Un-Safe Harbor – Navigating through the Confusion

The recent Safe Harbor ruling shouldn’t come as a surprise to anyone. Those of us following the discussions around Safe Harbor have long recognized that the EU is going in the direction of greater privacy, not less. At the heart of the matter is the fundamental difference between the EU and US approach to protecting privacy information which is making it increasingly difficult for US businesses in Europe to comply with privacy requirements and retain customers. Further, individual countries are now adding their own data privacy legislation. For example, the German government has passed the cyber-security law IT-Sicherheitsgesetz – also known as the IT Security Act (ITSG) – with the intent to create an environment wherein companies are more impervious than vulnerable to attack. In particular, critical infrastructure institutions – those in finance, health, telecom, transportation and public sectors – must strengthen their security measures.

US companies that have complied with Safe Harbor – about 4.500 – now need to find alternative approaches to protecting data as it flows from the EU to the US. But more than that, they need to start thinking about security differently.

For years the common practice has been to focus on securing the perimeter with a defense-in-depth approach to safeguard the network with firewalls, VPNs, endpoint protection products, and more. But we’ve seen time and again that this hasn’t been effective in preventing every attack. High-profile breaches still happen and top executives are paying the price with their jobs. If there was any doubt before, the Safe Harbor ruling reaffirms that security must be a board-level discussion and requires a new enterprise strategy. In this global business environment and age of mobility where employees use multiple corporate issued and personal devices to get their jobs done, securing the asset itself – corporate data – must be the focus.

At Covata we take a data-centric approach to security with transparent encryption that follows the flow of the data, instead of the flow of the network. It protects the data wherever it resides – in the cloud, on a network or as it is shared – and leaves a clear, identifiable audit trail. Complementing other layers of defense, it provides reassurance to all stakeholders that your most valuable assets – corporate data – remain protected for the lifetime of the data.

In addition, because Covata is not based in the US, but rather a public company in Australia, we comply with EU laws and country-specific regulations without being subject to strong requests by the US National Security Agency (NSA) for data. Our European office in London puts us close to our EU customers and able to remain in lock-step with regional data privacy laws, such as those in Germany. Customers deploy our Safe Share solution in an environment they choose, storing all types of files in their own private cloud, on their own servers, or with a public cloud provider. Based on three key pillars, Safe Share secures the data itself so customers don’t have to worry about malicious insiders, external hackers, or employee carelessness.

  1. Key management designates a unique key for each file with on-device encryption.
  2. Identity determines who gets the key, verifying that this person has earned permission to access the data.
  3. Policy imposes authoritative control over the data you’re protecting.

In combination, these three pillars give businesses the control they need over file sharing, and the ability to track file usage and revoke access in real-time.

Safe Harbor played an important function – it will be renegotiated but will take time. Understanding that the trend is for more security, not less, global companies like T-Systems have selected Safe Share to help their enterprise customers leverage the best available security for their data. Not only do they gain the file sharing and storage capabilities their business needs, but can remain compliant with German data privacy laws and are well-positioned for compliance with other legal safeguards as they unfold.

October 27, 2015