WHY SECURITY IS A THREE DIMENSIONAL CHALLENGE

There is more to keeping online data rooms secure than meets the eye, so here’s a handy checklist of the things users need to consider:

Security is the number-one priority for any organisation that opens a virtual data room – they always contain sensitive information that must not leak out. But for all its importance, most users may not appreciate how many elements must come together to make an online data room truly secure.

The neatest way to visualise it is a triangle – each side representing one essential element in the security barrier that protects your confidential information. All three are equally vital. If one fails, the cordon is broken.

First come the most visible elements: security features built into the online platform that can be turned on or off to fit each client’s requirements. These include things like: 

• Offline document protection, allowing you to prevent data room users from saving, copying, forwarding, editing, printing, or cutting and pasting downloaded documents
• Individual user permissions, controlling which documents different users can access – handy if you want to share more information with one counterparty, for example a private equity buyer, than a direct competitor
• Automatic expiry, which allows you to set a “self-destruct” timer on downloaded documents so they expire after a set period
• Dynamic watermarking, which automatically adds a user’s name and contact details to documents so that if they are leaked the source of the breach is obvious
• IP address lockdown, enabling clients to specify IP addresses from which the data room can or cannot be accessed.

Features like these offer a lot of protection, but users will naturally want to balance security against the need to ensure the process runs as quickly and smoothly as possible. That’s why the suite of security features within the platform is flexible and can be configured to meet differing requirements.

If the first set of features is mainly about flexible user access and permissions, the second is all about cybersecurity. This involves making sure the IT infrastructure that supports every client’s data room is as robust and tightly controlled as possible. Under this heading come issues including data encryption, real-time intrusion detection, regular vulnerability scanning and penetration testing of the system to protect it against attack.

When it comes to IT infrastructure, physical security is just as important as the cyber variety. This means high-security Tier-3 compliant datacentres, with multiple back-up systems for power and cooling, and strict access controls.

Finally, the third element in the security cordon is the people who operate the system and support its users, and the organisation they work for. For any data room to be properly secure, the support staff must be trained and regularly assessed to make sure their knowledge is up to date in areas such as compliance with the General Data Protection Regulation, for example.

Without this level of professionalism and understanding, vulnerabilities will creep in. This is why clients should always ask for globally recognised accreditations such as ISO27001, covering data security, and Cyber Essentials Plus.

Security is a three-dimensional issue. Make sure you have all three – features, infrastructure and people – properly covered.