Skip to content

The Risks of Using Generic Cloud Drives for Due Diligence Virtual Data Rooms

Due Diligence Virtual Data Rooms

Conducting due diligence is a demanding task that leaves no room for compromise. Every document and data point matters, and so does the platform you use to manage this crucial information. We’re seeing more target firms rely on generic cloud storage solutions like Google Drive, SharePoint, and OneDrive for their Virtual Data Rooms (VDRs). 

Understanding the Attraction: Cost-Conscious Choices

I get it. In a funding climate where every penny matters, cutting corners using familiar, less expensive solutions like generic cloud drives is tempting, especially in earlier-stage fundraising efforts. 

The initial cost-saving allure is undeniable. However, this short-term saving could cost you dearly in the long run when the stakes are as high as they are in due diligence.

A Personal Insight: Cloud Drives Are Not the Safest Bet

From my years of experience in due diligence, I’ve seen the risk —of files being altered midway through the process (potentially rendering the DD work outdated) and access controls becoming porous over time. In some cases, I still have access to files shared with me years ago for previous projects. Clearly, this is a data security red flag. The best practice would be to shut down each VDR once a project ends and set up a new, secure one for the next venture.

Why Generic Cloud Drives Fall Short

Generic cloud drives are convenient for everyday needs but lack the specialized features required for due diligence. Here’s why they fall short:

1. Insufficient Security Measures

Sensitive data demands advanced security protocols, which generic cloud drives often can’t deliver. Specialized VDRs, on the other hand, offer granular security measures to ensure all parties see ‘just enough’ of the target firm’s information. This includes advanced encryption and tight access controls.

2. Lack of Document Control

The inability to restrict copying, printing, and screen capturing is a significant flaw when dealing with sensitive information. Adding watermarks to downloads is a much-needed standard feature in specialized VDRs.

3. Inadequate Audit Trails

Knowing who accessed what information, when, and for how long is crucial. Generic cloud drives generally provide a different level of detail. On larger deals, parties need to be able to confirm what information was accessed as part of diligence.

4. Inflexible User Access and Permissions

While generic cloud drives enable file-sharing, they lack the nuanced control needed to determine exactly who sees what, which may not be a problem if the deal goes well. But what if it fails? (something we are seeing more often this year).

Specialized VDRs offer granular, auditable permissions and allow for such specificity that failing deals can still maintain confidentiality in the volatile investment environment. Target firms can have the reassurance that their sensitive market data was accessed by a restricted, auditable number of people, safeguarding their interests even in challenging scenarios.

5. Missing Q&A Functionality

Questions are an inevitable part of due diligence. Unlike specialised VDRs, generic cloud drives don’t usually offer built-in Q&A modules to streamline this process.

6. Third-Party Support

Beyond the conventional players of the sell-side, buy-side, and consultancy firms, the landscape sometimes calls for the involvement of an advisor to act as an information broker. Serving as central project controllers, these specialised entities expertly navigate the flow of information among all parties involved.

They alleviate the workload for the sell-side and skillfully manage the Q&A process, ensuring a smoother, more efficient due diligence operation. Cloud drives do not facilitate this.

7. Lack of M&A-related Data Analysis Features

While generic cloud drives offer basic user metrics, they pale compared to the in-depth analysis capabilities that specialized VDRs bring. One of the most intricate features that sets VDRs apart is the ability to tailor analytics and search functionalities to specific workstreams and data sets a user can access. This focused approach enhances the security and integrity of the due diligence process and enables more precise, actionable insights.

8. The Close-Out Process

Once the due diligence process is complete, specialized VDRs have protocols for securely archiving or deleting data. This is often a manual and risk-prone procedure on generic cloud drives.

The Final Word: Specialized VDRs are Non-Negotiable for Due Diligence

You can’t afford to cut corners if you embark on a due diligence process. While generic cloud drives are fine for personal use or low-stakes work environments, they’re not designed to handle the specialized due diligence requirements for a process where every detail counts; only a specialized VDR will do.

By opting for a platform built for due diligence, you safeguard your data and ensure you’re prepared for the challenges ahead. It’s not just the better option—it’s the only one that makes sense.

I understand the underlying issue – they seem expensive for what they are. More on that to come.
Not using Due Diligence Virtual Data Rooms should be added to this list.
Picture of Hutton Henry
Hutton Henry
Hutton has worked with Private Equity Portfolio firms and Private Equity funds since 2015. Having previously worked in post-merger integration for large firms such as Ford and HP, Hutton understands the value of finding issues prior to M&A deals. He is currently the founder of Beyond M&A and provides technology due diligence for VC, PE and corporate investors, so they understand their technology risks before entering into a deal.

Take our FREE Scorecard to find out if your investment is at risk.

Discover the value of technology in your portfolio and target investments to gain more confidence and uncover potentially significant risks that could affect the value of a sale or an acquisition.

More Stories

Back To Top