Security Compliance Is Coming To Get You

Laws governing how you protect and store information within your company are about to change. These laws will touch every company or organisation especially those whose revenues exceed 3 Million dollars per annum. They will be a lot more onerous than they have been in the past and most organisations aren’t ready for the change.

Different organisations will need to adhere to different levels of compliance, but in general terms, if your database is hacked you may be liable for the breach (Criminal and Civil). Laws of this nature are not new for countries like the USA and EU, however, these new expectation levels are new to Australia. For more information visit here.

When we hear about major security breaches in the media, they are high profile leaks that have far reaching and damaging ramifications. There is a sense that a major data breach is something that happens only to major corporations. It’s important to remember that this is not a thing that happens to other people. This is something very real and very important to be across.

What We’re Doing About Information Protection

At Laminar we are often in control of sensitive information in order to get our jobs done, so it’s been an important issue for us as a company to protect client confidential information. Its also good to involve our clients in the sharing of this information and also demonstrate a solution at the same time. We’re using a product called ArkPx to manage our information storage and security. Its a relatively new Australian product already used by Government and private organisations around the world.

This is how it works. Arkpx allows you to store all your information in the cloud (or any file store you nominate) fully encrypted. The keys to the encryption is controlled by you and people you trust and no other third party. Everyone you nominate has their own unique key and they create the key themselves. Once this is done you then invite those people to share your information. The benefit is that the sharing can scale from 2 to 50,000 people or more.

When using most online storage providers the providers have the encryption keys for the information stored on their servers. If those keys are ever compromised then so is your information. This cannot happen with the ArkPx system.

Access of documents, intellectual property, movies, sound recordings and any other data is tracked so that if any negative use of the data is made you’ll know exactly who did it. A full audit trail is available.

The system can work a little like Dropbox if you want, as it can optionally provide a virtual drive on laptops and most compute platforms. In this mode documents can be stored and controlled on remote devices just like it can be within the cloud. The documents can also be securely transported without the use of firewall infrastructure.

Examples:

If you are an accountant or financial services provider you can securely share information amongst your colleagues within a firm but also allow clients to upload/download information to their store via your web page and without seeing other clients.

A lawyer is conducting a sale of my company that turns over millions of dollars and we’re entering the disclosure phase. Normally documents would be placed in a locked room with a guard out front regulating who and when can see the documents. Using ArkPx we can conduct a virtual version of this so that the sensitive documents are maintained within the virtually locked area and then the owner of the documents can shut it down upon completion of the transaction and all access is then permanently locked.

We would be happy for you to participate in the information sharing about your site and also show you how the ArkPx system works. Please contact us on 07 3177 0899 for a chat about how we can help you.

Category : Cyber Security
- By Alan Kepper