This site uses cookies. By browsing the site you are agreeing to our use of cookies. Find out more

About Us

News & Events

From Lock and Key to the Cloud – A Route map for HR Data Security

by Paul Finch, managing director of Konetic

Security in the HR department used to be relatively simple.  Data was kept in bulky paper-based files stored away in filing cabinets. Who should hold the key was the main topic for debate. However, this locked-up data was rarely updated and gaining access was not always straightforward.

Over recent years, however, the HR landscape has been transformed with the emergence first of automated file-based systems and subsequently of cloud-based applications. Because the cloud supports high performance computing power, it can capture and analyse huge quantities of data quickly. Its use also gives HR departments more say in the type of IT application they use. HR was not often seen as such a mainstream part of a business as finance or marketing for example. So, its needs were sometimes ignored by IT teams.

Consequently, when cloud technology began to gain a hold, HR departments often found it easier to get sign-off for what they needed, because of the lower costs and the fact that systems could be turned on and off as and when required.

In many cases, too, this process has transferred the responsibility for security from IT to HR – and in most countries this information will have legal protection. Responsibility lies with the data owner or manager, rather than the cloud provider.

This all comes at a time when an increasing amount of employee data is being held – and as more businesses begin to recognise the value of data analytics to identify and predict trends, these volumes are likely to grow further.  In times of high unemployment, companies sometimes receive hundreds of applications for each vacancy and corporations running large-scale recruitment programmes such as graduate trainee schemes usually have to handle an exceptional amount of data to fill only a few positions. All this data must be carefully stored and managed in compliance with the various global data protection requirements which vary across different regions across the world from the US to Europe to Asia. Things have come a long day since the old days of the locked filing cabinet.

The Security Dimension
With HR technology decisions now falling to the HR team, how can they ensure that this information is held with the right security in place? Or, if the IT department is still involved, what questions must the HR team ask to ensure the chosen provider meets the stringent standards required by their department?

It is an area on which cloud sceptics have historically focused their concerns. And it’s certainly the case that with the public cloud there could be issues. True SaaS shares one software solution (with all upgrades, automatically provided to all users instantly) and one universally shared database hosted in the cloud.

This means a private or hybrid cloud may be a better choice. With a private cloud, organisations have dedicated resources, giving more control and opportunities for customisation while still offering scalability and flexibility. With the hybrid version, sensitive data can be held privately, while other data is kept on a public system.

Also, the cloud provider can decide where to store the data and even move it around to different centres across the world. This distributed architecture can improve the reliability of the cloud service – and its affordability as the provider can optimise their overheads at any given time. However, at the same time, it does mean that the data owner (who is ultimately responsible) has diminished control.

For European businesses, this can cause problems if it is transferred outside the EU. For example, if data is held in the US, the Patriot Act can override any EU protection, giving the authorities the legal right to sift the data and take control. For those holding personal and confidential candidates’ and job-seekers’ information, this can be highly concerning.

So here are some points to consider when selecting a cloud provider:

  • Does the provider offer individual databases? Ask for a list of countries where data will be processed and safeguards put in place. Preferably stick to suppliers with a data centre in the same country as your main business who can provide assurances that your data will not be moved.
  • It may make sense to stick with a cloud-based application provider already established in the field who will understand the particular problems of HR teams.
  • Does your chosen provider have a track record in supplying organisations that regards security as paramount?
  • Is your provider working towards the latest version of the international information security management standard ISO 27001? This update takes into account changing IT platforms and practices.
  • What contingency do they have in place and how quickly could they restore your data in the event of a major loss? How fast could they react if a potential vulnerability was discovered?
  • Will data be encrypted – in transit and in storage? Yet at the same time, will you be able to access data in a usable format whenever it is needed?
  • Does your supplier understand the data security differences between single record look up and bulk data reporting?
  • You may want to change your arrangements in the future. What policies do they have about deleting data if your business should decide to withdraw from the cloud? What are the associated costs?
  • Does your provider have audit trails in place to monitor who is accessing the data and when?

Most cloud providers within the HR space will be aware of their customers’ concerns about security and happy to answer these questions. You may well find that their security levels exceed a customer’s normal standards and even go beyond the required accreditation or IL-level benchmarks.

Concerns about security are understandable. But if these questions can be answered satisfactorily, there are also many benefits to be gained – not least the opportunities to use on-demand affordable yet highly-effective solutions that often offer fast return on investment through the efficiencies they bring.

Go back

Konetic’s solutions offer a secure, high volume, SaaS based eRecruitment solution.

Over the last 12 months Konetic Clients have processed:
  • 250,000 applications
  • 450,000 registering applicants
  • 80,000 first interviews
  • 35,000 offers of employment
  • at an average cost of hire of just £60!
  • Zero security breaches
  • A UK company
  • UK data centres
  • A greener, smarter solution

Contact us for an initial discussion about your eRecruitment needs.

Demanding recruitment processes, made simple.

Govia Thameslink Railway

used Konetic Active to dramatically reduce the cost of recruiting and bring recruitment in-house.

Are You Ready For The Next Step?

Contact Us

London office

Konetic Limited
Hamilton House
1 Temple Avenue
London EC4Y 0HA

(020) 3053 9160

Chatham office

Konetic Limited
77 High Street
Kent ME4 4EE

(020) 3053 9166

Latest News

Paul Finch on Hiring Through Gamification

Paul Finch was invited to comment by the BBC World News team on 26th Feb 2015 about an innovative approach to select graduate recruits using gamification software.

Read more …


© Konetic Limited. All rights reserved. | Privacy Policy | Terms and Conditions