VIRTUAL DATA ROOM 101

VDRs: Everything You Need to Know

Virtual Data Room Security

Virtual Data Rooms vs. Secure File Sharing Platforms

Choosing a Virtual Data Room

Virtual Data Rooms for M&A

Virtual Data Rooms for Private Equity

Virtual Data Rooms for Asset Backed Securites

Virtual Data Rooms for Legal Departments

Virtual Data Rooms for Compliance

Virtual Data Rooms for Finance Departments

Virtual Data Rooms for IPOs

Virtual Data Rooms for Fundraising

Virtual Data Rooms for Restructuring

But what is multi-layered security? And how does it protect your data?

Multi-layered security is pretty much like it sounds. It’s multiple levels of protection so that if one barrier is breached, there are more behind it to stop people from getting access to your information.  Think of it like this.  If you live in an apartment building, there’s probably security door you have to pass through on the way in.  Then there might be a doorman or a keycard for the elevator.  Then your door has a deadbolt as well as another lock on the doorknob.  And finally, you might even have an alarm or a smart home device, like a motion-activated camera.  If at any point, a person doesn’t have a key, they’re stopped in their tracks.  And with the alarm or the video camera, the system will immediately issue an alert should there be a break in.  All these steps are designed to protect your valuables and deter villains from attacking your home.  A multi-layered security system is a digital version of this for your network and the files it houses.

The data you store in your VDR is valuable to you and your business.  But if it falls into the hands of a hacker, it could compromise a transaction, your intellectual property or bring your entire business to a halt.  A network breach in 2011 compromised customer data for 77 million Sony PlayStation accounts, resulting in the PlayStation Network being shut down for more than three weeks.  Others break into systems and try to extort money from their victims.  This was precisely the case with HBO, where hackers implied they wanted a $6 million ransom. And of course there’s Equifax. The break in resulted in the stock losing around one-third of its value – about $4 billion in market capitalization – in just one week.

You might think that simply protecting your information from the outside is enough. But that’s not the case.  A 2015 study from Verizon said that about half of all security incidents came from inside the company walls.  In fact, according to the report, 20 percent of all compromised data is related to employees stealing information, misusing it, selling it or engaging in similar activities.  For example, in 2014, a Tufts Health Plan employee stole data (including names, Social Security numbers and dates of birth) for nearly 9,000 customers. And there are countless of other cases just like this.   When sharing confidential and highly-sensitive information during M&A due diligence you are at an even greater risk of a potential data breach.

So what can you do to keep your data secure?

You need to have a strategy and then implement a plan that protects data at all its potential touch points.  While a critical first step, it’s not just a matter of ensuring that your firewall is secure.  You also have to ensure your vendor’s VDR platforms are built with bank-grade security.  To return to the earlier analogy about the apartment building, that’s similar to only having a front door key.  It’s a main line of defense, but it’s not enough.

When implementing your own security and evaluating virtual data rooms, you need to consider the following items:

• What kind of encryption do you have?: You want a high-level like TLS 1.2 AES 256-bit encryption for internet browsing and data transmission key encryption at 1024 bits.
• Logins and Passwords: Passwords are a key element of defense. But it’s important to use them in a way that tracks when people log in to files and what documents they view. Also, logins should be encrypted, have minimum lengths and required resets.
• Infrastructure protection: When it comes to servers, make sure you know who has access and how they can enter those facilities. Things like security badges and multi-point authorization can keep controls tight.
• Logs and Event Tracking: This allows you to monitor who is accessing various files and when. This information is key should that information ever be compromised.
• Data availability and redundancy: In the event something happens to your data at one location, you need to make sure you have it fully backed up elsewhere.

SmartRoom is a secure virtual data room that was designed to offer precisely these features because we’re laser focused on helping organizations protect their information. We also make sure that our data centers are SAS 70 Type II compliant, meaning that an outside auditor can come in and assess their effectiveness.

Hackers seeking targets is just an unfortunate reality in today’s internet-connected world.  But there’s something your business can do to guard itself against being its next victim.  And that’s ensuring your virtual data room is built with multiple layers of security.

FTP (File Transfer Protocol): These systems have been around for many years. In fact, the first FTP specifications were written in 1971. It’s primarily a useful way to send and receive large files, but there are significant security risks and no collaborative features.

Cloud Storage Platforms: For the most part, these originated as consumer-centric services. In that, they were designed for collaboration and file sharing. But one area they lacked was in security. While many providers are looking to expand into the enterprise, their security features still don’t meet the high standards big business typically requires. In fact, in 2014 a hacker exposed passwords for 7 million Dropbox accounts. This came two years after the same provider was hacked, exposing data for some 68 million accounts. Box, a leading provider of cloud storage, has “poor security practices” according to TechRepublic, potentially exposing data for millions of their customers. That said, these services are good for sharing large files with family and friends, and they’re inexpensive. But generally speaking, they have limited use in the enterprise outside of small businesses with limited security needs. They also offer little customer support.

File Sharing Platforms: These services provide a central data repository that can be reached via the internet. They are also scalable and integrate with leading business office software. But they do present some major setbacks. They are often clunky and expensive. From a deployment standpoint, SharePoint and ShareFile, can take months or even years to get up and running across your organization. In a 2016 article in CIO Review, the publication explained that SharePoint “has a reputation for getting in its own way” while a 2015 review in PC Magazine said the service was “good [for] online editing” but “setting up features can be overwhelming.” This has lead to mixed reviews by end-users who have been known to When it comes to data security, some require integrating with outside services. Gartner, a prominent technology research group, notes that these are probably best for “lightweight content management” rather than any heavy lifting.

Virtual Data Rooms: These services were initially designed with mergers & acquisitions and the enterprise in mind. They place an emphasis on security and real-time content management, because during the high-stakes world of M&A and due diligence, these features are of the utmost importance. Since then, virtual data rooms have expanded into other industries. Some have done so understanding the intricacies of business and customized their services to meet that demand. Others have simply ported their legacy systems into new sectors.

• Security: Will you be storing or sharing sensitive information such as corporate financials or customer information? If so, you will need a VDR that offers multi-layered security including the highest levels of encryption, administrative controls, and firewall protection.
• Accessibility: Will only internal employees be able to access or share files or do you want a solution where you can share files with external parties as well?  Do you want to allow people to access documents remotely and from mobile devices?
• Data Capacity: Does your business require a large volume of data? Is the virtual data room equipped to handle the quantity you plan to store and share?
• Usability: Is the platform user-friendly and can it easily be adopted into existing workflows? If the platform is not user-friendly you run the risk of low adoption and can find yourself back at square one.
• Collaboration: Would you like to collaborate on documents with other stakeholders, or are you simply using the solution to send files back and forth?
• Connectivity: Do you want to connect your existing applications such as Microsoft Office? If so, the platform needs to have an accessible API.
• Customer Support: Do you require assistance implementing the solution? Would you like help troubleshooting issues? What about tips for best practices?
• Pricing model: What model fits your business best? Does it make more sense for you to pay by volume or by user? A monthly or yearly subscription or a one-time-fee?

Portfolio Company Aquisition:  Private equity firms must perform due diligence on companies to become part of the PE fund.  They often use VDRs to host the information used for the PE fund to perform due diligence on the potential portfolio company.

Private Equity Fundraising:  Private equity funds raise money from investors so that they can make investments in an effort to generate a return.  Virtual data rooms can be used to host documents for the fund so that potential investors can do their due diligence.

LP Reporting: Private equity funds use SmartRoom to share financial reports and results with their investors.  VDRs are used to share and exchange results and reports with their investors.

Portfolio Company Sale:  As a PE fund winds down, they often sell or combine portfolio companies and/or entities to generate returns.   Virtual data rooms can be used to store the documents used for the buying company to perform due diligence on the portfolio company.

IPOs:  When a private portfolio company goes public and ready for the first sale of stock, private equity funds use VDRs to due diligence on the company issuing stock and also for the regulators to review documents for IPO compliance.

• NPL
• RPL
• 17G-5
• CMBS
• RMBS
• CLO
• CDO
• Auto Loan, Credit Card, Student Loan, and Equipment leases

* Learn how one of the world’s leading financial institution was able to facilitate $290 billion dollars worth of NPL sales with a virtual data room here.  

Common virtual data room use cases for legal departments include:

• Contract Management
• Equity Administration
• Litigation Matter Flow
• Legal Review of Marketing Content
• Board Reporting
• IP Information Transfer

Common VDR use cases for Financial Departments include:

• Budget planning and reporting
• Payroll management
• Audit management
• AP/AR invoice transactions
• Compensation planning
• IP information transfer

The IPO process is one of the most important yet complex events that a growing company will go through. From financial scrutiny by investors, auditors, and regulators to continuous collaboration amongst investment bankers, lawyers, and accountants, companies must be prepared to manage large amounts of information and accompanying analysis. Information is everything when it comes to billion-dollar Wall Street transactions. Should key points of data fall into the wrong hands or leak out before an offering goes live, an investor road show or the entire deal could be compromised. One wayward email or unsecured document can change everything. As a result, bankers need to ensure the highest level of security for their files at all times. Virtual data rooms are cloud-based platforms were built for these purposes and help facilitate the IPO process.  VDRs help companies share and collaborate on content securely.  Many provide detailed reporting on what potential investors are looking at and are able to restricted viewing, printing, and saving capabilities on sensitive documents.  VDRs provide the tools needed to ensure the IPO process is managed efficiently and securely.  Use a virtual data room to streamline the IPO process by allowing multiple stakeholders to access critical information from anywhere at any time on these ultra-secure platforms.  

During a round of fundraising, startups and other companies have to share sensitive and other high-value information with potential investors.  These companies often invest in a virtual data room to host the due diligence for this process.  One of the reasons VDRs are used is in this process is to maintain security of intellectual property (IP) and ensure valuable company information does not leak or fall into the wrong hands.  Another reason VDRs are used in fundraising,  is because these platforms can track and monitor all activity in the room.  The ability to know which potential investors are looking at what documents can give companies valuable insight for negotiations during a round of fundraising.  

* Learn how the company Vaccitech used a virtual data room to secure $27.1m in a successful series A financing here.