Jump to Navigation

Secure, Private Infrastructure

There has been a lot of talk recently about public cloud, private cloud and hybrid clouds. Some of the talk makes sense but most of it still lacks sense and understanding - so it takes a bit of patience to cut through the marketing hype and focus on the important messages.

For our clients, especially those managing sensitive or private data, an important issue is the extent to which their staff feel tempted to make use of tools such as Dropbox to expedite file transfers and sharing.

Of course, that's a nightmare for any organisation that needs to know where its data is - and in some cases need to know that the data remains within the EU and that the data complies with EU data privacy rules.

If in doubt, here are our "rules of thumb" (make them "rules" and you can't go far wrong):

Don't use Dropbox to store private or sensitive data - this is especially important for healthcare organisations.

As a logical extension to the above - don't use Dropbox - because you will get lazy and stop distinguishing between which data is sensitive and which isn't. This is inevitable.

As a logical extension to that - don't use any public cloud services at all. Stop it! You really don't know where your data is ending up. Forbid your staff to use public cloud services also.

Beware organisations that say that they transfer data to the USA but that it's ok because they have a "safe harbour" agreement. I don't know about you, but I like to know exactly where my data is kept - and I like to control that location and the location of any backups. Once data goes one degree of freedom away from you then it becomes a very tentative link indeed - and who really becomes responsible at that stage? You. You were responsible for the data that somehow leaked from some USA based, outsourced backup location.

So what's the solution? How can we stop our staff from using public clouds and dropbox etc.?

The answer is to understand that your data is valuable and it is private - and that you have a duty of care over that data. Make use of private facilities - a private cloud, a private file sharing facility, a private email server. Make sure these facilities are hosted at a first class facility in a known EU location. Control the backup location(s). Educate your staff to use these facilities.

At VidaVia we have been working with private facilities and offering UK-based facilities to our clients.

We have deployed Kerio as a private email server - fully configurable and controlled by us on behalf of our clients.

We have deployed ownCloud as a private cloud system - with secure protocol file sharing - so that the data remains secure and it remains private, at a UK-based dedicated server with fully controlled backups to known locations.

The "talk" in the press will soon turn to "hybrid clouds" - confusing the matter still further. Our advice right now is to stay "private". We are committed to offering private facilities, managed by skilled staff in controlled locations.

If you are interested in private email facilities, private file sharing or private team collaboration facilities then we're here to help.