In many medium-sized companies, not only the IT administrator has unrestricted access to all operational data, but also the IT-savvy trainee. If he later leaves the company, he often retains his access rights because nobody thinks about it, explains data security specialist Detlef Schmuck.
The granular IT authorization systems that are common in large companies are often saved in medium-sized companies for cost reasons. In essence, each user is only granted those access rights to databases that are absolutely necessary for the respective workplace. "However, the management of individual access authorizations requires a lot of effort, especially since there is always a tendency on the user side to want to obtain more access rights than are actually required for the job," Detlef Schmuck knows from numerous projects in medium-sized companies. He says: "Many medium-sized companies are still overwhelmed by the challenges of digitization, especially when it comes to security issues."
Too many have access to sensitive data
Detlef Schmuck gives examples: “Whereas in the analogue world, documents with sensitive information such as salary lists or business plans could be securely locked and only made accessible to the employees involved, this is much more difficult in the digital world. Shared folders on a file server or a NAS system can always be viewed in addition to authorized employees by any system administrator for the server. Many companies are not even aware of this risk. For example, a qualified colleague who is supposed to take care of the server receives incidental access to all sensitive data without anyone noticing. Because as soon as the person knows the server password for administration, all other access restrictions no longer provide protection.”
Cloud data management as a remedy
As a remedy, Detlef Schmuck recommends using a cloud-based data management system with the appropriate features. He cites end-to-end data encryption and a zero-knowledge architecture as the most important criteria. This means, firstly, that all data in the cloud is completely encrypted and only decrypted with authorized access, and secondly, that even the cloud administrator does not have any keys to the data.
This is in contrast to the IT environments in many medium-sized companies, where every employee with administration rights has access to the e-mail correspondence of all employees. Although one's own computers are often well protected by encryption, as soon as the data leaves the local computer, they are usually at high risk, Detlef Schmuck knows from projects. He adds: “All external system administrators are also among those who can gain unauthorized access to confidential documents. Furthermore, this risk also exists for the Exchange or other e-mail server. All e-mails and attachments are usually unencrypted on the server and are only encrypted during transmission.”
Access only to the data you need
Detlef Schmuck is Managing Director of the Hamburg high-security cloud service TeamDrive and postulates: "In our cloud service, the operating data is stored more securely than in most medium-sized companies in Germany." With TeamDrive, the software not only takes over the automatic encryption, but also ensures secure key management and secure key exchange. As a result, each user only has access to the data that he actually needs for his operational task. In addition, all accesses are logged completely, so that it can be determined at any time afterwards who accessed which information and when. In accordance with the zero-knowledge principle, the cloud operator itself, i.e. TeamDrive, does not have any access keys to customer data.
All legal requirements are met
Also important: TeamDrive meets all legal requirements applicable in Germany according to the GDPR (General Data Protection Regulation) and GoBD (Principles for the proper management and storage of books, records and documents in electronic form). This means that confidential personal data, for example on payroll accounting, as well as trade secrets such as calculations or contracts can be stored in the cloud in a legally compliant manner. The fact that TeamDrive is completely in German hands, despite the anglicised company name, and that all customer data remains in the legal area of the Federal Republic of Germany contributes to security.
More at TeamDrive.com
About TeamDrive TeamDrive is regarded as "secure Sync&Share software made in Germany" for storing, synchronizing and sharing data and documents. The basis is a consistent end-to-end encryption that ensures that only the user himself can read the data - neither TeamDrive nor any authority in the world can decrypt the data. More than 500.000 users and more than 5.500 companies from all sectors appreciate this technical and legally binding security.