Giving companies a Safe Harbor alternative
With all the emphasis on Safe Harbor and data protection, Guis was happy to talk about how this solution fitted in with how Egnyte was already working. Guis told us: “Even before Europe ruled on Safe Harbor we knew customers had vertical industry regulation that controls what content should not be in the cloud. We allow data in the cloud if it is safe to store it there and if it is not customers need to store it locally. Customers also have the option to store some data in the cloud and keep some on-premises.”
The issue of where to store data is also something that Guis told us Egnyte has been dealing with for some time. She said: “Customers told us that they wanted to keep data in Europe so we opened a data centre in Europe. It is for European customers only and is based in Amsterdam. As a result we have to abide by EU laws and this means that we were not impacted by Safe Harbor as we already had a solution in place.”
What is interesting is that Egnyte is willing to restrict access to the European data centre to European companies. This is a very different model from most cloud companies providing data storage capabilities where they allow a customer to store data in any of their data centres.
Encryption is also a key element
Guis was keen to point out that despite where the customer stored their data, Egnyte could not access it. She said: “All data is encrypted by the customer who keeps the keys to the encryption in their control. They have full control over that and we have no access to the keys.”
This is an important issue. The case of Microsoft vs US Government is still unsolved with Microsoft being found in contempt of court for not handing over data stored in its Dublin data centre. The case is due to go back to court again shortly.
Using Egnyte’s approach handing over the data would not necessarily give the US Government access to the data. It would still need the encryption keys to be able to read the data and the issue then becomes one of the US Government forcing the data owner to hand over the keys rather than a focus on where the data is stored.
It’s interesting to see that some companies are already out ahead of the Safe Harbor debate both from a process and a technology standpoint. Guis is clear that Egnyte has been putting its own protection in place for customers and believes that the ability to track the lifecycle of the data is essential for data protection and meeting compliance requirements.
One challenge for some companies will be how to deal with user backlash once they start tracking data and applying data controls. There is always a risk that they will turn to insecure cloud services to get around the problem. From an IT departments perspective, at least this latest solution from Egnyte provides some tools for IT to show it is trying to solve the problem.