Your company has had its third strike. Your first security breach was in January of 2018, with the second only six months later in June, and the last came in February of 2019. Your company has shown that it just doesn't have what it takes to secure your users data, and there we are going to need you to have over the keys for your data storage, for a 12 month period.
During this time, you will access your company data via APIs, that are monitored via a professional data management organization, as well as state and federal auditors to make sure all required security and privacy procedures are followed. All server, database, and storage operating procedures will be documented, and shared with your organization when the 12 month period is complete.
We have assessed that 60% of your infrastructure uses APIs, so the switch-over to the new infrastructure will not be that difficult. Your company will have 45 days to accomplish the other 40% of refactoring all your software to use APIs. Part of your illness within your organization was that this 40% of your operations was technical debt that your organization refused to bring up to speed--resulting in several large breaches.
When we hand your data storage infrastructure back to you, we will audit for another 18 month period to ensure you are practicing a 100% API strategy, as well as end-to-end encryption, making sure it is applied for all servers, storage, and in transit using SSL. During this 18 month period our auditors will assess whether you have the resources to bring your operations up to an acceptable level. If you do not meet requirements, the period can be extended, or your infrastructure can be ordered back into a forced-management situation again.
If you have any questions, please contact your case manager, and your IT operations manager will be in touch shortly with more details on the coming transition period.