more-arw search

Q&A Forum

Do you Know Where Your Company Data Resides?

 

I was just reading an article "Two-Thirds of Management Don’t Know Where Their Data Is" (http://www.infosecisland.com/blogview/21725-Two-Thirds-of-Management-Dont-Know-Where-Their-Data-Is.html).  The article raises some significant points, such as what systems do you have in place to account for where data is residing, what security procedures are being used and who has access.

 

So, does your company know?

Answers

Topic Expert
Donald Koscheka
Title: Principal
Company: Bluecloud Communications
(Principal, Bluecloud Communications) |

We know what companies manage our data: Quicken, Microsoft and a hosting provider. We actually don't care where our data resides physically as long as it resides in a country, like the US, where intellectual property laws help prevent someone from gratuitously accessing our data.

What we do care about is the controls that are in place for safeguarding our data - we trust Microsoft and Quicken to do a good job here. For us, the convenience of cloud-based data outweighs the security issues for two reasons: (1) cloud vendors generally have greater security controls than we could afford to implement in our company (for example, creating a separate, secure data center) and (2) cloud vendors generally provide better continuity management than we can provide ourselves - they back up our systems daily and can recover systems faster than we can internally.

Topic Expert
Wayne Spivak
Title: President & CFO
Company: SBAConsulting.com
LinkedIn Profile
(President & CFO, SBAConsulting.com) |

Donald,

I think you missed the point.

The question is not the exact location of the server which holds your Quicken data; it is the fact that your Quicken data is held my the Microsoft Cloud.

Your CRM system is held by XYZ company. That Bob has his own database (although it is Company data) and it's sitting in his Dropbox.

Years ago, all data sat somewhere at the company (it we've all lost or misplaced files, both real or virtual). Today, they can be anywhere and if you don't have a system to track the data, it can and will be lost as well.

Regads,

Wayne

Topic Expert
Regis Quirin
Title: Director of Finance
Company: Gibney Anthony & Flaherty LLP
LinkedIn Profile
(Director of Finance, Gibney Anthony & Flaherty LLP) |

Wayne is discussing a point which is critical, supported by some of Donald's statements - "we trust," "...generally have greater security controls." Not trying to beat you up. Sorry. Your answers are in line with most Executives.

Depending on your business - your data is sitting in multiple forms, in multiple locations...accessed by multiple individuals.

John Rambart
Title: Manager
Company: Leading Boards
(Manager, Leading Boards) |

Donald,

You should be concerned where your data's company resides. Indeed, the storage data in a US company is subject of the Patriot Act. See our article about it : http://bit.ly/L02V6y (Don't worry the link is not an adds)

To resume, all data that belong to an american company is susceptible to be consulted. Even if a U.S. company uses servers abroad, the Patriot Act also applies outside the US since they are considered an extension of the company. This part of the Patriot Act is not well known, but it raised many issues in Europe.

"Microsoft’s managing director in the UK, Gordon Frazer, made that admission in June at the Office 365 launching London. After researching the PATRIOT act, Microsoft found that regardless of where data was stored, it could not ensure that data would not be turned over to the US government as the result of a National Security Letter or other government request, because the company is governed by US law. (from Tech law and policy in the digital age : Microsoft admission)"

2379 views
Topics
Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email content@proformative.com to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.