From a data protection perspective, the use of cloud services entails certain risks. Storing data on internet-based storage media with an external service provider requires compliance with special conditions and data protection regulations. With cloud computing, companies no longer store their applications and data in their own data center, but rather with a commissioned provider whose services can be accessed via the public Internet. This saves companies the acquisition and administration of their own hardware and software, and there is no need to operate their own IT infrastructures. Costs can be reduced but risks for data protection and data security can arise. The reason for this is that the shared IT components in the cloud are in principle accessible by anyone over the Internet and are only protected by an access procedure (username and password as well as encryption techniques).
Furthermore, safety gaps can enable unauthorized access to company data. Under the right circumstances, all these vulnerabilities can lead to the following problems:·
When using cloud services, several parties are contractually linked, which each have an impact on privacy-related aspects. Therefore, not only relationship between the cloud provider and cloud-user is formed but also between cloud user and his business partners and clients. Their privacy rights are also affected.
In principal, data protection regulations can only be met, if the cloud provider can offer a certain degree of technical data security. This is determined by the hardware and software of the service provider. That is why encryption technologies for data and access points, authentication methods and also firewall components are being used. In addition, organizational security regulates the security of physical access to the IT components of the cloud provider.
Next to supplying the technical requirements for data security, the cloud provider also needs to adhere to the legal date protection regulations. Within the EU, these are regulated by the GDPR. Here, one legal fact is very important. In cloud computing, the cloud user as a company is responsible for data security in relation to its customers.
Details of contract data processing are contractually regulated between the cloud provider and cloud user. The cloud user should make sure that the compliance with contractually agreed requirements is guaranteed, for example with data protection certifications. The cloud customer stays the owner of his data. However, for some cloud services this is no self-evident fact.
As a German solution DRACOON offers maximum flexibility – and at the same time a 100% GDPR-compliant solution. Thus, users regain their sovereignty over their data. The product was developed according to the principle “Privacy by Design”. This means that data security and data protection were already taken into account during the development of the software. Various certificates and seals such as ISO27001, EuroPriSe and the BSI C5 certificate also attest to the high level of security.
The following topics should also be considered for adequate data protection.
The primary aim of IT security is to protect against threats designed to avert economic damage.
IT security can hardly be guaranteed by the IT department of a company alone. For this reason, more and more services are being outsourced to the cloud. This has the advantage that providers of cloud services specialize in IT security. DRACOON is an expert in the field of cloud security and deals with how IT security in the cloud can be further improved and how users can regain sovereignty over their data on a daily basis.
Data encryption and transport is a subsector of data security. It encompasses the encryption of files and messages.
Another central aspect, especially for the use of cloud technologies, is end-to-end encryption. Here, the sender of a message or file initiates the encryption which is upheld during all stages of data transmission and only lifted after delivery.
DRACOON uses various encryption technologies, which are briefly explained below.
Virtual data rooms offer the possibility to provide company data within the scope of due diligence. This places increased demands on data protection. A company that is up for sale provides comprehensive document management that enables prospective buyers and potential investors to gain insight into all relevant company data and work on joint documents as required.
These mostly cloud-based data rooms must be protected by special measures, e.g. user authentication in multiple stages to prevent unauthorized access to company data.
IT security concepts have determined our digital working environment not only since the EU General Data Protection Regulation came into force. They have a decisive influence on the IT infrastructure and data protection.
End-to-end encryption plays just as important a role as modern access control mechanisms, which ensure that internal and external employees only "see" the data they are allowed to see and need for their work.
"I'll email you the contract." - Everyone has probably heard this sentence before. Because the email is still the most popular way to exchange information and files.
However, hardly anyone is aware that all information is sent in plain text.This is particularly devastating in the business environment, as emails and email attachments can be intercepted with relatively little effort. Many companies are therefore looking for a solution to send sensitive files securely and GDPR-compliantly via email.
Ransomware is a malicious program that encrypts data and systems, rendering them unusable. Ransomware blocks the infected systems and computers until the required "ransom" is paid. An entire company can thus be paralysed by the error of a single user. With DRACOON you will not lose a single file.