Savenet Fileshare is a GDPR Compliant File Share System. The General Data Protection Regulation (GDPR) contains a broad set of requirements for processing ‘personal data’ that belongs to EU residents.
Failing to meet the GDPR requirements has severe consequences for companies around the globe. The rapidly growing portion of ‘unstructured data’ kept in ﬁles is also subject to the GDPR guidelines. Considering this, companies should re-evaluate their strategy and solution architecture for ﬁle services….
The Savenet Fileshare System, (built on the CTERA ﬁle services platform) enables customers to consolidate and centrally manage ﬁles that were previously scattered throughout the organization — on users’ workstations, laptops, mobile devices and departmental servers.
CTERA’s built-in security capabilities, data protection, access control, logging and auditing help elevate corporate ﬁle security to a whole new level.
Using CTERA, data controllers and processors can deﬁne and implement privacy and security policies that govern the access and usage of ﬁles, including those that contain ‘personal data.’
Incorporating the CTERA Enterprise File Services Platform into the corporate IT infrastructure is a major step towards meeting the privacy and security rules deﬁned by the GDPR.
CTERA offers an ‘enterprise ﬁle services platform’ that enables organizations to centrally store and manage ﬁles, and implement data protection services. The CTERA platform can be deployed a number of ways – from a cloud provider like Savenet, entirely on-premises or in a virtual private cloud (VPC) leveraging infrastructure-as-a-service (IaaS).
Using the CTERA platform, organizations can ensure all ﬁles that contain personal information are centrally stored and monitored, helping them comply with the GDPR privacy and security rules.
CTERA offers software that can be used by both controllers and processors. Its ﬁle services platform brings scattered ﬁles under one umbrella, including ﬁles that contain personal data. It stores all ﬁles under management in centralized object storage repositories. CTERA manages ﬁles, whose content is encrypted when stored. It has role-based access control: users are fully authenticated and can only access data for which they are authorized. Stored data is regularly backed-up and can be fully restored in the event of a disaster. CTERA provides defensible deletion capabilities to be able to comply with erasure requests, including a robust audit trail to deﬁnitively demonstrate that the information was deleted. The CTERA ﬁle services platform features secure RESTful APIs, enabling seamless integration with 3rd party monitoring and security tools.
Security and Privacy by Design
The CTERA platform was designed with security and privacy in mind. It offers a broad set of security features to protect sensitive personal data.
To name a few:
- Authentication: the CTERA platform offers robust user authentication methods, including integration with AD/LDAP services. This prevents any unauthorized access to the central ﬁle repository.
- Data protection: CTERA has built-in data backup/restore capabilities along with ﬁne-grained snapshots. It fully protects against any accidental loss of personal data.
- Disaster Recovery (DR): with its built-in DR capabilities, CTERA can quickly restore personal data in the event of any system failure or facilities damage.
- Data encryption: all data handled by CTERA is encrypted at rest (AES-256) and in transit (TLS 1.2). Encryption keys are unique per customer, and fully managed by them.
- Data privacy: data backed-up on the CTERA platform can be further protected by a passphrase, ensuring that only the person who owns the data can access it.
- Data location control: customers have full control over their data storage location. No personal data may leave its intended location without proper directives.
Addressing Controller/Processor Responsibilities
- The Right to be Forgotten: CTERA offers central management of all ﬁle data. Since ﬁles are stored in a central location, it is possible to identify and erase speciﬁc ﬁles – on a request basis. Furthermore, CTERA supports the ‘remote wipe’ of ﬁles stored on mobile devices, extending the erasure capabilities to such devices.
- Record keeping: CTERA maintains a detailed audit trail of all ﬁle related operations. The generated log ﬁles hold a record of all ﬁle processing activities.
- Pseudonymization and encryption: all ﬁles stored and managed by CTERA are encrypted – both at rest and in transit. Encryption keys are under full customer control.
- Security and Resilience: the CTERA platform was designed with security and high-availability in mind. The data itself is fully protected, and access to it is under strict control.
- Disaster recovery: CTERA has built-in DR capabilities that help restore normal operation and access to personal data in the event of a system failure or facility damages.
- Testing and monitoring: CTERA uses security-centric development process for its software. It performs regular penetration-testing to ensure system security.
- Breach notiﬁcation: CTERA log ﬁles and audit trails can be queried in the event of a breach detection, and provide information about unauthorized data access. Furthermore, built-in data loss prevention (DLP) capabilities and integration with 3rd party tools help prevent leakage of personal data to unauthorized parties.