Save 50% on a 3-month Digiday+ membership. Ends Dec 5.
by Jon Hyman, co-founder and CTO at Braze
Modern life is creating a flood of information. In fact, 16 trillion gigabytes of data were created in 2016 alone, and that number is expected to rise tenfold by 2025. Mobile devices allow brands to gather more nuanced customer data than ever before, providing actionable insights into what people value and how they engage–the kind of insights that strong customer relationships are built upon.
But these relationships are also built upon trust. Customers trust that brands will keep their data safe and private—and they trust them to use that data responsibly in turn. To earn that trust, brands need three essential things: a security philosophy, a plan to identify and address security needs and a clear roadmap.
Putting privacy and security at the core of your business
Keeping data private means being vigilant about managing access to information, and ensuring that you always understand where data is coming from, as well as understanding when it can and can’t be used. That’s much easier to accomplish if you emphasize data privacy and security across your organization from the start.
In turn, strong security requires a smart development process. If your company is pushing out code that is not being adequately reviewed, it is a security risk on par to a lack of traditional safeguards, such as firewalls and virus protection.
Demonstrating a commitment to security and privacy
Securing your data is essential, but it’s just as important to demonstrate your data security capabilities to customers and partners. Brands could consider putting together a security attestation roadmap featuring some of these common certifications and actions:
- Engage a security vendor to carry out digital security audits and penetration tests
- Evaluate security controls against the SANS Institute’s Cybersecurity Risk Framework
- Implement the U.S.’s Health Insurance Portability and Accountability Act (HIPAA)’s data privacy and security rules
- Complete the Service Organization Control (SOC) 2 Type 1 examination, developed to protect systems against unauthorized access
- Update data policies and contracts with technical partners to ensure material compliance with the EU’s General Data Protection Regulation (GDPR) by May 25, 2018
Some of these steps can be accomplished in a matter of weeks, but others, such as the SOC 2 examination, can take more than 18 months from start to finish. The SOC 2 certification is the gold standard, as it touches on every element of security from physical infrastructure to software safeguards, as well as the procedures a company has in place for those with access to its systems.
It’s a major investment in time and resources, but a necessary investment all the same. By finding the certifications that are vital for your business and investing in expert legal and security guidance, brands can improve on data privacy and security while showcasing a commitment to data protection.
How to embrace a privacy and security practice
To ensure you are focusing your efforts, take a holistic view of the organization and use that understanding to complete a security risk assessment. For digital security, embrace traditional measures like firewalls, encryption and virus scanners, in addition to two-factor authorization and IP whitelisting, to prevent unauthorized access.
However, digital security isn’t just about keeping data safe from outside intruders—it also means using things like role and permission management to ensure that only the right members of your team have access to that data. Physical security matters, too. You can have world-class cybersecurity protections, but if you don’t secure your company’s physical assets by installing security cameras, requiring ID badges, maintaining maintenance logs and making sure that guests can’t just roam around your offices unescorted, you’re not really securing your data.
Security isn’t just about safeguards; policies and processes matter too. Role-based permissioning can’t work effectively, for instance, without a process for terminating access when employees leave the company. In addition, if your brand shares customer data with technical partners, you need to fully understand their security measures.
Privacy and security is a journey
Security doesn’t stand still. Technology keeps shifting, new threats continue to crop up, and last year’s secure system may suffer from previously unknown vulnerabilities today. Stay ahead by making security and privacy a priority every day by instituting strong processes, staying alert to the changing security landscape and choosing partners with the same mindset.
To dig a little deeper, check out #NoFilter: Braze on Security.
More from Digiday
In Graphic Detail: CMOs at a crossroads of power and proof
CMOs are closing out another year defined by churn and shifting ground.
AI-powered professional learning and the battle vs. ‘workslop’: Inside Deloitte’s Scout
Deloitte last month launched Scout as part of its Project 120, the company’s $1.4 billion investment in professional development.
As Black Friday nears, fake apologies from brands are all over Instagram
Brands have taken to social media in advance of Bliack Friday to ask followers for forgiveness. The catch: They’re apologizing for their products being too good.