4. Security – data is more valuable than money.
What data are we talking about?
"It’s just advertising." You hear that sentence a lot, only it’s not so. A DAM system is the perfect place for the central permission-controlled management of your marketing strategy, campaigns for new products, technical documentation, internal presentations and training materials, photos and documents for tenders and much more. When a DAM system is well integrated, then it is often connected to the ERP system, a PIM (product information management system), an online shop and many other internal systems. The data from all these systems is on your own servers today – would you store that data on servers that your IT department has not secured by every trick in the book? Would you store that data in a cloud? Then you should look closely, since otherwise your DAM system is the perfect place for your competitors to discover your trade secrets.
Industrial espionage is nothing new, it is just easier today than ever before. Likewise what is not new is that the dividing line between the classical activity of an intelligence service and targeted industrial espionage on behalf of interested companies is a fine one. That has always been so, only today it is possible to automatically tap, analyse and exploit interesting data on an unprecedented scale, and that by far more than just one party.
You do not know how many people are accessing your data and you are not aware of it either.
Every byte that you store on data storage devices outside your company is de facto fair game. Data protection in many countries is very lax. The main threat comes from governmental stakeholders that your intelligence service uses not only to hunt down criminals and terrorists, but also for industrial espionage. When you use cloud-based services such as Dropbox (USA) or Wetransfer (The Netherlands), or when you use one of the services based on Amazon Webservice, Microsoft Azure or Google, then you are dealing with US companies for whom the PATRIOT Act applies. Then you cannot assume that your data is secure and encrypted only on servers in your country with the applicable legislation in your country:
The provisions of the PATRIOT Act allow US government agencies such as the FBI, the NSA or the CIA not only access without a court order to the servers of US companies. Foreign subsidiaries are also required by US law to grant access to their servers, even if local laws prohibit it.
The "Safe Harbor Privacy Principles", with which the use of such systems was virtually legalized, were declared invalid by the European Court of Justice (ECJ); whether the follow-up agreement, the "EU-US Privacy Shield", will come into effect is unclear – either way, it is legal thin ice where no one knows whether or not they are committing a breach of data protection acts in your country.
What is by now well documented in the USA applies even more in countries where data protection, human rights and freedom of speech have no meaning.
We feel that you might as well just publish the images of your prototypes on Facebook or send design drawings by email to competitors overseas.
The surprising thing, however, is that the DAM systems of quite a few companies are hosted completely by some of our competitors on such cloud systems, including the connection to the customer’s ERP and shop system. You could call this a worst-case scenario.
From this we have drawn the only possible conclusions:
- We will be happy to install the system on your premises and help you to secure it.
- If we host your system, then it is exclusively on our own servers in a high security data center, on our own data storage devices here locally. We do not use any external cloud storage. The connection between your network and ours is always encrypted.