In order to reliably protect sensitive data during content collaboration, companies need a comprehensive strategy - and the right technical support. ownCloud explains what matters.
The digital working world is hardly imaginable without content collaboration. However, when working together on documents, companies are subject to numerous regulatory requirements. The GDPR obliges them to protect personal information and the upcoming NIS 2 directive imposes strict data security requirements on operators of critical infrastructures. In addition, companies must adhere to agreements with customers, partners and suppliers on the confidential handling of sensitive data.
Comprehensive data strategy
In order to meet these requirements, companies should develop a comprehensive data strategy and derive guidelines for the management and protection of data along the entire life cycle. Your content collaboration platform should then efficiently support the technical implementation of these guidelines. To do so, she must meet a few key requirements. The content collaboration specialist ownCloud explains what is important:
- 1. Control of access rights. Which users are allowed to access which files? The platform should make it possible to automatically classify documents based on company guidelines and assign them the appropriate release settings. In doing so, it should also take into account the further development of the documents. A file that was not critical when it was created can become GDPR-relevant in the course of the collaboration because an employee adds personal information.
- 2. Enrichment with metadata. In content collaboration, users mostly edit files with unstructured data. In order for such files to be able to be analyzed and thus automatically classified, they require metadata. The platform should therefore offer as many ways as possible to enrich files with metadata: from derivation from the file itself to automatic generation using image recognition, OCR or AI to manual assignment.
- 3. Retention Management. Many files are subject to retention requirements. Some may not be stored at all, others must be deleted as soon as their processing purpose no longer applies, while others must be stored for decades. Lifecycle management should be available to companies with which they can reliably ensure compliance with all storage and deletion obligations.
- 4. Control of storage locations. When employees store files locally on their devices, organizations can no longer oversee them. This is usually not a problem, but it is a risk with sensitive files. Therefore, companies should be able to control local storage and, if necessary, prevent it. In the case of particularly sensitive documents, it may even be necessary that they never leave the server and only watermarked images of them are streamed to the user's browser.
- 5. File Recovery. A content collaboration platform can be a powerful tool in defending against ransomware attacks – if its versioning allows reverting any file to any point in time. Then companies can restore files to the state they were in just before they were encrypted by the ransomware.
"In addition to technical features, companies should also pay attention to the future viability of the platform," explains Holger Dyroff, co-founder and COO of ownCloud. “For example, Microsoft will soon stop supporting the on-premises version of SharePoint and will only offer the content collaboration tool from the public cloud. Then it will no longer be able to adequately support many strategies for protecting sensitive data. If companies rely on a solution that gives them free choice in the operating model, they keep their options open for the future.”
More at owncloud.com
About ownCloud ownCloud develops and integrates open-source digital collaboration software that enables teams to easily share and share files from anywhere, on any device. More than 200 million people worldwide already use ownCloud as an alternative to public clouds - and thus opt for more digital sovereignty, security and data protection.