SlideShare a Scribd company logo

Secure dataroom whitepaper_protecting_confidential_documents

e.law International
e.law International
Technology
1 of 7
Download to read offline
secure dataroom leaders in data security White Paper - Protecting Confidential Documents in the Extended Enterprise Common Misconceptions and Best-Practice Strategies Executive Summary mistake to a fatal blow to your business. Increasingly, important business processes that Consider this recent real-life story: A new Silicon involve confidential documents are extending outside Valley start-up recently raised about $30 million the corporate boundaries. As important documents in three rounds of venture funding after receiving travel further from the corporate firewall, their a valuation of $150 million. Unfortunately, the protection becomes paramount. Data security company’s VP of sales mistakenly leaked the breaches are all too common; today’s business company’s 2007 sales spreadsheet, which showed climate demands a better way to collaborate without projected sales of just $1.34 million for the year. compromising sensitive information. Common In a matter of hours, screenshots of the start-up’s misconceptions about data security exacerbate embarrassingly low sales figures were available to the problem. A paradigm shift in how business anyone and everyone on the web. executives and IT view data security is needed. Perhaps this silicon darling wasn’t IT-savvy enough Documents can in fact be kept more secure through to have a bullet-proof data security strategy. But how best-practice, persistent document security strategies about this recent news item? High-tech giant HP had that provide end-to-end protection beyond the to release its 2007 second quarter forecast early after firewall. By deploying such a strategy, companies a copy of an e-mail containing the latest financial will be able to securely accelerate business and gain information slipped through the confines of the competitive advantage. corporate firewall. Introduction These two real-life stories illustrate all too clearly that It’s no secret: As today’s corporate borders ensuring confidentiality and control over business become more fluid and transparent, the risk of sensitive data is no easy task. Why? Because “the inadvertent or intentional security breaches of business of business” is moving faster than ever, and confidential information grows. Executives residing the technology needed to keep ever-more-widely in remote locations, increased electronic data dispersed documents secure just hasn’t kept up. penetration of imperfect firewalls, 24/7 availability, This white paper will discuss the enormous cost of web-enabled applications and virtual collaborative data breaches, the rising importance of data security, communities all contribute to an electronic and common misconceptions that exacerbate the document protection nightmare. Important people problem of protecting your company’s most important deal with important information every day and the and confidential information. It will look at traditional more important the document is, the more it wants IT approaches and reveal why they are inadequate to travel across corporate boundaries. At the same for today’s business culture. It will suggest a time, those well-travelled documents can cause paradigm shift in how companies view data security, the most damage if they fall into the wrong hands. and explore new technologies that meet the needs The impact can range from a mildly embarrassing of the new enterprise. elaw.com.au 1
secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies Confidential Documents in the Wrong Hands: What It Costs, Why It Matters case study: Confidential documents routinely fall into the wrong Corporate Boardroom hands in a variety of ways. Intentional data theft from either inside or outside the company is an all-too- challenge: frequent occurrence. Malicious intention is not always Sensitive documents were the culprit, however. Unintentional breaches happen repeatedly being leaked to the press as well, due to poor data security measures, human error, or both. The imperative of “getting the job done” by company insiders, causing compels individuals to forward business-sensitive disruption and badpress. information, whether or not airtight security measures are in place. Regardless, the costs associated with solution: data security breaches can be enormous. The board of directors at the bank deployed a secure virtual data room Hard Costs to lock down all sensitive documents Forrester Research recently estimated that a security intended for board members. breach can cost anywhere between $90 and $305 per record. That means that the cost of a single, significant The result? Leaks were stopped and breach may run into millions or even billions of dollars.1 documents stayed secure. The bank The research firm surveyed 28 companies that had then extended the use of secure recent data breaches. Hard costs cited included data rooms to other functional areas outside legal fees, notification costs, response costs, lost employee productivity, marketing and PR costs, that dealt routinely with confidential and discounted product offers. Other significant hard information, such as financial reporting, costs Forrester warned of that were not part of the strategy and acquisitions, top estimate included regulatory fines, restitution fees management, and human resources. and additional security and audit costs. Soft Costs There are significant non-quantifiable costs to a Protection of Confidential Documents: company whenever a data breach occurs, including More Critical Than Ever inadvertent disclosure of key assets, potential loss of customers, negative impact to the stock price, Today, more widely dispersed executives and shareholder lawsuits, unfavourable press, and more. employees are collaborating, accessing, and sharing These costs can be even more detrimental than hard important, sensitive corporate information beyond costs, given their implications, and can eventually run the brick-and-mortar walls of the company, driving into the tens of millions of dollars. the need to share confidential information securely. Business processes within an organisation that The Cost of Non-Compliance require safe sharing of highly sensitive information include executive level information sharing, finance, Today’s organisations are required to meet stringent human resources and research and development, corporate governance and compliance requirements, to name just a few. or pay a high price. Recent regulations such as Payment Card Industry (PCI), electronic access of Increasingly, these business processes extend across patient information (HIPAA), and the newly amended the corporate firewall to external partners, contractors, e.discovery rules (Rule 26 of the Federal Rules of Civil and other outside professionals who need access Procedure (FRCP) underscore the fact that airtight to confidential documents. For example, many data security is critical in today’s highly regulated contributors are involved in preparing documents business environment. Moreover, regulations such for executive board meetings and seamless as the Sarbanes-Oxley Act (SOX) now require a fully collaboration of remote team members must be documented information flow for critical corporate ensured. Distribution of information to members information, creating a need for tamper-proof and of an executive board is often costly and time persistent audit trails. consuming, and most of all, it is frequently insecure. elaw.com.au 1. Kark, Khalid; “Calculating The Cost of a Security Breach” (Forrester Research, April 2007) 2
secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies Leading industry analyst Gartner refers to groups Common Misconceptions about Data Security of individuals who collaborate together outside the corporate boundaries as “communities of trust.” Keeping data secure in today’s dispersed environment According to Gartner, there is a rapidly growing need is a much more daunting task than it was in the for ways to “meet the communications and security past. Part of the problem is the prevalence of needs for the ongoing sharing of sensitive data across commonly held ideas about data security that simply the Internet between multiple organisations.” 2 are not true. Below are three of the most common misconceptions that actually impede organisations Examples of collaboration-heavy business processes in the implementation of a truly secure solution: that transcend corporate firewalls are: boards of directors; mergers and acquisitions; business Misconception #1: partnerships; management consultants; outsourcing Data Security is IT’s Problem processes; joint ventures with competitors; real Most business executives want to know that estate management; and life science clinical trials. confidential documents are protected from data This trend will continue to grow as more and more breaches without having to worry about the collaboration occurs among dispersed individuals mechanism by which this is achieved. As a result, located around the globe. These processes need to data security is delegated to IT. But this “hands-off” be secure; additionally, they can’t be impeded by an approach can lead to a number of problems. unwieldy IT security infrastructure that slows down the job that needs to be done. First, IT departments are primarily concerned with security from an infrastructure perspective and are not necessarily as concerned about end-user experience. They may spend significant time and resources case study: devising an infrastructure solution that is cumbersome Mergers and Acquisitions for end users; for example, they may implement encrypted e-mail or encrypted hard disks. Or they challenge: may build a company-wide solution for every desktop, A law firm was heading the sale of a which is not necessary and can take years to develop large, well-known automotive company. and deploy. It’s like using an all-in-one wrench to fix a In the due diligence process, they needed specialised problem. to broadcast sensitive documents to a large IT-centric approaches to data security tend to take too number of potential bidders. The challenge long to deploy, focus primarily on internal employee was to distribute the data in such a way desktops, exclude external partners, and/or are too that recipients could not “keep” the data, unwieldy to allow ease of use. Or, on the other to track downloads and gauge interest extreme, an IT solution may not be good enough, and to follow up with more detailed and have its own security loopholes. documentation to qualified bidders only. In short, business executives need to find a way to The deal team at the firm wanted to self conduct confidential business that is efficient, includes manage the due diligence process rather outside approved participants, and meets stringent than rely on IT. security requirements without being at the mercy of cumbersome IT solutions. Because executives are solution: held accountable for data breaches, data security The firm deployed a secure deal room, must be a management concern. not just for the due diligence process but Misconception #2: for the entire lifecycle of the transaction. If it’s Behind the Firewall, it’s Safe This included initial strategy, gathering Highly confidential documents are in fact more all confidential information quietly, highly vulnerable behind the firewall than outside. Why? controlled due diligence, negotiation, Because there are so many individuals behind a closing, and post-merger integration. The company firewall who could gain inappropriate access. whole process was 100% secure, totally Perpetrators of data security breaches are often controlled, easy to use, and did not require disgruntled employees, “super users” with high any IT resources, thus expediting a major access permissions, or individuals who have left merger safely and successfully. the organisation or changed positions, but whose access privileges have not been updated. elaw.com.au 2. Heiser, Jay; “The $10 Billion Market for Communities of Trust” (Gartner, January 2007) 3
secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies The firewall does not take into account the selective- Misconception #3: ness and breadth of individuals in collaboration-heavy Traditional Security Measures business processes. Only a select few individuals should have access to sensitive documents. For this are Good Enough reason, file servers, document management systems, Business professionals who are tasked with and e-mail are vulnerable repositories for storing and important, deadline-driven projects are generally managing confidential documents. trusting that the security measures in place are enough to protect the documents they are working The best and safest solution is one that seamlessly with. However, as stated above, some IT security connects authorised users on both sides of the measures are not in fact bullet proof. It is dangerous firewall while preventing unauthorised access by to assume that any data security measure is better individuals both inside and outside your organisation. than nothing. The reality is that partial security equals essentially no security. For example, the practice of sending emails with case study: a disclaimer is widespread, and yet completely unsecure; the disclaimer does not in fact “protect” Research and Development the security of the data or email attachments from unauthorised access. It’s the equivalent to having a challenge: “This house is protected” home alarm sign on your front lawn, without the real alarm system installed A drug research firm needed a and functioning. way to share highly confidential Another example of partial security is encrypted emails, research information, including whose information and attachments are only truly clinical trial data on a new drug “safe” while encrypted. Once they are unencrypted at with a pharmaceutical firm the desktop, they are vulnerable. Hard-disk encryption interested in licensing the drug. also only solves part of the problem, because it only Protecting their Intellectual protects information “at rest”. Once documents are in transit, whether from one laptop to another or Property, while expediting the from one person to another, the information is process, was paramount. vulnerable, since the encryption does not travel with the document. solution: A New Paradigm This firm designated a secure These misconceptions illustrate the need for a major virtual data room as the central paradigm shift in the way businesses view data security. repository for all facets of the drug Traditional approaches to data security like firewalls review stage. They controlled all (perimeter security), encrypting data-at-rest (on the server) or in transit (encrypted e-mail) are insufficient. access to all documents, ensuring They assume that highly confidential business that IP information remained highly information remains in a tightly controlled, definable protected. Once the partner decided environment. That assumption is false. The reality is to license the drug, the firm this: Data must move. And it will find its way. Therefore, continued to utilise the data room data protection has to be attached to the document itself and it has to follow the document wherever it as a way to ensure secure project goes. This is known as persistent document security. collaboration with its new partner in The new paradigm sees important documents as safer a highly confidential manner. This when placed in a repository outside the firewall, a place approach allowed high productivity, that is highly secure, accessible anytime, anywhere by shortened the drug review and a select number of individuals and allows users to partnership process, and reduced control exactly what documents are viewed, accessed, the risk of exposing a drug initiative and updated. In this paradigm, documents are stored on a highly protected, encrypted server outside the with high earnings potential. firewall. Workflows are managed by authorised end users, rather than by IT, so that sensitive documents are shielded from internal or external IT personnel. elaw.com.au 4
secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies Documents can only be accessed via strong suitable for meeting this need. However, effective authentication methods that ensure only authorised solutions can be found in security technology that access. And access rights can be easily managed overlays the existing infrastructure, instead of being at a group level or down to an individual level. With dependent on it.” 3 these measures in place, documents outside the firewall become in fact more secure, because Enterprise Rights Management Software although they are accessed anywhere, anytime, Enterprise rights management software (ERM) offers a complete audit trail captures all activity and controls at the data level, so in essence, the security documents remain secure in the repository. “travels” with the document, from the server to the desktop. In this regard, enterprise rights management software enriches encryption to include access control and persistent protection. Recipients can view case study: or modify documents only as allowed. While ERM Fund Management software is an important step in the direction of end-to-end data security, such a system by itself often requires proprietary software on both the server and challenge: the desktop and can be a relatively expensive solution. A large financial services firm needed It also requires significant management overhead: Access privileges need to be assigned according to to ensure secure business processes each document. ERM software addresses the security and communications for an investment of moving documents better than does deploying only fund involving multiple interests, hard-disk and/or e-mail encryption, but it requires more including limited partners, investors, investment and more management overhead in order law firms, accountants and consultants. to execute. Also, by itself it does not allow “anywhere, anytime” access from any desktop, and therefore These groups needed to perform due impedes executives in remote locations from using diligence on potential acquisition various desktop platforms. targets and/or investments in the fund. The key to successful adoption of an ERM infra- structure within the extended enterprise, therefore, solution: is to deploy such software within an application The firm used a secure data room environment that enables users both inside and outside the enterprise to benefit from such an to organise the business processes infrastructure. needed for successful fund management. This involved A Different Approach: partitioning the data room into Secure Virtual Data Rooms separate areas for different parties Secure virtual data rooms (VDRs) are web-enabled applications that operate outside of the corporate and then controlling access to firewall, provide highly secure access and viewing information. This was accomplished controls at the data level (persistent security), but do with no deployment of additional not require proprietary server and client-side software. hardware or software and zero upfront VDRs are offered as a web-based service, and so training for all parties involved. require no IT infrastructure; however, they can also be integrated with an ERM infrastructure to provide even greater functionality. The most sophisticated VDRs offer the highest security standards, including two-factor authentication, encryption and tamper-proof audit trails. Extremely Best-Practice Data Security Strategies important features to look for are operator shielding, As important information moves farther and farther in which software and operating processes ensure from the physical boundaries of the IT infrastructure, that the VDR operator is not able to read customer the technology required to keep that information data and end-to-end security, in which documents secure becomes paramount. According to Gartner, can be access-controlled even after delivery to users’ “The traditional security mechanisms provided by the desktops. VDRs combine these security functions with operating system or network are just not communications and administration tools that allow elaw.com.au 3. Heiser, Jay (Ibid) 5
secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies the end user to easily set access rights, organise Business will go on, with or without the proper workflow, and ensure complete control over controls. Documents will move and the farther they everything that happens in the data room, from move from the corporate boundaries, the more beginning to end. imperative it becomes to keep them secure, A secure VDR provides a central repository for wherever they reside. Your most important confidential documents located outside the IT information cannot be vulnerable; the cost in real infrastructure. It gives business executives the control dollars, non-compliance and business risk is simply they want and need over highly sensitive documents, too high. You need to ensure that your most regardless of where documents “live,” in a way that important data is not only secure,but also easily facilitates business rather than hinders it. Some VDRs accessible by those individuals who need such offer additional features for specific applications, like access. Security can not be achieved at the expense voting mechanisms and acting-by proxy rules for of business acceleration. virtual board rooms. VDRs are device-agnostic, so any The technology implemented to ensure security authorised individual can enter the data room anytime, in this new era of business must change. What’s with any web-enabled device, wherever they are. needed is a paradigm shift in the way you think about data security. Putting confidential information outside Summary the firewall is actually safer and more expedient for Critical business processes involve highly confidential, all parties involved. Fortunately, there are solutions important documents that need to be safely accessed today that understand this new paradigm and anytime, anywhere. Poor security measures based are providing new ways to allow you to conduct on a “traditional” view of data security have lead to important business securely without being impeded high-profile, significant data breaches. by IT complexity. case study: case study: Global Project Management Supply Chain Security challenge: challenge: A global company needed to form an inter- A manufacturing company needed to national consortium of partners, customers, exchange plans, specifications and CAD and suppliers to collaborate on a major files with its partners in the supply chain. project. Of top concern was protection of The challenge? The partners in this project the IP of the consortium. This company had happened to be the company’s competitors to ensure that confidential information was in other areas of the business. It was not leaked to partners that had competitive imperative that the information stayed interests in other areas of their business. within the business unit of the partner company without travelling to divisions of solution: the company that had competing interests. A secure data room for this project was set up and managed by a neutral service solution: provider, so as to avoid conflict of interest. The company used a secure data room The data room enabled real-time document service for secure document delivery of all accessibility, with fine-grained access related manufacturing information with a controls and end-to-end security. As a complete audit trail. It also used the secure result, project members from the various dataroom service to connect with an SAP companies could easily access project- application to create and distribute docu- related documents on demand, IP was pro- ments automatically. This process allowed tected, and documents were successfully fast, secure access to relevant documents, kept from potentially competing business while providing a tamper-proof audit trail of units within the company. all activity in the data room. elaw.com.au 6
Contact e.law Asia Pacific General Enquiries info@elaw.com.au phone. 1300 136 993 overseas call +61 2 9221 1366 Office Locations Sydney Melbourne Brisbane Perth Hong Kong Shanghai e.law offices e.law service centres About Us e.newsletter e.law Asia Pacific is a privately owned company Subscribe to e.law e.news and receive providing specialised products and services to many updates on products, services, industry of Australia and Asia’s largest legal, corporate and trends, upcoming events and more at government organisations. e.law! We provide our monthly news- e.forensics letter service via a short HTML email, if you would like to receive a copy, e.discovery please register by completing the bureau services registration form online at elaw.com.au You may also unsubscribe at anytime. e.courts document review & case management software elaw.com.au online data rooms At e.law we seek to work in partnership with our clients offering services that are competitively priced, high quality, fast, reliable, innovative, wide ranging and adaptable. We look to build and sustain long Quality ISO 9001 term relationships with our clients where risk and reward is shared.

Recommended

The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Solutions Storage
Solutions StorageSolutions Storage
Solutions StorageJim Chalil
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil GodwinClear Technologies
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover StoryTorrid Networks Private Limited
 

Recommended

The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Solutions Storage
Solutions StorageSolutions Storage
Solutions StorageJim Chalil
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil GodwinClear Technologies
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover StoryTorrid Networks Private Limited
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
White Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsWhite Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsNewton Day Uploads
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
A data-centric program
A data-centric program A data-centric program
A data-centric program at MicroFocus Italy ❖✔
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalNicholas Cramer
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?Gabe Akisanmi
 
Taming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperTaming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperIBM India Smarter Computing
 
NACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedNACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedPrista Corporation
 
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007LindaWatson19
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & ProtectMike McMillan
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtimeBillyHosking
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information InfrastructureJay McLaughlin
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data” Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data” EMC
 

More Related Content

What's hot

Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
White Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsWhite Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsNewton Day Uploads
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalNicholas Cramer
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?Gabe Akisanmi
 
Taming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperTaming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperIBM India Smarter Computing
 
NACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedNACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedPrista Corporation
 
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007LindaWatson19
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtimeBillyHosking
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information InfrastructureJay McLaughlin
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 

What's hot (19)

Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
White Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsWhite Paper - Killing the Shadow Systems
White Paper - Killing the Shadow Systems
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equal
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?
 
Taming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperTaming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paper
 
NACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedNACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 published
 
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtime
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information Infrastructure
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
 

Similar to Secure dataroom whitepaper_protecting_confidential_documents

4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data” Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data” EMC
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycomplianceReadWrite
 
Five_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsFive_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsLaris Orman
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudSymantec
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
 

Similar to Secure dataroom whitepaper_protecting_confidential_documents (20)

4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data Classification
 
Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data” Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data”
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key Management
 
Big data security
Big data securityBig data security
Big data security
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycompliance
 
Five_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsFive_Big_Data_Security_Pitfalls
Five_Big_Data_Security_Pitfalls
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the Cloud
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 

Recently uploaded

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Secure dataroom whitepaper_protecting_confidential_documents

  • 1. secure dataroom leaders in data security White Paper - Protecting Confidential Documents in the Extended Enterprise Common Misconceptions and Best-Practice Strategies Executive Summary mistake to a fatal blow to your business. Increasingly, important business processes that Consider this recent real-life story: A new Silicon involve confidential documents are extending outside Valley start-up recently raised about $30 million the corporate boundaries. As important documents in three rounds of venture funding after receiving travel further from the corporate firewall, their a valuation of $150 million. Unfortunately, the protection becomes paramount. Data security company’s VP of sales mistakenly leaked the breaches are all too common; today’s business company’s 2007 sales spreadsheet, which showed climate demands a better way to collaborate without projected sales of just $1.34 million for the year. compromising sensitive information. Common In a matter of hours, screenshots of the start-up’s misconceptions about data security exacerbate embarrassingly low sales figures were available to the problem. A paradigm shift in how business anyone and everyone on the web. executives and IT view data security is needed. Perhaps this silicon darling wasn’t IT-savvy enough Documents can in fact be kept more secure through to have a bullet-proof data security strategy. But how best-practice, persistent document security strategies about this recent news item? High-tech giant HP had that provide end-to-end protection beyond the to release its 2007 second quarter forecast early after firewall. By deploying such a strategy, companies a copy of an e-mail containing the latest financial will be able to securely accelerate business and gain information slipped through the confines of the competitive advantage. corporate firewall. Introduction These two real-life stories illustrate all too clearly that It’s no secret: As today’s corporate borders ensuring confidentiality and control over business become more fluid and transparent, the risk of sensitive data is no easy task. Why? Because “the inadvertent or intentional security breaches of business of business” is moving faster than ever, and confidential information grows. Executives residing the technology needed to keep ever-more-widely in remote locations, increased electronic data dispersed documents secure just hasn’t kept up. penetration of imperfect firewalls, 24/7 availability, This white paper will discuss the enormous cost of web-enabled applications and virtual collaborative data breaches, the rising importance of data security, communities all contribute to an electronic and common misconceptions that exacerbate the document protection nightmare. Important people problem of protecting your company’s most important deal with important information every day and the and confidential information. It will look at traditional more important the document is, the more it wants IT approaches and reveal why they are inadequate to travel across corporate boundaries. At the same for today’s business culture. It will suggest a time, those well-travelled documents can cause paradigm shift in how companies view data security, the most damage if they fall into the wrong hands. and explore new technologies that meet the needs The impact can range from a mildly embarrassing of the new enterprise. elaw.com.au 1
  • 2. secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies Confidential Documents in the Wrong Hands: What It Costs, Why It Matters case study: Confidential documents routinely fall into the wrong Corporate Boardroom hands in a variety of ways. Intentional data theft from either inside or outside the company is an all-too- challenge: frequent occurrence. Malicious intention is not always Sensitive documents were the culprit, however. Unintentional breaches happen repeatedly being leaked to the press as well, due to poor data security measures, human error, or both. The imperative of “getting the job done” by company insiders, causing compels individuals to forward business-sensitive disruption and badpress. information, whether or not airtight security measures are in place. Regardless, the costs associated with solution: data security breaches can be enormous. The board of directors at the bank deployed a secure virtual data room Hard Costs to lock down all sensitive documents Forrester Research recently estimated that a security intended for board members. breach can cost anywhere between $90 and $305 per record. That means that the cost of a single, significant The result? Leaks were stopped and breach may run into millions or even billions of dollars.1 documents stayed secure. The bank The research firm surveyed 28 companies that had then extended the use of secure recent data breaches. Hard costs cited included data rooms to other functional areas outside legal fees, notification costs, response costs, lost employee productivity, marketing and PR costs, that dealt routinely with confidential and discounted product offers. Other significant hard information, such as financial reporting, costs Forrester warned of that were not part of the strategy and acquisitions, top estimate included regulatory fines, restitution fees management, and human resources. and additional security and audit costs. Soft Costs There are significant non-quantifiable costs to a Protection of Confidential Documents: company whenever a data breach occurs, including More Critical Than Ever inadvertent disclosure of key assets, potential loss of customers, negative impact to the stock price, Today, more widely dispersed executives and shareholder lawsuits, unfavourable press, and more. employees are collaborating, accessing, and sharing These costs can be even more detrimental than hard important, sensitive corporate information beyond costs, given their implications, and can eventually run the brick-and-mortar walls of the company, driving into the tens of millions of dollars. the need to share confidential information securely. Business processes within an organisation that The Cost of Non-Compliance require safe sharing of highly sensitive information include executive level information sharing, finance, Today’s organisations are required to meet stringent human resources and research and development, corporate governance and compliance requirements, to name just a few. or pay a high price. Recent regulations such as Payment Card Industry (PCI), electronic access of Increasingly, these business processes extend across patient information (HIPAA), and the newly amended the corporate firewall to external partners, contractors, e.discovery rules (Rule 26 of the Federal Rules of Civil and other outside professionals who need access Procedure (FRCP) underscore the fact that airtight to confidential documents. For example, many data security is critical in today’s highly regulated contributors are involved in preparing documents business environment. Moreover, regulations such for executive board meetings and seamless as the Sarbanes-Oxley Act (SOX) now require a fully collaboration of remote team members must be documented information flow for critical corporate ensured. Distribution of information to members information, creating a need for tamper-proof and of an executive board is often costly and time persistent audit trails. consuming, and most of all, it is frequently insecure. elaw.com.au 1. Kark, Khalid; “Calculating The Cost of a Security Breach” (Forrester Research, April 2007) 2
  • 3. secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies Leading industry analyst Gartner refers to groups Common Misconceptions about Data Security of individuals who collaborate together outside the corporate boundaries as “communities of trust.” Keeping data secure in today’s dispersed environment According to Gartner, there is a rapidly growing need is a much more daunting task than it was in the for ways to “meet the communications and security past. Part of the problem is the prevalence of needs for the ongoing sharing of sensitive data across commonly held ideas about data security that simply the Internet between multiple organisations.” 2 are not true. Below are three of the most common misconceptions that actually impede organisations Examples of collaboration-heavy business processes in the implementation of a truly secure solution: that transcend corporate firewalls are: boards of directors; mergers and acquisitions; business Misconception #1: partnerships; management consultants; outsourcing Data Security is IT’s Problem processes; joint ventures with competitors; real Most business executives want to know that estate management; and life science clinical trials. confidential documents are protected from data This trend will continue to grow as more and more breaches without having to worry about the collaboration occurs among dispersed individuals mechanism by which this is achieved. As a result, located around the globe. These processes need to data security is delegated to IT. But this “hands-off” be secure; additionally, they can’t be impeded by an approach can lead to a number of problems. unwieldy IT security infrastructure that slows down the job that needs to be done. First, IT departments are primarily concerned with security from an infrastructure perspective and are not necessarily as concerned about end-user experience. They may spend significant time and resources case study: devising an infrastructure solution that is cumbersome Mergers and Acquisitions for end users; for example, they may implement encrypted e-mail or encrypted hard disks. Or they challenge: may build a company-wide solution for every desktop, A law firm was heading the sale of a which is not necessary and can take years to develop large, well-known automotive company. and deploy. It’s like using an all-in-one wrench to fix a In the due diligence process, they needed specialised problem. to broadcast sensitive documents to a large IT-centric approaches to data security tend to take too number of potential bidders. The challenge long to deploy, focus primarily on internal employee was to distribute the data in such a way desktops, exclude external partners, and/or are too that recipients could not “keep” the data, unwieldy to allow ease of use. Or, on the other to track downloads and gauge interest extreme, an IT solution may not be good enough, and to follow up with more detailed and have its own security loopholes. documentation to qualified bidders only. In short, business executives need to find a way to The deal team at the firm wanted to self conduct confidential business that is efficient, includes manage the due diligence process rather outside approved participants, and meets stringent than rely on IT. security requirements without being at the mercy of cumbersome IT solutions. Because executives are solution: held accountable for data breaches, data security The firm deployed a secure deal room, must be a management concern. not just for the due diligence process but Misconception #2: for the entire lifecycle of the transaction. If it’s Behind the Firewall, it’s Safe This included initial strategy, gathering Highly confidential documents are in fact more all confidential information quietly, highly vulnerable behind the firewall than outside. Why? controlled due diligence, negotiation, Because there are so many individuals behind a closing, and post-merger integration. The company firewall who could gain inappropriate access. whole process was 100% secure, totally Perpetrators of data security breaches are often controlled, easy to use, and did not require disgruntled employees, “super users” with high any IT resources, thus expediting a major access permissions, or individuals who have left merger safely and successfully. the organisation or changed positions, but whose access privileges have not been updated. elaw.com.au 2. Heiser, Jay; “The $10 Billion Market for Communities of Trust” (Gartner, January 2007) 3
  • 4. secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies The firewall does not take into account the selective- Misconception #3: ness and breadth of individuals in collaboration-heavy Traditional Security Measures business processes. Only a select few individuals should have access to sensitive documents. For this are Good Enough reason, file servers, document management systems, Business professionals who are tasked with and e-mail are vulnerable repositories for storing and important, deadline-driven projects are generally managing confidential documents. trusting that the security measures in place are enough to protect the documents they are working The best and safest solution is one that seamlessly with. However, as stated above, some IT security connects authorised users on both sides of the measures are not in fact bullet proof. It is dangerous firewall while preventing unauthorised access by to assume that any data security measure is better individuals both inside and outside your organisation. than nothing. The reality is that partial security equals essentially no security. For example, the practice of sending emails with case study: a disclaimer is widespread, and yet completely unsecure; the disclaimer does not in fact “protect” Research and Development the security of the data or email attachments from unauthorised access. It’s the equivalent to having a challenge: “This house is protected” home alarm sign on your front lawn, without the real alarm system installed A drug research firm needed a and functioning. way to share highly confidential Another example of partial security is encrypted emails, research information, including whose information and attachments are only truly clinical trial data on a new drug “safe” while encrypted. Once they are unencrypted at with a pharmaceutical firm the desktop, they are vulnerable. Hard-disk encryption interested in licensing the drug. also only solves part of the problem, because it only Protecting their Intellectual protects information “at rest”. Once documents are in transit, whether from one laptop to another or Property, while expediting the from one person to another, the information is process, was paramount. vulnerable, since the encryption does not travel with the document. solution: A New Paradigm This firm designated a secure These misconceptions illustrate the need for a major virtual data room as the central paradigm shift in the way businesses view data security. repository for all facets of the drug Traditional approaches to data security like firewalls review stage. They controlled all (perimeter security), encrypting data-at-rest (on the server) or in transit (encrypted e-mail) are insufficient. access to all documents, ensuring They assume that highly confidential business that IP information remained highly information remains in a tightly controlled, definable protected. Once the partner decided environment. That assumption is false. The reality is to license the drug, the firm this: Data must move. And it will find its way. Therefore, continued to utilise the data room data protection has to be attached to the document itself and it has to follow the document wherever it as a way to ensure secure project goes. This is known as persistent document security. collaboration with its new partner in The new paradigm sees important documents as safer a highly confidential manner. This when placed in a repository outside the firewall, a place approach allowed high productivity, that is highly secure, accessible anytime, anywhere by shortened the drug review and a select number of individuals and allows users to partnership process, and reduced control exactly what documents are viewed, accessed, the risk of exposing a drug initiative and updated. In this paradigm, documents are stored on a highly protected, encrypted server outside the with high earnings potential. firewall. Workflows are managed by authorised end users, rather than by IT, so that sensitive documents are shielded from internal or external IT personnel. elaw.com.au 4
  • 5. secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies Documents can only be accessed via strong suitable for meeting this need. However, effective authentication methods that ensure only authorised solutions can be found in security technology that access. And access rights can be easily managed overlays the existing infrastructure, instead of being at a group level or down to an individual level. With dependent on it.” 3 these measures in place, documents outside the firewall become in fact more secure, because Enterprise Rights Management Software although they are accessed anywhere, anytime, Enterprise rights management software (ERM) offers a complete audit trail captures all activity and controls at the data level, so in essence, the security documents remain secure in the repository. “travels” with the document, from the server to the desktop. In this regard, enterprise rights management software enriches encryption to include access control and persistent protection. Recipients can view case study: or modify documents only as allowed. While ERM Fund Management software is an important step in the direction of end-to-end data security, such a system by itself often requires proprietary software on both the server and challenge: the desktop and can be a relatively expensive solution. A large financial services firm needed It also requires significant management overhead: Access privileges need to be assigned according to to ensure secure business processes each document. ERM software addresses the security and communications for an investment of moving documents better than does deploying only fund involving multiple interests, hard-disk and/or e-mail encryption, but it requires more including limited partners, investors, investment and more management overhead in order law firms, accountants and consultants. to execute. Also, by itself it does not allow “anywhere, anytime” access from any desktop, and therefore These groups needed to perform due impedes executives in remote locations from using diligence on potential acquisition various desktop platforms. targets and/or investments in the fund. The key to successful adoption of an ERM infra- structure within the extended enterprise, therefore, solution: is to deploy such software within an application The firm used a secure data room environment that enables users both inside and outside the enterprise to benefit from such an to organise the business processes infrastructure. needed for successful fund management. This involved A Different Approach: partitioning the data room into Secure Virtual Data Rooms separate areas for different parties Secure virtual data rooms (VDRs) are web-enabled applications that operate outside of the corporate and then controlling access to firewall, provide highly secure access and viewing information. This was accomplished controls at the data level (persistent security), but do with no deployment of additional not require proprietary server and client-side software. hardware or software and zero upfront VDRs are offered as a web-based service, and so training for all parties involved. require no IT infrastructure; however, they can also be integrated with an ERM infrastructure to provide even greater functionality. The most sophisticated VDRs offer the highest security standards, including two-factor authentication, encryption and tamper-proof audit trails. Extremely Best-Practice Data Security Strategies important features to look for are operator shielding, As important information moves farther and farther in which software and operating processes ensure from the physical boundaries of the IT infrastructure, that the VDR operator is not able to read customer the technology required to keep that information data and end-to-end security, in which documents secure becomes paramount. According to Gartner, can be access-controlled even after delivery to users’ “The traditional security mechanisms provided by the desktops. VDRs combine these security functions with operating system or network are just not communications and administration tools that allow elaw.com.au 3. Heiser, Jay (Ibid) 5
  • 6. secure dataroom White Paper - Common Misconceptions and Best-Practice Strategies the end user to easily set access rights, organise Business will go on, with or without the proper workflow, and ensure complete control over controls. Documents will move and the farther they everything that happens in the data room, from move from the corporate boundaries, the more beginning to end. imperative it becomes to keep them secure, A secure VDR provides a central repository for wherever they reside. Your most important confidential documents located outside the IT information cannot be vulnerable; the cost in real infrastructure. It gives business executives the control dollars, non-compliance and business risk is simply they want and need over highly sensitive documents, too high. You need to ensure that your most regardless of where documents “live,” in a way that important data is not only secure,but also easily facilitates business rather than hinders it. Some VDRs accessible by those individuals who need such offer additional features for specific applications, like access. Security can not be achieved at the expense voting mechanisms and acting-by proxy rules for of business acceleration. virtual board rooms. VDRs are device-agnostic, so any The technology implemented to ensure security authorised individual can enter the data room anytime, in this new era of business must change. What’s with any web-enabled device, wherever they are. needed is a paradigm shift in the way you think about data security. Putting confidential information outside Summary the firewall is actually safer and more expedient for Critical business processes involve highly confidential, all parties involved. Fortunately, there are solutions important documents that need to be safely accessed today that understand this new paradigm and anytime, anywhere. Poor security measures based are providing new ways to allow you to conduct on a “traditional” view of data security have lead to important business securely without being impeded high-profile, significant data breaches. by IT complexity. case study: case study: Global Project Management Supply Chain Security challenge: challenge: A global company needed to form an inter- A manufacturing company needed to national consortium of partners, customers, exchange plans, specifications and CAD and suppliers to collaborate on a major files with its partners in the supply chain. project. Of top concern was protection of The challenge? The partners in this project the IP of the consortium. This company had happened to be the company’s competitors to ensure that confidential information was in other areas of the business. It was not leaked to partners that had competitive imperative that the information stayed interests in other areas of their business. within the business unit of the partner company without travelling to divisions of solution: the company that had competing interests. A secure data room for this project was set up and managed by a neutral service solution: provider, so as to avoid conflict of interest. The company used a secure data room The data room enabled real-time document service for secure document delivery of all accessibility, with fine-grained access related manufacturing information with a controls and end-to-end security. As a complete audit trail. It also used the secure result, project members from the various dataroom service to connect with an SAP companies could easily access project- application to create and distribute docu- related documents on demand, IP was pro- ments automatically. This process allowed tected, and documents were successfully fast, secure access to relevant documents, kept from potentially competing business while providing a tamper-proof audit trail of units within the company. all activity in the data room. elaw.com.au 6
  • 7. Contact e.law Asia Pacific General Enquiries info@elaw.com.au phone. 1300 136 993 overseas call +61 2 9221 1366 Office Locations Sydney Melbourne Brisbane Perth Hong Kong Shanghai e.law offices e.law service centres About Us e.newsletter e.law Asia Pacific is a privately owned company Subscribe to e.law e.news and receive providing specialised products and services to many updates on products, services, industry of Australia and Asia’s largest legal, corporate and trends, upcoming events and more at government organisations. e.law! We provide our monthly news- e.forensics letter service via a short HTML email, if you would like to receive a copy, e.discovery please register by completing the bureau services registration form online at elaw.com.au You may also unsubscribe at anytime. e.courts document review & case management software elaw.com.au online data rooms At e.law we seek to work in partnership with our clients offering services that are competitively priced, high quality, fast, reliable, innovative, wide ranging and adaptable. We look to build and sustain long Quality ISO 9001 term relationships with our clients where risk and reward is shared.