wiredFINANCE
RSS

Alan Radding SOFTWARE & SYSTEMS: Blogger Alan Radding supplies the Business Finance community with reporting...more

Sharing Information Online — It’s All About Security

Alan Radding April 7th, 2009

How do you share information with third parties during due diligence? In the past, companies set up a secure physical data room and all the parties came with their cartons of documents. Even today, many ship data CDs via FedEx. Most exchange email with attachments among the various parties. Email attachments are utterly insecure in most cases.


EURIM, the European Information Society Group, published a report some years ago touting online document sharing as the wave of the future, even for confidential information. EURIM’s focus primarily was on government agencies. One of its conclusions: “Advances in computing, particularly in networking and security, are making it possible to reduce identity theft through secure data sharing.”


That might not sound reassuring to CFOs faced with sharing sensitive information during the M&A process, compliance audits, and such. Data theft more than identify theft is their immediate concern. Nobody wants their financials, business strategies, customer lists, unannounced product specs, or anything else compromised.


Accellion, Inc., which provides secure managed file transfer, avoids the dangers of sending email attachments in the clear over the Internet. Its latest survey found customers coming to it because of concerns about security, email attachment size limitations, and frustration over FTP complexities.


However, SaaS and cloud computing are combining to deliver what may yet prove to be a faster, easier, and cheaper solution that can provide near bullet-proof security. These services often are referred to as online collaboration space or online data rooms.


The problem: Online collaboration space is available at many Web sites, ranging from ElephantDrive and 4shared at the low end to IntraLinks and Brainloop at the high end, with dozens more in between. You will have to look closely at what each site offers in terms of features, particularly security. Just having a password-protected log-in is absolutely NOT sufficient security for important sensitive corporate information.


What kind of security should you look for? At a minimum, you want:


• Strong encryption (Advanced AES, 256-bit) for documents, both while they are there and when they are in transit


• Strong authentication (two-token authentication)


• Digital rights management to control documents wherever they end up


• Operator shielding, which prevents the online vendor from accessing the data or the encryption keys


• Traceable audit trails and watermarking of documents


These features represent the acceptable bare minimum. You will have to grill each online vendor thoroughly and press for the details on how each implements security and the level of control you have. In short, you want the vendor to maintain a highly reliable online space while you and only you control what happens to the documents within that space.


Once you have been assured that the online collaborative space is secure and under your control, the advantages of an online data room for due diligence, M&A, and similar activities involving sensitive documents make it a no-brainer. You may never ship data CDs overnight via FedEx or send attachments unencrypted again. ###

Digg Syndication Del.icio.us Syndication Google Syndication MyYahoo Syndication Reddit Syndication

Filed Under: wiredFINANCE

Email This Post Email This Post

2 Comments to “Sharing Information Online — It’s All About Security”

  1. John Cummings Says:

    April 7th, 2009 at 6:04 pm

    Even more so than spreadsheets, it’s amazing how heavily dependent on email companies are for key financial processes. Sensitive data gets mailed around the world in Excel attachments to emails with minimal attention to the security risks. They’re going to have to get a grip on this.

  2. Paula Skokowski Says:

    April 8th, 2009 at 12:24 pm

    You raise a good point regarding the emailing of large file attachments. Email is the #1 choice for sharing files, the only problem is files greater than 10MB are typically too big to be sent via email - a large spreadsheet, or presentation can easily push this size limit, also as you point out where is the security?

    While security of online collaboration spaces for due diligence is important, the issue of file transfer is a broader issue that affects business users everyday. If business users don’t have an easy way to send files securely they will come up with a workaround that is typically unsecure such as shipping info via thumb drives, CDs, using IM or P2P file sharing. None of these methods is secure or traceable. More and more organizations are making it a priority to tackle this bigger issue of secure file transfer and are implementing managed file transfer systems that provide business users with an easy way to send files, that is fast and secure. BTW this solution is not FTP - business users typically throw up their hands with the cumbersome account creation, password management and general unfriendliness of FTP. IT and security also dislike FTP since files sit around for ever on FTP servers, another security concern. Managed file transfer systems, such as Accellion, provide the tracking and reporting necessary for an organization to know who sent what to whom and when and also provide the IT management tools to cleanup the files with automated file deletion and automated account creation. If you are thinking about secure data transfer for due diligence then it would be prudent to think about the broader issue of secure file transfer for the whole organization.

Leave a Comment

You must be logged in to post a comment:
Register Here or Log in Here.

Big Fat Finance Blogs

Recent Posts

Archives

Your Account

Archived Categories

Subscribe

Subscribe to RSS Feed Subscribe to MyYahoo News Feed Subscribe to Bloglines Google Syndication