Data Protection Service Provider

 

Data Protection is a robust, multi-layered approach that will maintain your day-to-day operations and prevent downtime. It protects your data from all threats – system disasters, natural disasters, human error, malicious activity and security breaches. Ancero’s data protection planning will assess your IT needs, beginning with a high-level design phase to determine your continuity objectives. We design and implement complete protection and recovery plans for any sized business, efficiently and cost effectively, with virtualization, security, storage and data center solutions. We understand that data facilitates your business. That’s why we have carefully selected industry-leading vendors with cutting edge technologies to ensure the security of your data.

XconnectDC solutions for service providers enable rapid, simple, low-cost deployment of data protection as a service.

With solutions built on the foundation of a service-oriented infrastructure, XconnectDC has teamed with industry leaders to provide turnkey solutions that allow service providers to deliver data protection as a service. Designed for service providers, these built-on-XconnectDC solutions reduce the cost and complexity of delivering new services.

Get to revenue fast by leveraging our experience providing cloud-based data protection architectures. Our scalable and efficient infrastructure models enable rapid deployment of new data protection services, subtracting months—or more—from your market delivery times.

XconnectDC solutions for service providers enable rapid deployment of differentiated services, with predictable cost and service levels, through a collaborative model designed for mutual success. We don’t sell our own cloud services or compete with you. Instead, we help you build your cloud service business.

Data security

On data security, processors as well as controllers would have to provide a security level ‘appropriate’ to the processing’s risks. This means that processors would need to conduct risk assessments for each customer and intended processing activity. Varying standards of data security for different types of processing are envisaged, but there would be practical difficulties for some data processors to implement this.

In an infrastructure cloud context, where providers offer commoditised mixed-use IT resources for customers’ self-service usage, there must be a question mark over the feasibility of providers customising their security measures for different customers. In reality, providers might simply apply the stiffest data security measures to cater for the riskiest processing activities, but this is likely to push up the cost of cloud services for all customers.

Processors could also find themselves having to implement data security measures for processing activities governed, for the purposes of the new Regulation, by no data controller. This might include where the processing of personal data falls under the household exemption.

For example, a consumer webmail or photo-sharing service, even if the service is itself not a data controller, would be subject to the processor obligations, including on security, under the new Regulation. This raises the prospect of processors being held liable to pay compensation for damage resulting from a data breach that stems from consumers using weak passwords or succumbing to phishing attacks and where the fault for that breach does not lie with the processor. Under the proposed Regulation, as drafted, the onus would be on the processor to prove that it was not responsible for the ‘event’ giving rise to the damage. For example, a consumer could upload files to a cloud storage service where the files contain personal data regarding other people, who might then attempt to sue the cloud provider if the files are breached, whoever caused the breach, thus multiplying the processor’s potential exposure.

Similarly, even if a breach was the data controller’s fault, those affected might choose to sue any processor ‘involved’ in the processing if it is perceived as having ‘deeper pockets’, leaving it to try to claim back from the data controller.