Data Rooms: Protection against Industrial Spying
Munich, July 9, 2014. Historically, the term „data room“ (1) comes from its purpose with regard to due diligence audits for mergers and acquisitions. Originally, during an M&A, companies created actual, tightly secured rooms on neutral grounds, e.g., on a law firm’s premises, so both parties could benefit from an undisturbed environment and access important files confidentially. Today, virtual rooms have become the norm and are located, along with all the respective content to be audited, in a cloud, i.e., on a server in a data center. Virtual data rooms are also becoming more and more popular among other project fields besides mergers & acquisitions. The steady decline in expenses incurred by cloud services has aroused small and medium-sized businesses’ interest, as well. Hence, with its service IDGARD, Uniscon, a company providing Sealed Cloud infrastructure, offers, with immediate effect, comprehensive, overall data room protection with a detailed journal.
On the one hand, when setting up a data room, it is imperative to adhere to the respective data privacy concerns the participants’ economic interests entail. On the other hand, data room induced process efficiency should also prevail. This was recently substantiated by the nearly called off sale of Telekom Austria to the Mexican billionaire Carlos Slim. (2)
One of the lessons learned from the scandal was that data security is a must, not only regarding the mere content of a data room but also for its metadata, i.e., who did what when and how long with each single file in a data room; in other words, comprehensive transparency of data room usage. Accordingly, virtual data rooms necessitate a journal documenting all procedures within a data room:
- who is authorized to read files,
- who has access when and how long to named files,
- what files are being accessed and
- what is being done with them.
With the journal, one can trace, in the event of abuse of confidential data, what has occurred in the data room.
However, the provider of a virtual data room, e.g. of a data center, can normally access data that is stored in a data room, even if not at all involved in the project. This can be very risky for important projects, in particular, since the data room is not controlled completely by the owner of the data. For this reason, large corporations tend to create own data room systems. Yet mid-sized businesses cannot afford them, even if they also have to share essential, confidential files with others, where a lot is at stake, as well. However, when small and mid-sized businesses buy or rent “cloud data room” services, they have to rely on the services’ mere discretion and assertions.
For this reason, Sealed Cloud (3) technology, which is government-funded by Germany’s Federal Ministry for Economic Affairs and Energy, offers a cloud infrastructure that excludes all access to client data, including provider access, via merely technical measures. Sealed Cloud is applied by public bodies and authorities, small and medium-sized businesses, and large corporations alike. In addition to this, per Sealed Cloud technology, Uniscon now offers data rooms whose value for money is also attractive for small and mid-sized companies yet whose level of security and transparency is nonetheless consistent with that of a mega-merger, as should have been the case with Telekom Austria. (5) Should anyone try to access the Sealed Cloud data room’s server rack, the hardware immediately recognizes the attempt, shuts down the respective server instantly, and deletes all the data stored there. All data is previously stored in the Uniscon data center in encrypted form yet the provider cannot access the users’ keys. (6) Sealed Cloud is improved continuously by a consortium consisting, besides Uniscon, of the Fraunhofer AISEC Institute and the company SecureNet. Germany’s Ministry for Economic Affairs and Energy “BMWi” funds the patented Sealed Cloud technology.
Patent Attorney Berthold Bettenhausen already uses IDGARD and Uniscon’s virtual data room. Bettenhausen is a founding partner of the law firm Dehmel & Bettenhausen Patent- und Rechtsanwälte (7), one of Germany’s leading patent law firms in pharmaceutics and biotech engineering. He describes his experience with IDGARD as follows: „The most important thing for us, besides the technical performance in the background, is that our clients approve the professionalism of the solution we apply.” Bettenhausen hereby refers to the IDGARD user interface, whose data rooms can be accessed, without additional software, through any web browser but also via Outlook or any common smartphone or tablet.
About Uniscon GmbH
Uniscon develops technical solutions for secure and convenient online business communication. The service IDGARD for Businesses is based on worldwide patented Sealed Cloud technology. Data is stored in a cloud in a manner that not even the service provider can access client data. Hence, business data remains exclusively in the possession of its owner. Sealed Cloud technology is improved continuously by a Uniscon led consortium within the framework of Trusted Cloud, an initiative funded by Germany’s Federal Ministry for Economic Affairs and Energy and enjoying development for application in other fields of German industry. For further details, see www.uniscon.de, www.sealedcloud.de and www.idgard.de.
Uniscon GmbH / Claudia Seidl