Organizations Becoming Wary of EHS Data Security and Legal Exposure from Multi Tenant Shared Environments
Data security has always been a major concern for organizations. Companies spend large sums to make sure that their data cannot be accessed by outside parties. However some organizations are expressing concern that their data may be subject to an unwanted third-party review during legal proceedings – even if that organization is not a target of the lawsuit.
We recently encountered a situation where this came up as a major concern from one of our new clients, a major western electric utility company. During their due diligence evaluation of software systems including ESS, their internal legal counsel was concerned about their data being mixed with other clients in a multi tenant environment and potential risks of exposure. Here’s why:
Software as a Service (SaaS) is a delivery method that is popular among companies that want to purchase an EHS software platform, but prefer to avoid the challenges that come with installation and maintenance. However, some organizations are taking a second look at SaaS environments where data are housed in multi-tenant applications. These are arrangements where customers’ data are stored in a common environment: in other words a SaaS provider stores data in an environment where all client information is located in a single database.
Multi tenant applications are efficient and offer sufficient safeguards against accidental and malicious access, however some organizations have recently been evaluating if multi tenant data storage does expose clients to risks of having their data accessed if another customer that has data in that same environment is targeted in a lawsuit and its data are subpoenaed. In other words if one client’s data goes to court, could all clients’ data goes to court?
While ESS does not make legal interpretations of these kind of questions, we do architect our software to provide maximum data protection and in this particular area, our “zero” security risk influenced their decision to choose an ESS “SaaS” solution over a competitor’s offering.
ESS offers a superior SaaS data storage arrangement that is architected and designed to be more secure than other systems. Our SaaS client data is stored by using “virtual” technologies for one thing, where each customer’s information is stored in a separate and distinct database that is isolated from information that belongs to all other clients. More importantly, in our environment, customers’ data would be completely safe from a subpoena targeting another organization in the situation described by our new utility client in the case above.
Our 820 years of experience developing software allows us to carefully think about customers’ real world concerns when designing our software. This is an example of applying that experience to address clients’ security concerns.
We are not sure what outcome this will ultimately result in as this predicament becomes more widely discussed, I’m sure that we’ll see some quick market adjustments as organizations react to the need to secure their data from this form of risk exposure. Regardless, clients can rest assured that with ESS solutions their data is secure in the safest, surest environment choice.
Tags: cio data security data storage ehs software multi tenant data storage saas single database subpoenaAdd comment April 4th, 2008
