Download Be my host: What to ask about free services that may be hosting your

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Data model wikipedia , lookup

Data center wikipedia , lookup

Data analysis wikipedia , lookup

3D optical data storage wikipedia , lookup

Data vault modeling wikipedia , lookup

Computer security wikipedia , lookup

Business intelligence wikipedia , lookup

Information privacy law wikipedia , lookup

Transcript 
May 23, 2014
Be my host: What to ask about free services that
may be hosting your data
The increasing use of third-party file-hosting services raises at least three
questions worth considering
BY RICHARD MARTINEZ, SAMUEL WALLING
Traditionally, privacy and cybersecurity
efforts have focused on how companies
can protect their IT assets from intrusion.
Literally billions of dollars have been
invested in developing security measures
that limit and control access to servers,
workstations, laptops and mobile devices.
But in today’s cloud-computing environment,
these extensive (and expensive) efforts may
not be sufficient. The true objective is not
to protect the IT assets, but the data that
they store. And with increasing frequency,
employees are storing sensitive, proprietary
data on assets that their companies do not
control. Thus, to capture and address this
extra-company activity, a comprehensive
approach to data privacy and cybersecurity
needs to be data-centric rather than assetcentric.
Let’s just state this as a fact: If you have
employees with laptop computers, some
proportion of them is storing company data
on assets your company does not control.
Yes, this certainly includes those pesky flash
drives that are prone to being left behind at
airport security. But the greater concern is
posed by the free file-hosting services that
proliferate the Internet, such as OneDrive,
Dropbox, Filedrive, Google Drive, MediaFire
and others. Despite companies’ best
efforts to provide employees with remote
VPN access to data that is safely stored
on company servers, many employees
don’t use it — at least exclusively. Instead,
employees are drawn to file-hosting services
because they want to be able to easily
access their files from anywhere, and are
resistant to the limitations imposed by VPN
keys and the requirement that a device be
loaded with VPN software.
The increasing use of third-party file-hosting
services raises at least three questions
worth considering in crafting a privacy and
cybersecurity policy that both confronts
this reality and protects valuable corporate
information.
First, will the confidentiality of the data
stored with the file-hosting service be
preserved? For example, Google’s terms
of service allow Google to “use, host,
store, reproduce, modify, create derivative
works . . . communicate, publish, publicly
perform, publicly display and distribute”
content that users “upload, submit, store
send or receive” through Google’s services.
The terms also allow Google to analyze
content that is sent, received, or stored,
to provide “personally relevant product
features.” Depending on the nature of the
data stored, such third-party access may be
problematic. Recall that in order to qualify
as a trade secret, the proponent of the
trade secret must have taken reasonable
measures to protect the confidentiality of the
misappropriated information. Thus, thirdparty access to proprietary data — even for
a limited purpose — may carry significant
consequences.
Second, will the data be secure? Many
file-hosting services simply require users
to create a User ID and a password. The
parameters required for password creation
will vary from site to site, meaning some
sites may have more robust password
protection measures than others. And, as
we recently learned, even a stringent set
of password requirements may still leave
room for infiltration, with lurking bugs like
Heartbleed allowing others to capture
passwords as they are transmitted over
the Internet. In addition, some sites, such
as Dropbox, allow users to grant others
access to data stored on the service — a
feature that has the potential to increase
the likelihood of unauthorized access.
Finally, while many file-hosting services
offer assurances of security, many are
also unlikely to disclose the full range of
measures taken to protect against data
breaches and cyber-attacks, making a full
assessment of the security risks impossible.
Consequently, some data may simply be too
sensitive to ever store on a third-party filehosting service.
Reprinted with permission from InsideCounsel
Third, what are the terms of use? As
documented above, terms of use can
grant the file-hosting service rights with
the potential to cause problems down the
road. Thus it is important to fully understand
precisely what provisions the terms of use
contain, and how those provisions might
impact the data a file-hosting service stores.
To be clear, nothing in this article should be
taken to suggest that file-hosting services
are insecure or do an inadequate job
protecting user data. Instead, the increasing
use of these services simply means that
companies developing privacy and cyber
security policies would be wise to consider
the extent to which their employees
utilize such services, and the implications
that may flow from such use. Whether
that assessment leads to the limitation
or curtailment of third-party file-hosting
services, the identification of a third-party
file-hosting service of choice, or something
else entirely, depends on the company and
its objectives.
About the Authors
Richard Martinez
Richard Martinez is a trial attorney at
Robins, Kaplan, Miller & Ciresi L.L.P. Rick’s
practice focuses substantially on technology,
primarily in the areas of intellectual property
litigation. His practice is also active in
matters before the International Trade
Commission, and in the areas of cyber
security, data privacy, and information law.
Samuel Walling
Samuel Walling is a trial attorney at Robins,
Kaplan, Miller & Ciresi L.L.P. Sam’s practice
focuses on complex commercial litigation
involving patent infringement, trade-secrets
misappropriation, product liability, and
securities fraud. [email protected].
Related documents
United Bank Third Party Link Disclosure
United Bank Third Party Link Disclosure
Consent and Payment Authorization
Consent and Payment Authorization
BringThemHere.EU Privacy Policy
BringThemHere.EU Privacy Policy
3-6 Student/Parent Acceptable Use Agreement
3-6 Student/Parent Acceptable Use Agreement
TITLE: Hidden `costs` with every choice we take AUTHOR: Dr
TITLE: Hidden `costs` with every choice we take AUTHOR: Dr
7 - Acadia University
7 - Acadia University
Organizations cannot function without money, money that
Organizations cannot function without money, money that
Networking & Security
Networking & Security
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Legal Policy
Legal Policy