The market for SaaS solution providers is growing, and the demand for flexible and scalable infrastructures is growing. At the same time, the requirements for data protection and security are increasing. Unfortunately, hacker attacks and cyber security incidents are also on the rise, as evidenced by the current BSI State of the Union report.
Many organizations are unaware that their IT solutions may be targeted by cybercriminals or that they are treading on very thin legal ice. So what is important when choosing a communications solution and what role does software hosting play?
Lots of tools and communication solutionsThe solutions used in everyday business in Germany are based on solutions from large US cloud providers. The problem is that there is no legal basis for processing personal data such as the name, surname, location and contact information of the contact person in the US or US companies. The so-called transatlantic transfer of data would only be allowed if the US, as a third country, could demonstrate an adequate level of data protection (Article 44 GDPR) or if a so-called adequacy decision was made (Article 45 GDPR). Both are no longer valid, as the European Court of Justice (ECJ) also announced in 2020. privacy shield agreement invalid.
Businesses need to act urgently
However, it is not only the protection of personal and business-critical data, but also the assurance of organizational operations and communication – especially in crisis and emergency situations. If certain organizational services are running in the cloud of large US corporations, alternatives are needed as a kind of safety net to support critical processes such as internal communications if these cloud structures fail, whether due to force majeure, human error, or targeted attacks. attacks Aim to be digital resilience and sovereignty. Because then all the functionality of software solutions can be guaranteed even in crisis situations or in the event of cyber attacks in your company. In this way, the internal flow of information is never interrupted and the organization remains able to function.
Zero Trust: With mesh and double bottom
Businesses get a security plus when they use Zero trust model integrate additional protection into your IT infrastructure. The premise of the model is that no tool, no platform, no user is safe. That is why every request, every access and every request to the system is checked as if it came from an openly accessible network. Before access is granted, it must be fully authenticated, authorized and encrypted, and the identity and status of the device must be verified. Deep business intelligence (BI) and analytics also detect and prevent anomalies in real time. This makes it much more difficult for cybercriminals to use the communications solution as a gateway.
Checklist: Choosing a Secure Communication Solution
In order to best protect their data and ensure communication even in the event of a crisis, companies must check their existing (as well as any new consideration) communication solution and hosting provider for data protection and security. and ask yourself these questions.
- Does the service provider offer different hosting models for its communication solution (public cloud, private cloud, on-premises)?
- Does public cloud solutions not transfer data to the US or other third countries if there is not an adequate level of data protection?
- Are the software provider and cloud service provider based in the EU?
- Is the communication solution based on fail-safe server infrastructure in ISO 27001 certified data centers?
For privacy and security:
- Can the Zero Trust model be implemented with it?
- Have all requirements of the GDPR and, if applicable, other legal regulations been implemented? This includes, for example
- Documentation and archiving obligations
- no metadata analysis
- Anonymity of personal data
- Multi-factor authentication and much more
- Does the software vendor follow privacy by design and privacy by default?
- Does the service provider guarantee the user full control and data sovereignty?
- Does the communication solution provider provide the right…