Effective data protection with DRACOON

Do you want to store and transfer your files easily, quickly and above all securely?
Then register now and get started right away! 

Completely free of charge
and unlimited term
For 10 users including
10 GB secure storage space
Store and send large files GDPR-compliantly - 
over 400,000 business users already trust in DRACOON

Data Protection in the cloud
What companies need to take into account

From a data protection perspective, the use of cloud services entails certain risks. Storing data on internet-based storage media with an external service provider requires compliance with special conditions and data protection regulations. With cloud computing, companies no longer store their applications and data in their own data center, but rather with a commissioned provider whose services can be accessed via the public Internet. This saves companies the acquisition and administration of their own hardware and software, and there is no need to operate their own IT infrastructures. Costs can be reduced but risks for data protection and data security can arise. The reason for this is that the shared IT components in the cloud are in principle accessible by anyone over the Internet and are only protected by an access procedure (username and password as well as encryption techniques).

Furthermore, safety gaps can enable unauthorized access to company data. Under the right circumstances, all these vulnerabilities can lead to the following problems:·      

  • Unlawful access to the data by the cloud provider himself, by investigating authorities and the secret service, as well as unauthorized third parties·     
  • Manipulation or loss of data
  • Identity theft through misuse of access codes

Technical data security

When using cloud services, several parties are contractually linked, which each have an impact on privacy-related aspects. Therefore, not only relationship between the cloud provider and cloud-user is formed but also between cloud user and his business partners and clients. Their privacy rights are also affected.

In principal, data protection regulations can only be met, if the cloud provider can offer a certain degree of technical data security. This is determined by the hardware and software of the service provider. That is why encryption technologies for data and access points, authentication methods and also firewall components are being used. In addition, organizational security regulates the security of physical access to the IT components of the cloud provider.


Requirements for cloud providers

Next to supplying the technical requirements for data security, the cloud provider also needs to adhere to the legal date protection regulations. Within the EU, these are regulated by the GDPR. Here, one legal fact is very important. In cloud computing, the cloud user as a company is responsible for data security in relation to its customers.

Details of contract data processing are contractually regulated between the cloud provider and cloud user. The cloud user should make sure that the compliance with contractually agreed requirements is guaranteed, for example with data protection certifications. The cloud customer stays the owner of his data. However, for some cloud services this is no self-evident fact.


Characteristics of cloud providers abroad

If, for example, a company stores its client data with a cloud provider e.g. in the US, data protection regulations may be violated. US-American cloud providers are legally obliged to hand over client data to American authorities upon request. In these cases, the EU-GDPR is not effective anymore and additional agreements have to be reached with the provider. Thus, cloud providers in the US need to ensure that the legal requirements of the EU-US-Privacy-Shields are met. In this privacy policy, the US government agrees to comply with local privacy standards when exchanging data with Europe. Whether this prevents data from being handed to US-authorities is questionable. In any case, it is advisable to fall back on European cloud providers that operate their computer centres within the EU.

As a German solution DRACOON offers maximum flexibility – and at the same time a 100% GDPR-compliant solution. Thus, users regain their sovereignty over their data. The product was developed according to the principle “Privacy by Design”. This means that data security and data protection were already taken into account during the development of the software. Various certificates and seals such as ISO27001, EuroPriSe and the BSI C5 certificate also attest to the high level of security.

The following topics should also be considered for adequate data protection.

Data protection thanks to IT security

The primary aim of IT security is to protect against threats designed to avert economic damage.

IT security can hardly be guaranteed by the IT department of a company alone. For this reason, more and more services are being outsourced to the cloud. This has the advantage that providers of cloud services specialize in IT security. DRACOON is an expert in the field of cloud security and deals with how IT security in the cloud can be further improved and how users can regain sovereignty over their data on a daily basis.

More about IT security

Encryption to protect data

Data encryption and transport is a subsector of data security. It encompasses the encryption of files and messages.

Another central aspect, especially for the use of cloud technologies, is end-to-end encryption. Here, the sender of a message or file initiates the encryption which is upheld during all stages of data transmission and only lifted after delivery.

DRACOON uses various encryption technologies, which are briefly explained below.

More about encryption

Special case due diligence - Increased data protection requirements

Virtual data rooms offer the possibility to provide company data within the scope of due diligence. This places increased demands on data protection. A company that is up for sale provides comprehensive document management that enables prospective buyers and potential investors to gain insight into all relevant company data and work on joint documents as required.

These mostly cloud-based data rooms must be protected by special measures, e.g. user authentication in multiple stages to prevent unauthorized access to company data.

More about due diligence

Data protection through IT security concepts

IT security concepts have determined our digital working environment not only since the EU General Data Protection Regulation came into force. They have a decisive influence on the IT infrastructure and data protection.

End-to-end encryption plays just as important a role as modern access control mechanisms, which ensure that internal and external employees only "see" the data they are allowed to see and need for their work.

More about IT security concepts

GDPR-compliant email encryption via
an Outlook Add-In

"I'll email you the contract." - Everyone has probably heard this sentence before. Because the email is still the most popular way to exchange information and files.

However, hardly anyone is aware that all information is sent in plain text.This is particularly devastating in the business environment, as emails and email attachments can be intercepted with relatively little effort. Many companies are therefore looking for a solution to send sensitive files securely and GDPR-compliantly via email.

More about email encryption

Ransonware protection

Ransomware is a malicious program that encrypts data and systems, rendering them unusable. Ransomware blocks the infected systems and computers until the required "ransom" is paid. An entire company can thus be paralysed by the error of a single user. With DRACOON you will not lose a single file.

More about ransomware protection