11.1.2017
The Federal Office for Information Security (BSI) has reiterated the special security of cloud solutions. Thus, data rooms are meant to be used in the course of business transactions to allow a group of bidders insight into the real estate for sale or businesses.
Increased security in the use of data rooms
High bandwidths and fast data transfer rates make it attractive for companies to collect and access their data in a cloud. Cloud solutions range from simple storage possibilities through web-based access to programs – for data processing, for example – to the long-established established e-mail offers.
Data security in data rooms
Checklist for data rooms: Photo: BSI Building Excursion, Federal Office for Information Security In the meantime, companies should not leave their data in the cloud and data rooms themselves, but should consider some aspects of data security before they resort to cloud solutions. Even the transport of data into the cloud can give third parties the possibility to see it, if the traffic is not encrypted via a secure connection, so the BSI. In order for data in the cloud to be safe from unintentional manipulation, the vendor should ensure data integrity. In addition, it is often unclear for the user of cloud services where the private or business data is stored. Many vendors use external data centers that are located abroad and are subject to other data protection regulations.
Secure handling of data room & cloud services
The BSI has published the following recommendations for action in order to benefit from a secure handling of cloud services:
- Access the cloud with a protected device only. Because if your own security is ensured, attackers have a harder time accessing the personal data of a user.
- Secure passwords for logging in to the cloud protect against hacker attacks.
- The data in the cloud should not be accessed via unsecured WLAN hotspots, as access data can be intercepted and abused more easily.
- Users should carefully examine what rights are granted by accepting the terms of use and data protection rules. It is recommended to pay attention to the GTC, that the provider is not allowed to sell the private data to third parties.
- Information about the location of the cloud provider and the data center helps users to recognize where their own data is stored and which data protection regulations are valid.
- Particularly important and sensitive data should only be stored encrypted in the cloud.
- A thorough review of how the deletion of data from the cloud is designed is recommended. Frequently, cloud providers store security scripts in different data centers.