Ease of use, fast data exchange, access from anywhere: cloud storage is becoming increasingly popular. Most prominent providers now also have business versions of their services in their range, which medium-sized companies have to pay attention to when saving in the data cloud. Whether Dropbox or Google Drive: cloud storage is becoming more and more popular.
Private users can, for example, quickly, easily, and inexpensively share photos with friends, save files and synchronize documents. But these services are also helpful for companies: employees can conveniently work together on documents and files stored there, exchange them quickly and easily, synchronize them on different end devices and access them from anywhere – including mobile.
Pay Attention To Data Protection And Data Security
Choosing the proper cloud storage is not just about costs, functionality, and scalability. Depending on the relevance of the data to be processed, the security of cloud storage is critical. When it comes to customer or personal data.
Play It Safe With Provider
The headquarters of the provider is essential for compliance with data protection. The large, popular US service providers also offer services specifically for companies. But the providers of Amazon S3, Google Drive for Work, and Microsoft OneDrive for Business or Dropbox Business and Box Business are also hosted in the Amazon cloud.
Therefore, even after the agreement “Privacy Shield” came into force, personal data stored there has replaced the controversial “Safe Harbor” agreement – not always safe from access by authorities. Companies may therefore violate the strict data protection requirements when they use these services. According to the Federal Data Protection Act, companies must guarantee “an adequate level of data protection” ( Section 4b BDSG ).
If you want to be on the safe side, you should choose a provider who saves the data. Providers with headquarters and data centers are, for example, DriveOnWeb Business, Strato HiDrive, or YourSecureCloud. Similarly, strict data protection regulations are applicable in Switzerland as in this country. For example, cloud storage services providers from Switzerland with a range of functions similar to Dropbox are SecureSafe Business Tresorit.
The “Zero-Knowledge” Principle
In addition, only the company should have the key. However, in terms of using many cloud offers, the provider is granted access to the key and thus insight into the data. This is precisely what whistleblower Edward Snowden once criticized at Dropbox and called for “zero-knowledge” encryption, in which the service provider does not know the user’s password. The Swiss provider Tresorit, for example, works according to this principle, which vividly compares “Zero-Knowledge” with a hotel in which every guest secures their room with their lock.
Data security through end-to-end encryption
In addition, when choosing their cloud storage provider, companies should pay attention to automatic end-to-end encryption: Only if personal data is already encrypted on the customer computer and remains encrypted during transmission and on the cloud server – i.e., only again at the recipient are converted into plain text – data security is guaranteed.
Double Protection With Two-Factor Authentication
In addition, users should permanently activate two-factor authentication if the service offers this option. This two-stage check is intended to identify the user if he wants to log into the cloud storage from another device. To do this, you enter, for example, a mobile number to which the provider sends a code when registering.
This sequence of numbers must then also be entered when logging in to access the memory. In addition, the administrator in the company should have control over all access authorizations and be able to prove access at any time. Dropbox, for example, has added team folders to its business version for this purpose, via which the admin can manage user access and grant users individual access rights.