Data security is essential in a connected world. On the one hand, digital transformation requires openness to the world, to mobility, to collaboration, to sharing with customers and colleagues.
On the other hand, threats encourage closure, that of ransomwares, Phishing, piracy (see Echoes article).
Between these two contradictory injunctions, how can you implement the right security strategy?
The security of your data is like a treasure to be protected
Is your money safe?
By comparing your data to your money, we can try to advance the thinking by answering the following question: where is your money safer?
- Under your mattress
- In a safe at home
- At the bank
If you answer 1, you have, are going to or are in the process of having your data hacked.
Answer 2, you have invested a lot of money to protect yourself from pickpockets, but not from thieves.
Answer 3 of course is the correct one. You are protected, secure and insured: everything is fine.
Data security = trust
The security of your firm's data follows the same logic. You naturally think that your data is safe at home, close to you, but it is subject to theft, flooding, fire, technical malfunction, lack of updating, etc. This is answer 1, the belief of security but nothing for security.
If you have a redundant server, backup, and a network administrator, you have invested in a “vault.” Have you, as the state of the art recommends, carried out a complete restoration of your data and that of your customers twice a year, in order to check the quality of your backups? Do you have firewalls, VPNs and security policies at the level of current hacker practices? If so, you are strong, you are rich… and you are only partially protected. A hacker will have no trouble, with a simple email, to deceive your vigilance and spread throughout your internal network... This is answer 2.
If you work with a professional cloud player, who contractually guarantees you technology, a procedure, insurance and restitution of your data in the event of a request, then you are protected from hackers, ransom seekers, losses/malfunctions, the sudden departure of your IT specialist, etc. You are in answer 3, in the bank, protected and guaranteed.
It is of course a question of trust: you trust the bank because you know it, you do not yet trust the cloud players because you do not yet know them. This can change quickly!
Host your data in the cloud
You have decided to put your data in the cloud. Your gaze immediately turns to Dropbox, Gmail and other proven and reputable solutions. It's a good choice on a technical level: stable, well-thought-out, accessible, inexpensive solutions. But did you know that your data is hosted in the United States, transits through its territory and faces serious legal threats? Data security is also a legal issue.
Le General Data Protection Regulation (GDPR) requires you to trace and guarantee the use and storage of personal data of European citizens. That means you and your customers. You do not have this information with the aforementioned American consumer solutions.
This GDPR also requires you, in article 45, to pay attention to the country in which your data is stored. The safest choice in legal terms is to store your data in France, failing that in the European Union. This ensures that you respect the legal security of the data.
In its article 20, the GDPR also imposes “the right to data portability”, in short, that you can return to your customer, upon simple request from them, all of their data.
Generally speaking, the location of data hosting may involve legal territoriality and impose specific legislation on you. This is why choosing French accommodation may be preferred.
Choice of your technological partner
Generalities
As the person responsible for your customers' data, you must be able at any time to report to the supervisory authority on the state of its data processing. Therefore, the choice of your software publisher must be that of a technology partner. Is he aware of these texts? Has it integrated all these notions into its technology, its practices, its contracts?
It is recommended that you ensure a certain number of points before choosing your publisher. These points must be contractualized and verifiable. Beneath technical and somewhat barbaric words generally hide simple and logical concepts: security, encryption, backup frequency, availability commitment. Few market players nevertheless make contractual commitments.
Jarvis Legal commitments
For our part, here are some of the commitments we make to guarantee the security of the data of lawyers and their clients:
- location and mode of data hosting: in France, Luxembourg or the United States depending on the customer's choice. By default, it is in France (hosters Gandi and OVH).
- Bank-grade security (data encryption and connection via HTTPS protocol and 256-bit AES certificate)
- Availability guarantees (SLA commitments)
- Extensive backup policy: 3 backups per day, 6 per week and 2 over the last 2 months, i.e. 11 backup sets available permanently and on a rolling basis
- Ease of access and export of data, restitution clauses
- Insurance in case of data loss or corruption
- Filings with a third-party IT authority (clause escrow): we deposit our source codes with Logitas every 6 months so that even in the event of disappearance, our customers can continue to benefit, under the same technical and financial conditions, from their access to the software
Don't leave your firm's data security in the hands of experts alone! Take your full part in defining your strategy and the means to implement it. For our part, everything is included in the monthly price, it's very simple :o)
To find out more about the GDPR, you can usefully read the following article: http://www.village-justice.com/articles/RGPD-Reglement-General-sur-Protection-des-Donnees-qui-bouleverse-Loi ,23774.html
