Security is the absolute bedrock requirement for any virtual data room (VDR). The information that is placed within a VDR is always of extreme sensitivity to every participant, and it should be protected by the strongest systems possible.
You can have any high-end system with all the bells and whistles in the market but, without security, they might just be intricate sandcastles at low tide – they won’t be around for long.
Each application layer that comprises the technology stack underpinning a VDR must comply with the EU’s General Data Protection Regulation (GDPR), which has been designed to protect the personal data of individuals and the transfer and processing of such data.
Globally recognised quality accreditations also reassure prospective users that the VDR company they engage with complies with international standards on information security such as ISO 27001.
There are many software and hardware components that comprise a secure VDR. Each of these components in itself has to be stable and without flaws that might be exploited by an external threat.
We have all heard of the online threats of websites being maliciously hacked by the unscrupulous to compromise data, operations or to steal information. However, it is less well understood that hardware can also be similarly targeted.
Cyber security policy
One of the best protections for a corporate system that connects to the internet is to have a strong cyber security policy, backed by Cyber Essentials Plus, a UK government-backed certification system that rigorously tests an organisation’s cyber security systems regularly.
This gives a new customer the reassurance that their VDR platform of choice has been checked and is fit for their purposes.
At an application level, a VDR needs to have the following information rights management functionality:
- Preventing or allowing actions related to documents such as downloading, copying, forwarding, editing, printing, or cutting and pasting from them
- Granular document access permissions controlled by a user’s profile and identity
- Time limits on accessing and downloading documents
- Dynamic watermarking to tag a user’s name and contact details to all accessed documents for identification purposes and to discourage unauthorised redistribution
- Access restrictions based on IP address or address range
The flexibility offered by having configurable security protocols means that such a single application can serve multiple customers and use cases, which all require the highest levels of security.
The next topics are also concerned with the cybersecurity a VDR needs to protect itself against attacks from hackers.
Data encryption
The three different encryption methods are symmetric, asymmetric, and hashing, and all of these encrypt/decrypt digital data by taking the source data, scrambling it according to one of the above methods, and then unscrambling it for the end-user in their preferred format
Intrusion detection system (IDS)
These systems ‘listen’ to every byte of data going into a network and can report on anomalies. An Intrusion Protection System does the same but can also actively identify and deal with threats.
Vulnerability scanning
For identifying security weaknesses and flaws in systems, and the software running on them. They rely on pre-defined risk assessment profiles to gauge the security readiness of all devices on the network
Penetration testing
A security test is usually performed by a company authorised to ‘attack’ a corporate network. Testers use the same tools, techniques, and processes as hackers to look for vulnerabilities in your network, ‘attack’ them if found, analyse the results, and report on their impacts on the business.
Ultimate expandability
Another feature of a VDR is that it can be scaled from a few users to a virtually unlimited number of participants. Typical use cases include secure sharing of content and collaboration for audit tenders, M&A deals, and capital markets transactions where the highest levels of security and confidentiality are required.
Sterling Technology
Sterling Technology is the leading European provider of virtual data room solutions for the secure sharing of content, business process automation and collaboration. Its virtual data room platform was used to manage the audit tender process for the world’s largest food and beverage company, spanning 750 entities in 180 countries.
Sterling Technology has the highest levels of document encryption and security standards, including ISO 27001 and Cyber Essentials Plus. For companies considering commencing an audit tender process supported by a VDR, it is highly recommended that at the outset of the planning phase it identifies potential VDR providers and ensures your IT Security team signs off on the individual potential VDR solutions.
For more information on how Sterling Technology can support your audit tender process or to contact us, please visit Sterling Technology.