Cloud File transfer Services Hosted in the UK are not subject to the Patriot Act
Over the years I’ve spoken to many clients about hosted data transfer systems, and the security implications of where your data is stored. Generally there arelots of levels of sensitivity of data that a business might have. Sometimes the more commercial, cloud based technologies can fit, e.g. sending marketing collateral to a printers wouldn’t generally be considered sensitive data. Over recent years however, there has been a worrying increase in the amount of enterprises who have either mandated the use of cloud based technologies for the distribution of sensitive data, or turned a blind eye to what employees are using off of their own back. Naturally there are issues surrounding compliance here and potential brand damage should the data find its way into the public domain, but that’s been covered many times before and isn’t the focus of this blog.
A few days ago I spoke with an international consulting firm (who shall remain nameless). They confided in me that the organisation didn’t have a managed file transfer solution in place to cater for the ad hoc transfer of data between internal staff and external parties. They disclosed that a decision had been taken to purchase a wetransfer.com channel for their business, but this IT Manager was very concerned about compliance and security of his data. Having had some experience of wetransfer in the past I suggested that additionally he should be concerned about where his data was stored. Being a predominately US based company, it could be possible that their data was making its way to their US data centres and therefore be subject to the Patriot Act. I wasn’t scaremongering, this is true as there is no way to define which server your data resides on as it’s a consumer grade solution, predominantly adopted by enterprises to get them out of a hole.
When looking at securely transferring business critical data I can see why a company may opt to adopt a ‘big brand’ cloud solution, but its worth pointing out they’re generally big brands because they appeal to the masses and are consumer grade. When selecting a cloud based technology its worth asking these questions:
- Where will my data be stored?
- What levels of physical security are in place at these data centres?
- What security is in place to protect my data at rest in these locations?
- Is my data encrypted in transit and at rest at all times?
- Who within the organisation supplying the service has access to my files?
- What controls am I offered to administer and manage the service being used across my organisation?
- What compliance or data security standards do you adhere to?
- What logging and tracking do you provide to help me achieve compliance?
This list outlines some of the most important questions and is a good starting place. If you’d like to discuss your file transfer requirements in more detail our consultants can help. We’ve been working with file transfer technologies for more than a decade now and are well placed to be able to detail your requirements and help you identify the best technology fit. Get in touch or call 0333 123 1240 or for International callers +44 1202 433 415.