Platforms that were once physical in nature – such as data rooms – are increasingly becoming digitized. The cloud has opened up new frontiers for data storage: It offers large amounts of storage, collaborative file sharing, and easy access to records at a low cost. On top of all that, the documents are not susceptible to damage as a result of natural disasters, including floods and fire. Consequently, it comes as no surprise that cloud storage may appear a tempting option for a virtual data room.
However, when considering cloud storage, recent high profile cyber-attacks ought to raise a red flag. For example, in August of last year, The Telegraph revealed that hackers stole nearly seventy million passwords from a cloud storage and file sharing platform. The provider confirmed the hackers pilfered the credentials four years prior and circulated the information online. More recently, ZDnet claimed that hackers demanded a provider for a popular cloud storage platform pay a ransom in bitcoin. The hackers allegedly asserted that if the provider did not comply, millions of its customers’ devices would be erased remotely.
While cloud storage might be appropriate for the individual user, it should be used with caution in the business context where sensitive information is at stake. Threats associated with cloud computing include data breaches and data loss, hijacking, and malicious and careless insiders. The Institute of Mergers, Acquisitions and Alliances (the Institute) discussed further disadvantages connected to virtual data rooms. Of utmost concern was, again, security – and the risk is only heightened when the information is stored in the cloud. Because more people have access to confidential information stored in virtual data rooms than to information stored in physical data rooms, the risk of confidentiality abuse and misuse of confidential information is multiplied.
Despite the risk, cloud storage should not be dismissed as an option. The Institute also canvassed the advantages. For example, while cloud platforms differ from provider to provider, many offer text recognition functionalities, allowing users to search specific words and phrases throughout the entire data room. Further, features often allow administrators to restrict the viewing, printing, or downloading of certain documents. In order to benefit from cloud storage’s advantages – and mitigate against its risks – it is important to select a provider that offers the following features:
- Features that track who is accessing files and what they are doing with them;
- Document encryption;
- Two-factor authentication, rather than a single password; and
- Antivirus software.
Users should also prohibit the sharing of credentials and keep systems up to date. It is crucial to develop an internal security policy, including a thorough incident response plan.
The author would like to thank Elana Friedman, Summer Student, for her assistance in preparing this legal update.
Stay informed on M&A developments and subscribe to our blog today.