For related articles, visit Internet.com's new Cloud Computing site.
Many small businesses, like medical and dental offices or small financial services firms, have the same regulatory responsibilities as hospitals and banks but without the budget or the staff to make sure that they're in compliance with all the rules and regulations.
And those small businesses often don't even have a regular IT person except on an on-call basis to a local outsource provider who comes in when needed. Even if the small business has an IT person, worrying about regulatory compliance can still be a full-time job.
Just the sound of regulatory acronyms is intimidating -- GLBA, SOX, HIPAA, PCI DSS, and others -- and for good reason. Just as a refresher, the acronyms translate into the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Payment Card Industry Data Security Standards. There are others.
Businesses large and small are trusted with tons of important and confidential information about customers, employees, patients or students. While only the scandals about massive data losses typically make it into the public eye, such a loss can put serious hurt on a small business just as it can on a large one -- even kill it outright via fines, sanctions or bad customer word-of-mouth.
That's why many small businesses need a "data loss prevention" (DLP) system -- one that's also affordable and simple to maintain.
Storming the Palisades
Palisade Systems thinks it has a viable DLP solution for many small businesses -- compliance monitoring as a service provided via a cloud computing model.
Palisade Systems just began offering the service, which it calls ComplianceSafe.
At its core, it's a computing "appliance" running in the company's datacenter that watches every packet, email and file that crosses the network, on the lookout for anything that could be private or should be protected, and making sure that content is filtered and kept from leaving the company's network.
ComplianceSafe runs as a software as a service (SaaS) application, like Facebook or Web-based email, and protects small businesses against inadvertent disclosure of private or sensitive data that can occur through outbound email data leaks, according to a Palisade statement.
"ComplianceSafe ... delivers a SaaS solution that makes meeting regulatory requirements as easy as managing a Facebook account," Christian Renaud, Palisade's CEO, told Small Business Computing.
Palisade has been selling its appliances to larger small and midsized business customers for several years. But the cost of the appliance -- called PacketSure -- and the need to have someone around to tend to it, have kept them out of reach of many small businesses.
"ComplianceSafe controls the flow of confidential information in outbound email messages ... and regulates information flowing outward such as: social security numbers, credit card numbers, patient health records, financial information, proprietary business knowledge, and other data that should be kept confidential," Palisade's statement continued.
ComplianceSafe at Your Service
"It's cost-effective and it takes about ten minutes to set up," Ben Milne, CEO of Dwolla, a small financial services firm, told Small Business Computing, in describing his company's experiences with ComplianceSafe.
Dwolla is a peer-to-peer payment platform that lets you exchange money quickly, safely, at a lower cost, according to statements on the company's site.
"We don't want any personal information, like credit cards [to leak out]," Milne said. "[With ComplianceSafe] we have QC and QA in place to grab something out of an email, strip it out, and report it," he added. Dwolla has between five and ten employees.
ComplianceSafe starts at $10 per user per month with a minimum of $50 for businesses with five or fewer users, and ranges up to 100 users at $7 per user per month and a minimum of $700. "With ComplianceSafe, we can filter thousands of transactions a month for very little," Miln said.
But what about the ease of use?
To make the set-up easy from the customer's side, the administrator's console consists of four simplified drop-down menus. "The idea is to [eliminate] the complexity of DLP," Renaud said. "They don't have the technical expertise or the time in a small business."
And for those who think a compliance system mostly guards against persons with bad intent -- a disgruntled employee, for instance -- the opposite is true. Most data leaks are accidental and not malicious, said one analyst.
"Most [people who leak information] are well intentioned individuals," Peter Christy, principal analyst at the Internet Research Group, told Small Business Computing. "The person made the mistake because he or she didn't understand."
"Here's a way to get your email filtered, and you don't need to learn a lot to set it up," Christy said. "Doing it in the cloud is a great solution. You just plug it into your email flow.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|