The new framework, built on Druva’s industry-proven cloud security foundation, addresses often-neglected concerns about corporate and employee data misuse and emerging legal data requirements.
There is a rapidly increasing data privacy concern around the globe; Germany, France, Russia, Singapore and others have recently taken steps to ensure the privacy of their citizens’ personal information by adopting new data protection regulations. This combined with existing regulations such as HIPAA and FINRA in the United States has had a sweeping impact on global corporations. These businesses must now adapt their IT infrastructure to support the varied regional requirements or face potential sanctions and/or legal repercussions.
Druva centralises and controls business data residing on employees’ desktops, laptops, tablets and smartphones via integrated endpoint backup, data loss prevention, IT-managed file sharing, and data governance controls. Druva continually mirrors end-user data, which enables rapid data recovery for lost or stolen devices, allows remote user access to any file or folder from any device, and supports eDiscovery, compliance and forensics needs.
The new privacy capabilities include geo-defined governance and administration features that ensure data privacy. Druva customers can also delegate storage and data administration rights to regional personnel, enabling global organisations to meet varied regional data privacy requirements within a single cloud solution. This geo-specific capability is critical for global organisations such as those with operations in Germany, whose data protection act mandates stringent employee data regulations, including a ban on data storage outside the country.
The new features complement Druva’s use of Amazon Web Services, which recently opened its German region and supports data centres worldwide, as the underlying inSync cloud infrastructure. Druva now supports over 16 regions, which include Germany, GovCloud, Japan, and Australia.
“Securing data is important, but addressing security without enacting appropriate privacy measures leaves data – and companies -- vulnerable. Today, more than ever, global organisations must comply with regional data regulations. Privacy concerns are being forced into IT’s top priorities. Focusing exclusively on security can compromise privacy, exposing organisations to negative publicity as well as possible legal and regulatory action,” said Jaspreet Singh, CEO, Druva. “With 70 per cent of new inSync customers now choosing our cloud deployment option, we have developed a rigorous privacy framework to reduce those risks and support their global needs.”
Druva Privacy Framework
The components of Druva’s data privacy framework are designed to protect organisations from unauthorised data access, thwart misuse of employee data by authorised users, and ensure data integrity regarding legal or compliance initiatives. This unique combination of safeguards includes:
Regional Privacy
Global Storage Locations: Support for 11 global admin selectable regions that are policy-configured to ensure data is stored to meet DPA requirements, including the newest region in Germany.
Data Producibility Restrictions: Druva’s approach to storing unique block data separated from metadata, along with its unique envelope key encryption model, delivers the highest level of data-scrambling and obfuscation ensuring cloud data privacy -- no third party, not even Druva under court order, can provide access to your data.
Delegated Role-Based Administrators: Regional end-to-end data management enables global organisations to meet local privacy laws while maintaining a single system of record for corporate governance.
Corporate Privacy
Privacy policy for officers: Enables organisations to identify officers who may handle sensitive materials in order to prevent their data from being visible to anyone else in the organisation.
Audit trails for end-users and administrators: Ensuring that all data access and file sharing activity is tracked with tamper-proof audit logs so that data privacy violations and interference with data integrity can be identified for forensics, regulatory, eDiscovery, and compliance investigations.
Employee-Based Privacy
Individual privacy controls: Depending on regional requirements, end-users can be set private by default or flag their personal data to ensure administrators do not have visibility into their data.
Data segregation: With Druva’s mobile device containerisation and exclusionary backup controls end-user personal data can be maintained separate from corporate data on both BYOD and COPE devices.
Scenario-Based Privacy
Adaptive Administrator Roles: Administrative flexibility enables organisation to address specific needs around compliance and litigation. For example, an explicitly defined legal administrator can override privacy controls to enforce data governance.