In today’s enterprises, professionals expect to have access to the best of the consumer tools they use in their personal lives. These include social networks, simple file sharing tools and cloud storage – all accessible on their mobile devices. However, in order to translate these functionalities to the enterprise, business application providers need to establish a balance between an intuitive user experience and enterprise grade security.
In recent years we have seen a rise in the number of enterprise cloud collaboration tools available on the market. Over the course of this development, privacy and data security has been of paramount concern. The problem is that even the enterprise vendors differ in their views of what is considered ‘secure’, and depending on the sensitivity of the data being hosted, different vendors might be suitable for different clients.
At the very basic level, the vendor should offer the following as standard tools:
o ISO27001 certification (a rigorous international standard of information security).
o Reputable data-centres with state-of-the-art physical security and redundancy.
o Disaster recovery, separate data back-up and an infrastructure architecture that supports availability.
For highly regulated industries, vendors need to do more to meet the comfort levels expected by their clients. These include:
· Private cloud hosting
· Well developed access restrictions and secure information transmission
· Single-tenancy deployments (where the client would have their own instance of the code base and the individual database, thereby eliminating the risk of any potential cross-client data contamination)
· Annual penetration tests with clean reports available to all clients
· A guarantee the data will never leave the jurisdiction in which it is being hosted
The final point on the list, namely data sovereignty, is steadily growing in importance. In April 2014, a federal judge ordered Microsoft to release a customer’s information from its Dublin data centre. This incident demonstrated that in today’s world, it doesn’t matter whether the data is physically held outside of the United States if the hosting vendor itself is a US-registered company or has American staff managing the data. This has raised major concerns about data sovereignty for customers of cloud hosting providers across the world. In fact, the only way for non-US businesses to ensure the security of their data from the potential intrusion of the Patriot Act is to choose a cloud collaboration provider that is both based outside of the United States and hosts their data outside of the United States.
The issue of information security needs to be considered at many levels, and vendors need to ensure that they are able to protect their clients against logical, physical and jurisdictional threats.
By Ajay Patel, CEO, HighQ
About HighQ
HighQ was founded in 2001. Since then, it has worked hard to build an exceptional reputation for delivering leading-edge software to some of the world’s largest law firms, investment banks and corporations. HighQ a privately owned business that always strives to provide the best service possible to all of its clients.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.