Related to:
Data | Document Security
Jan. 28 2010 12:00 AM

Secure Sourcing in the Cloud


Pick up an article in information technology, records management or electronic discovery trade press, and you will see that information is moving to the "cloud." What is the cloud? Perhaps the simplest definition is information stored remotely on a service provider's equipment, typically accessed over the Internet on a browser. This is a trend we are witnessing at an amazing pace and one not just limited to a corporation's own information, but also the transactional information of the corporation and its customers.

A degree of care is required when outsourcing transactional information to ensure the protection of both your and your customers' information. Set forth below are considerations to the extent you are going to outsource transactional processing.

  • Privacy policy: Establish a written policy regarding the protection of your and your customer's information. Publish that policy not only to your organization but also to your outsourced providers and customers, and make it available on your public website to your customers.
  • Choosing the appropriate vendor: It is important to understand who is your provider. You should also understand who works for your provider, including how they screen their employees and whether they do a criminal background and reference checks with respect to employees that will have access to your data.
  • Contractual provisions regarding data security: Set forth in detail your service provider's obligations regarding the protection of your transactional records, including the specific data security precautions that will be undertaken by the provider.
  • Confidentiality agreement: Your provider and each of its employees who will have access to your data should execute an agreement regarding the confidential nature of your and your customers' information.
  • Reviewing your provider's data security protections and practices: Conduct an audit of your provider's data security practice. Visit the provider and its data center. Determine what physical security is in place over the information, including whether there is 24/7 security at the location and how access is granted to the facility, as well as the equipment. Examine also the network typology, data security precautions, firewall security and procedures for handling customer data.
  • Access control: Access control rights to the system are important. Determine how appropriate levels of access control are granted, including whether you will reply on basic password protection (e.g. user ID and password) or more sophisticated protection, such as a digital certificate, biometrics or a security token. Ensure that there is a policy for periodic changing of passwords and the use of complex passwords (e.g. including numbers, letters, symbols and character length).
  • Customer identification and access: Many transactional systems allow for customer access. Ensure that your provider has a process in place to monitor and maintain customer identifications, passwords and clearances.
  • Encryption: Ensure that any data that is transmitted over the Internet is appropriately encrypted or protected through a virtual private network connection. Also ensure that data stored on local machines are appropriately encrypted.
  • Monitoring: Ensure that either your provider or your IT staff are monitoring the transactional system so that there is no unauthorized access.
  • Audit trail: Create an appropriate real time audit trail that tracks transactional details in an understandable and agreeable format.
  • Contingency plan in the event of a breach: At some point, there may be a data security breach. Ensure that you have a contingency plan in place, including notifications by your provider of any breaches as well as agreed-upon action points to remedy those instances.

Like anything else in the IT realm, prior planning prevents poor performance. With careful planning and addressing the points set forth above, you can outsource your transactional records to an appropriate third-party provider and ensure that your data and that of your customers will be appropriately protected.

JOHN ROSENTHAL is a partner at the law firm of Winston & Strawn LLP (www.winston.com). Mr. Rosenthal is the Chairman of the firms Electronic Discovery & Information Management Practice Group. Mr. Rosenthal advises companies on e-discovery and records management risk mitigation and best practices.

Be the "Tails"
Post your responses to Mr. Rosenthal's statements at our LinkedIn Discussion here>>

Craft Your Enterprise Search Strategy to Address Your iWorkers' Pain Next
Digital Documents and the Best Evidence Rule Previous
More from FEATURES
insurance
The Future of Insurance Communications
mark-1577987_1280
8 Information Management Best Practices
Mai
CCM: In-House or Outsource?
 
Related
data
Data Privacy & Sovereignty
balance
Striking a Balance
trends
2025 Trends Outlook for Data and AI Initiatives
GettyImages-1480239160
Is Your Data Ready?
GettyImages-523035682
Navigating a Complex Landscape
ai top read
AI: Not A Revolution — A Re-Creation of Reality
  • CCM: In-House or Outsource?
    By Bryan Matlock
    In today’s complex and highly regulated customer communications management (CCM) landscape, organizations face a critical decision
  • quad
    Are Your CCM Systems Costing You More Than You Know?
    By Avi Greenfield
    In today's fast-paced world, effective customer communication is not just a business obligation — it's a crucial part of the customer experience
  • data
    Data Privacy & Sovereignty
    By Eric Riz
    The rapid expansion of artificial intelligence (AI) has ushered in an era of unprecedented data collection, processing and utilization. While this has propelled innovation, efficiency and convenience
  • AI
    AI Is Shaping the Future of Translation in Communications
    By Patrick Kehoe
    Across the globe, organizations are seeking to better cater to increasingly diverse customer populations. In the United States, for example, the number of non-English speakers has tripled over the las
  • balance
    Striking a Balance
    By Liz Stephen and Mia Papanicolaou
    A recent article on Chiefmartec asked an interesting question about automation in marketing: Is automation making things more efficient for the company or the customer? The example they gave is someth

Most Read  

This section does not contain Content.
0