Druva Announces Cloud Data Privacy Framework
Addresses global privacy complexities and challenges for cloud data protection.
This is a Press Release edited by StorageNewsletter.com on February 24, 2015 at 2:56 pmDruva, Inc. unveiled a set of capabilities that together comprise a comprehensive data privacy framework to enable businesses to meet growing global privacy demands.
This framework, built on Druva’s cloud security foundation, addresses often-neglected concerns about corporate and employee data misuse and emerging legal data requirements.
There is an increasing data privacy concern around the globe; Germany, France, Russia, Singapore and others have recently taken steps to ensure the privacy of their citizens’ personal information by adopting data protection regulations. This, combined with existing regulations such as HIPAA and FINRA in the United States has had a sweeping impact on global corporations. These businesses must adapt their IT infrastructure to support the varied regional requirements or face potential sanctions and/or legal repercussions.
Druva centralizes and controls business data residing on employees’ desktops, laptops, tablets and smartphones via integrated endpoint backup, data loss prevention, IT-managed file sharing, and data governance controls. Druva continually mirrors end-user data, which enables rapid data recovery for lost or stolen devices, allows remote user access to any file or folder from any device, and supports eDiscovery, compliance and forensics needs.
The privacy capabilities include geo-defined governance and administration features that ensure data privacy. Druva customers can also delegate storage and data administration rights to regional personnel, enabling global organizations to meet varied regional data privacy requirements within a single cloud solution. This geo-specific capability is critical for global organizations such as those with operations in Germany, whose data protection act mandates stringent employee data regulations, including a ban on storage outside the country.
The features complement Druva’s use of Amazon Web Services, which recently opened its German region and supports data centers worldwide, as the underlying inSync cloud infrastructure. Druva supports over 16 regions, which include Germany, GovCloud, Japan, and Australia.
“Securing data is important, but addressing security without enacting appropriate privacy measures leaves data – and companies — vulnerable. Today, more than ever, global organizations must comply with regional data regulations. Privacy concerns are being forced into IT’s top priorities. Focusing exclusively on security can compromise privacy, exposing organizations to negative publicity as well as possible legal and regulatory action,” said Jaspreet Singh, CEO, Druva. “With 70% of new inSync customers now choosing our cloud deployment option, we have developed a rigorous privacy framework to reduce those risks and support their global needs.“
Druva Privacy Framework
The components of Druva’s data privacy framework are designed to protect organizations from unauthorized data access, thwart misuse of employee data by authorized users, and ensure data integrity regarding legal or compliance initiatives.
Combination of safeguards includes:
-
Regional privacy
-
Global storage locations: Support for 11 global admin selectable regions that are policy-configured to ensure data is stored to meet DPA requirements, including the region in Germany.
-
Data producibility restrictions: Druva’s approach to storing unique block data separated from metadata, along with its unique envelope key encryption model, delivers the highest level of data-scrambling and obfuscation ensuring cloud data privacy – no third party, not even Druva under court order, can provide access to your data.
-
Delegated role-based administrators: Regional end-to-end data management enables global organizations to meet local privacy laws while maintaining a single system of record for corporate governance.
-
-
Corporate privacy
-
Privacy policy for officers: Enables organizations to identify officers who may handle sensitive materials in order to prevent their data from being visible to anyone else in the organization.
-
Audit trails for end-users and administrators: Ensuring that all data access and file sharing activity is tracked with tamper-proof audit logs so that data privacy violations and interference with data integrity can be identified for forensics, regulatory, eDiscovery, and compliance investigations.
-
-
Employee-Based Privacy
-
Individual privacy controls: Depending on regional requirements, end-users can be set private by default or flag their personal data to ensure administrators do not have visibility into their data.
-
Data segregation: With Druva’s mobile device containerization and exclusionary backup controls end-user personal data can be maintained separate from corporate data on both BYOD and COPE devices.
-
-
Scenario-Based Privacy
-
Adaptive administrator roles: Administrative flexibility enables organization to address specific needs around compliance and litigation. For example, an explicitly defined legal administrator can override privacy controls to enforce data governance.
-