Hacker News new | past | comments | ask | show | jobs | submit login

That is the theory - only in my experience the reality is quite different. Employees do not bother to classify incoming emails as confidential or internal. So everything gets sent to the cloud.

Also, having servers in the EU helps to fulfill some regulations, it certainly cannot prevent that your customer data gets exposed.




You are missing the point. Sensitive customer data never touch e-mail, period. So there is nothing to "send to the cloud".

That's a matter of organizing the work and training your staff, along with appropriate technical measures where required. Not some hypothetical theory or matter of whether someone bothers to classify something or not.

If it is confidential to the degree that it cannot leave company premises then e-mail is automatically taboo and the file never gets transferred anywhere by mail (or any sort of cloud service).

Moreover, access is controlled and only the people who need it get it - along with a strictly worded information that it is under such and such NDA and must not leave the premises or be shared/uploaded outside of the company.

If the company you work for doesn't do it like this, then they either don't deal with so sensitive materials or they don't care - and then they will end up in court or bankrupt (or both) sooner than later.

Having servers in the EU is not about "not getting data exposed" or only a matter of some sort of regulatory compliance (even though that is important too - e.g. whenever GDPR is involved). Without that minimal guarantee that e.g. NSA or Boeing or Ford or some other major US competitor of some of our customers won't get to see their information (happened before, industrial espionage at a state level is a thing) they wouldn't even talk to us about sharing data with us. On top of that data is obviously encrypted too.

Data/IP protection is a process, there is no single magic thing that you do and are set. Leaks, whether intentional or not can and will happen - e.g. it is difficult to 100% prevent a disgruntled employee from walking out of the door with some sensitive files on a USB stick or a phone even if you institute a completely draconian regime at the workplace (which is counterproductive).

It is about having a process in place to mitigate against and minimize both such occurrences and their impact.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: