To reliably protect sensitive data in content collaboration, companies need a comprehensive strategy – and the right technical support. ownCloud explains what is important.
The digital working world is hardly imaginable without content collaboration. However, when working together on documents, companies are subject to numerous regulatory requirements. The GDPR obliges them to protect personal information and the upcoming NIS-2 directive imposes strict data security requirements on operators of critical infrastructures. In addition, companies must adhere to agreements with customers, partners and suppliers on the confidential handling of sensitive data.
To meet these requirements, companies should develop a comprehensive data strategy and derive guidelines for the management and protection of data along the complete lifecycle. Their content collaboration platform should then efficiently support the technical implementation of these policies. To do this, it must meet some key requirements. Content collaboration specialist ownCloud explains what matters:
1. control of access rights. Which users are allowed to access which files? The platform should make it possible to automatically classify documents based on company policies and assign them the appropriate release settings. In doing so, it should also take into account the further development of the documents. A file that is not critical when it is created can become relevant to the GDPR in the course of the collaboration because an employee adds personal information.
2. enrichment with metadata. In content collaboration, users mostly edit files with unstructured data. In order for such files to be analysable and thus automatically classifiable, they need metadata. The platform should therefore offer as many ways as possible to enrich files with metadata: from derivation from the file itself, to automatic generation using image recognition, OCR or AI, to manual assignment.
3. retention management. Many files are subject to retention requirements. Some may not be stored at all, others must be deleted as soon as their processing purpose ceases to apply, while still others must be retained for decades. Organisations should have lifecycle management in place to ensure compliance with all retention and deletion obligations.
4. control of storage locations. When employees store files locally on their end devices, companies can no longer supervise them. Most of the time this is not a problem, but with sensitive files it is a risk. Therefore, companies should be able to control and, if necessary, prevent local storage. In the case of particularly sensitive documents, it may even be necessary to ensure that they never leave the server and that only watermarked images of them are streamed to users’ browsers.
5. file recovery. A content collaboration platform can be a powerful tool to defend against ransomware attacks – if its versioning allows any file to be restored to any point in time. Companies can then restore files to the state they were in immediately before the ransomware encrypted them.
“In addition to technical features, companies should also pay attention to the future viability of the platform,” explains Holger Dyroff, co-founder and COO of ownCloud. “For example, Microsoft will soon discontinue support for the on-premises version of SharePoint and only offer the content collaboration tool from the public cloud. It will then no longer be able to adequately support many strategies for protecting sensitive data. If companies opt for a solution that gives them a free choice of operating model, they keep all options open for the future.”
Holger Dyroff, Co-Founder and COO of ownCloud (Source: ownCloud)
