Skip to main content
close search
site logo
Wayne Spivak's headshot
Wayne Spivak President & CFO

Do you Know Where Your Company Data Resides?

Asked on June 27, 2013

 

I was just reading an article "Two-Thirds of Management Don’t Know Where Their Data Is" (http://www.infosecisland.com/blogview/21725-Two-Thirds-of-Management-Dont-Know-Where-Their-Data-Is.html).  The article raises some significant points, such as what systems do you have in place to account for where data is residing, what security procedures are being used and who has access.

 

So, does your company know?

Answers

Donald Koscheka's headshot
Donald Koscheka Principal • June 26, 2012

We know what companies manage our data: Quicken, Microsoft and a hosting provider. We actually don't care where our data resides physically as long as it resides in a country, like the US, where intellectual property laws help prevent someone from gratuitously accessing our data.

What we do care about is the controls that are in place for safeguarding our data - we trust Microsoft and Quicken to do a good job here. For us, the convenience of cloud-based data outweighs the security issues for two reasons: (1) cloud vendors generally have greater security controls than we could afford to implement in our company (for example, creating a separate, secure data center) and (2) cloud vendors generally provide better continuity management than we can provide ourselves - they back up our systems daily and can recover systems faster than we can internally.

Wayne Spivak's headshot
Wayne Spivak President & CFO • June 29, 2012

Donald,

I think you missed the point.

The question is not the exact location of the server which holds your Quicken data; it is the fact that your Quicken data is held my the Microsoft Cloud.

Your CRM system is held by XYZ company. That Bob has his own database (although it is Company data) and it's sitting in his Dropbox.

Years ago, all data sat somewhere at the company (it we've all lost or misplaced files, both real or virtual). Today, they can be anywhere and if you don't have a system to track the data, it can and will be lost as well.

Regads,

Wayne

Regis Quirin's headshot
Regis Quirin Director of Finance • June 29, 2012

Wayne is discussing a point which is critical, supported by some of Donald's statements - "we trust," "...generally have greater security controls." Not trying to beat you up. Sorry. Your answers are in line with most Executives.

Depending on your business - your data is sitting in multiple forms, in multiple locations...accessed by multiple individuals.

John Rambart's headshot
John Rambart Manager • July 4, 2012

Donald,

You should be concerned where your data's company resides. Indeed, the storage data in a US company is subject of the Patriot Act. See our article about it : http://bit.ly/L02V6y (Don't worry the link is not an adds)

To resume, all data that belong to an american company is susceptible to be consulted. Even if a U.S. company uses servers abroad, the Patriot Act also applies outside the US since they are considered an extension of the company. This part of the Patriot Act is not well known, but it raised many issues in Europe.

"Microsoft’s managing director in the UK, Gordon Frazer, made that admission in June at the Office 365 launching London. After researching the PATRIOT act, Microsoft found that regardless of where data was stored, it could not ensure that data would not be turned over to the US government as the result of a National Security Letter or other government request, because the company is governed by US law. (from Tech law and policy in the digital age : Microsoft admission)"

Want to join the conversation? Submit an answer or ask a question by emailing us at [email protected]

Submit an answer
Filed Under: Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell