.
DoxShare Data Room is already in use by a number of prominent businesses within the Isle of Man in sectors including corporate services, banking, shipping and maritime, as well as in the legal sector in Scotland.
- Sharing documents via email
Throughout the past few years we’ve spoken to a whole host of companies, especially lawyers, accountants and financial service providers who state that compliance is key for their business. However, what we’ve discovered is that many of these same companies are using email as a means of transferring contracts and other sensitive documents to clients, which could be intercepted and shared by pretty much anyone.
- The threat of public links
The under exposed issue of users of mass market solutions sharing files through share links has also highlighted further vulnerabilities to these systems. Using public ‘share links’, users can disclose access to data to someone that doesn’t even have an account with that provider, meaning key business documents could easily be leaked to, and intercepted, by third parties without your knowledge or any traceability of who has seen what, when and where.
- Where is your data stored?
Another key issue with some cloud providers is that they store your data and key company information on US servers, which could fall prey to the USA Patriot Act. This Act allows US law enforcement and national security agencies completely unrestricted access to any of your data, anywhere, anytime – regardless of whether your company’s location is outside of the US. So if you are a UK company with your data stored on US servers, you can be requested for any and all of your data.
This is why we provide a Data Location Guarantee. DoxShare Data Room only uses our own servers within partner data centres that are located in the Isle of Man, so we can always guarantee exactly where your data is.
- Ownership and privacy
You would have thought that any data you put into your cloud solution is yours, right? Wrong. It only takes a quick look at Google’s terms of service as an example to realise what’s really going on with some providers: “When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights that you grant in this licence are for the limited purpose of operating, promoting and improving our Services, and to develop new ones. This licence continues even if you stop using our Services” (Google, April 2014).
In addition to the ownership issue, such provider’s clauses also reserve the right to modify their terms and conditions at any time, and inform you simply by posting it on their blog, which could leave your organisation having to completely change cloud storage provisions if new terms dictated are not accepted by your organisation.
- Service Level Agreements
Can you be sure that in the event of a power outage, network surge, cyber-attack or other disasters, your data will be protected and available 24/7 from your service provider? The absence of a strong, personalised service level agreement with large cloud storage solution providers could easily cause your business really big contingency problems.
The absence of key requirements like access control and auditability poses a real threat of internal security breaches and malicious incidents. DoxShare incorporates full access control – so business can choose what documents to share with who, controlling who can see, change, edit or manage documents. Businesses can even check who has downloaded individual documents, significantly facilitating compliance. With full revision history attributable to individual users, the accountability of your businesses’ sensitive information is always guaranteed.
When looking for your next cloud storage or data room provider, why not have a chat with us about how we could improve the data security and compliance of your organisation? Get in touch via our website at www.doxshare.com or via [email protected]!