End point backup specialist Druva has come up with a data protection privacy framework for customers who use its inSync software in the cloud.
Druva CEO Jaspreet Singh said 70 percent of new customers choose a cloud option for deployment. With customers around the world using Druva’s managed clouds, the vendor is taking steps to address geo-specific privacy concerns. Druva-supported regions include Germany, Japan and Australia as well as the United States, and those areas all have different security and regulation rules.
“Our business model has moved to the cloud,” Singh said. “A lot of global customers are concerned about not just security but also privacy. When end users contribute corporate data in a cloud used by multiple people, that requires a lot of understanding about who has access to what.”
Druva’s privacy framework includes support for 11 global regions with policies that ensure data meets local requirements. Druva also stores unique block data separated from metadata with a unique envelope key encryption model to prevent third-party access to corporate data. InSync allows organizations to identify officers who may handle sensitive material, and prevents that data from being visible to others in the organization. It also tracks all data access and file sharing with audit logs. The software also sets adaptive administrator roles, allowing a defined legal administrator to override privacy controls to enforce data governance.
“In the U.S., verticals such as healthcare and federal contractors have different notions of what privacy means,” Singh said. “The European Union has a different take on privacy. It’s all centered around who controls and processes information.”
Another step for privacy and security is that Druva maintains customer data in its private cloud rather than in a public cloud. “We struggle with the perception of the public cloud,” Singh said.