VIRTUAL DATA ROOM 101
Virtual Data Room FAQs
New to Virtual Data Rooms? No problem. These FAQs will get you up to speed.
What is a Data Room?
What is a virtual data room?
Why are VDRs used in M&A deals?
During the M&A process, companies often share highly sensitive information, including trade secrets and intellectual property. Mergers and acquisitions are highly sensitive transactions that demand the utmost in secrecy. M&A deal leaks regarding even potential negotiations can impact a sale price or just kill a deal altogether. Virtual data rooms are more secure than physical data rooms and are built with inherit security features, such as encryption and granular permissions controls, at the file level to safeguard each document throughout its lifecycle to ensure no sensitive information is exposed.
What is Due Diligence?
What is the difference between virtual data rooms and other "secure" file sharing platforms?
Aren't all virtual data room providers the same?
What should I look for when choosing a VDR?
VDRs: Everything You Need to Know
Virtual Data Room Security Documentation
Learn about SmartRoom’s Next-Gen virtual data room security features and encryption
Virtual Data Room Security
But what is multi-layered security? And how does it protect your data?
Multi-layered security is pretty much like it sounds. It’s multiple levels of protection so that if one barrier is breached, there are more behind it to stop people from getting access to your information. Think of it like this. If you live in an apartment building, there’s probably security door you have to pass through on the way in. Then there might be a doorman or a keycard for the elevator. Then your door has a deadbolt as well as another lock on the doorknob. And finally, you might even have an alarm or a smart home device, like a motion-activated camera. If at any point, a person doesn’t have a key, they’re stopped in their tracks. And with the alarm or the video camera, the system will immediately issue an alert should there be a break in. All these steps are designed to protect your valuables and deter villains from attacking your home. A multi-layered security system is a digital version of this for your network and the files it houses.
The data you store in your VDR is valuable to you and your business. But if it falls into the hands of a hacker, it could compromise a transaction, your intellectual property or bring your entire business to a halt. A network breach in 2011 compromised customer data for 77 million Sony PlayStation accounts, resulting in the PlayStation Network being shut down for more than three weeks. Others break into systems and try to extort money from their victims. This was precisely the case with HBO, where hackers implied they wanted a $6 million ransom. And of course there’s Equifax. The break in resulted in the stock losing around one-third of its value – about $4 billion in market capitalization – in just one week.
You might think that simply protecting your information from the outside is enough. But that’s not the case. A 2015 study from Verizon said that about half of all security incidents came from inside the company walls. In fact, according to the report, 20 percent of all compromised data is related to employees stealing information, misusing it, selling it or engaging in similar activities. For example, in 2014, a Tufts Health Plan employee stole data (including names, Social Security numbers and dates of birth) for nearly 9,000 customers. And there are countless of other cases just like this. When sharing confidential and highly-sensitive information during M&A due diligence you are at an even greater risk of a potential data breach.
So what can you do to keep your data secure?
You need to have a strategy and then implement a plan that protects data at all its potential touch points. While a critical first step, it’s not just a matter of ensuring that your firewall is secure. You also have to ensure your vendor’s VDR platforms are built with bank-grade security. To return to the earlier analogy about the apartment building, that’s similar to only having a front door key. It’s a main line of defense, but it’s not enough.
When implementing your own security and evaluating virtual data rooms, you need to consider the following items:
- What kind of encryption do you have?: You want a high-level like TLS 1.2 AES 256-bit encryption for internet browsing and data transmission key encryption at 1024 bits.
- Logins and Passwords: Passwords are a key element of defense. But it’s important to use them in a way that tracks when people log in to files and what documents they view. Also, logins should be encrypted, have minimum lengths and required resets.
- Infrastructure protection: When it comes to servers, make sure you know who has access and how they can enter those facilities. Things like security badges and multi-point authorization can keep controls tight.
- Logs and Event Tracking: This allows you to monitor who is accessing various files and when. This information is key should that information ever be compromised.
- Data availability and redundancy: In the event something happens to your data at one location, you need to make sure you have it fully backed up elsewhere.
SmartRoom is a secure virtual data room that was designed to offer precisely these features because we’re laser focused on helping organizations protect their information. We also make sure that our data centers are SAS 70 Type II compliant, meaning that an outside auditor can come in and assess their effectiveness.
Hackers seeking targets is just an unfortunate reality in today’s internet-connected world. But there’s something your business can do to guard itself against being its next victim. And that’s ensuring your virtual data room is built with multiple layers of security.
Virtual Data Rooms vs. Secure File Sharing Platforms
FTP (File Transfer Protocol): These systems have been around for many years. In fact, the first FTP specifications were written in 1971. It’s primarily a useful way to send and receive large files, but there are significant security risks and no collaborative features.
Cloud Storage Platforms: For the most part, these originated as consumer-centric services. In that, they were designed for collaboration and file sharing. But one area they lacked was in security. While many providers are looking to expand into the enterprise, their security features still don’t meet the high standards big business typically requires. In fact, in 2014 a hacker exposed passwords for 7 million Dropbox accounts. This came two years after the same provider was hacked, exposing data for some 68 million accounts. Box, a leading provider of cloud storage, has “poor security practices” according to TechRepublic, potentially exposing data for millions of their customers. That said, these services are good for sharing large files with family and friends, and they’re inexpensive. But generally speaking, they have limited use in the enterprise outside of small businesses with limited security needs. The also offer little customer support
File Sharing Platforms: These services provide a central data repository that can be reached via the internet. They are also scalable and integrate with leading business office software. But they do present some major setbacks. They are often clunky and expensive. From a deployment standpoint, SharePoint and ShareFile, can take months or even years to get up and running across your organization. In a 2016 article in CIO Review, the publication explained that SharePoint “has a reputation for getting in its own way” while a 2015 review in PC Magazine said the service was “good [for] online editing” but “setting up features can be overwhelming.” This has lead to mixed reviews by end-users who have been known to When it comes to data security, some require integrating with outside services. Gartner, a prominent technology research group, notes that these are probably best for “lightweight content management” rather than any heavy lifting.
Virtual Data Rooms: These services were initially designed with mergers & acquisitions and the enterprise in mind. They place an emphasis on security and real-time content management, because during the high-stakes world of M&A and due diligence, these features are of the utmost importance. Since then, virtual data rooms have expanded into other industries. Some have done so understanding the intricacies of business and customized their services to meet that demand. Others have simply ported their legacy systems into new sectors.
Choosing a Virtual Data Room Provider
- Security: Will you be storing or sharing sensitive information such as corporate financials or customer information? If so, you will need a VDR that offers multi-layered security including the highest levels of encryption, administrative controls, and firewall protection.
- Accessibility: Will only internal employees be able to access or share files or do you want a solution where you can share files with external parties as well? Do you want to allow people to access documents remotely and from mobile devices?
- Data Capacity: Does your business require a large volume of data? Is the virtual data room equipped to handle the quantity you plan to store and share?
- Usability: Is the platform user-friendly and can it easily be adopted into existing workflows? If the platform is not user-friendly you run the risk of low adoption and can find yourself back at square one.
- Collaboration: Would you like to collaborate on documents with other stakeholders, or are you simply using the solution to send files back and forth?
- Connectivity: Do you want to connect your existing applications such as Microsoft Office? If so, the platform needs to have an accessible API.
- Customer Support: Do you require assistance implementing the solution? Would you like help troubleshooting issues? What about tips for best practices?
- Pricing model: What model fits your business best? Does it make more sense for you to pay by volume or by user? A monthly or yearly subscription or a one-time-fee?
Virtual Data Rooms for M&A
Virtual Data Rooms for Private Equity
Virtual data rooms are also common in private equity. Similarly to M&A, PE firms must often share an collaborate on large amounts of highly sensitive information. Private equity is capital that is not noted on a public exchange. Private Equity is composed of funds and investors that directly invest in private companies. They often use virtual data rooms in the following events:
Portfolio Company Aquisition: Private equity firms must perform due diligence on companies to become part of the PE fund. They often use VDRs to host the information used for the PE fund to perform due diligence on the potential portfolio company.
Private Equity Fundraising: Private equity funds raise money from investors so that they can make investments in an effort to generate a return. Virtual data rooms can be used to host documents for the fund so that potenial investors can do their due diligence.
LP Reporting: Private equity funds use SmartRoom to share financial reports and results with their investors. VDRs are used to share and exchange results and reports wit their investors.
Portfolio Company Sale: As a PE fund winds down, they often sell or combine portfolio companies and/or entities to generate returns. Virtual data rooms can be used to store the documents used for the buying company to perform due diligence on the portfolio company.
IPOs: When a private portolio company goes public and ready for the first sale of stock, private equity funds use VDRs to due diligence on the company issuing stock and also for the regulators to review documents for IPO compliance.
Virtual Data Rooms for Asset Backed Securities (ABS)
Virtual Data Rooms for Legal Departments
Common virtual data room use cases for legal departments include:
- Contract Management
- Equity Administration
- Litigation Matter Flow
- Legal Review of Marketing Content
- Board Reporting
- IP Information Transfer
Virtual Data Rooms for Compliance
Virtual Data Rooms for Finance Departments
Common VDR use cases for Financial Departments include:
- Budget planning and reporting
- Payroll management
- Audit management
- AP/AR invoice transactions
- Compensation planning
- IP information transfer