Request a Quote

Savenet Fileshare is a GDPR Compliant File Share System. The General Data Protection Regulation (GDPR) contains a broad set of requirements for processing ‘personal data’ that belongs to EU residents.

Failing to meet the GDPR requirements has severe consequences for companies around the globe. The rapidly growing portion of ‘unstructured data’ kept in files is also subject to the GDPR guidelines. Considering this, companies should re-evaluate their strategy and solution architecture for file services….

The Savenet Fileshare System, (built on the CTERA file services platform) enables customers to consolidate and centrally manage files that were previously scattered throughout the organization — on users’ workstations, laptops, mobile devices and departmental servers.

CTERA’s built-in security capabilities, data protection, access control, logging and auditing help elevate corporate file security to a whole new level.

Using CTERA, data controllers and processors can define and implement privacy and security policies that govern the access and usage of files, including those that contain ‘personal data.’

 

GDPR
ctera Whitepaper cover

Incorporating the CTERA Enterprise File Services Platform into the corporate IT infrastructure is a major step towards meeting the privacy and security rules defined by the GDPR.

CTERA offers an ‘enterprise file services platform’ that enables organizations to centrally store and manage files, and implement data protection services. The CTERA platform can be deployed a number of ways – from a cloud provider like Savenet, entirely on-premises or in a virtual private cloud (VPC) leveraging infrastructure-as-a-service (IaaS).

Using the CTERA platform, organizations can ensure all files that contain personal information are centrally stored and monitored, helping them comply with the GDPR privacy and security rules.

 

General Capabilities

CTERA offers software that can be used by both controllers and processors. Its file services platform brings scattered files under one umbrella, including files that contain personal data. It stores all files under management in centralized object storage repositories. CTERA manages files, whose content is encrypted when stored. It has role-based access control: users are fully authenticated and can only access data for which they are authorized. Stored data is regularly backed-up and can be fully restored in the event of a disaster. CTERA provides defensible deletion capabilities to be able to comply with erasure requests, including a robust audit trail to definitively demonstrate that the information was deleted. The CTERA file services platform features secure RESTful APIs, enabling seamless integration with 3rd party monitoring and security tools.

 

Security and Privacy by Design

The CTERA platform was designed with security and privacy in mind. It offers a broad set of security features to protect sensitive personal data.

To name a few:

  • Authentication: the CTERA platform offers robust user authentication methods, including integration with AD/LDAP services. This prevents any unauthorized access to the central file repository.
  • Data protection: CTERA has built-in data backup/restore capabilities along with fine-grained snapshots. It fully protects against any accidental loss of personal data.
  • Disaster Recovery (DR): with its built-in DR capabilities, CTERA can quickly restore personal data in the event of any system failure or facilities damage.
  • Data encryption: all data handled by CTERA is encrypted at rest (AES-256) and in transit (TLS 1.2). Encryption keys are unique per customer, and fully managed by them.
  • Data privacy: data backed-up on the CTERA platform can be further protected by a passphrase, ensuring that only the person who owns the data can access it.
  • Data location control: customers have full control over their data storage location. No personal data may leave its intended location without proper directives.

Addressing Controller/Processor Responsibilities

  • The Right to be Forgotten: CTERA offers central management of all file data. Since files are stored in a central location, it is possible to identify and erase specific files – on a request basis. Furthermore, CTERA supports the ‘remote wipe’ of files stored on mobile devices, extending the erasure capabilities to such devices.
  • Record keeping: CTERA maintains a detailed audit trail of all file related operations. The generated log files hold a record of all file processing activities.
  • Pseudonymization and encryption: all files stored and managed by CTERA are encrypted – both at rest and in transit. Encryption keys are under full customer control.
  • Security and Resilience: the CTERA platform was designed with security and high-availability in mind. The data itself is fully protected, and access to it is under strict control.
  • Disaster recovery: CTERA has built-in DR capabilities that help restore normal operation and access to personal data in the event of a system failure or facility damages.
  • Testing and monitoring: CTERA uses security-centric development process for its software. It performs regular penetration-testing to ensure system security.
  • Breach notification: CTERA log files and audit trails can be queried in the event of a breach detection, and provide information about unauthorized data access. Furthermore, built-in data loss prevention (DLP) capabilities and integration with 3rd party tools help prevent leakage of personal data to unauthorized parties.
Powered by Blue Neptune