How Secure is Secure?

Data, data, everywhere

The web is alive with facts and figures about how much more data there is this week than last week – or last year – or last decade. Suffice to say, the momentum behind data growth is not slowing down – neither is it likely to any time soon.

Once you get into the nitty-gritty of data collection though, sooner or later the question has to be answered – what are we going to do with all this data? Specifically, how can we commercialise it to derive business value and, perhaps most importantly, how can we protect it to make sure that it doesn’t get into the wrong hands? This second consideration is of paramount importance – there have been too many reports in recent years of catastrophic data breaches resulting in loss of goodwill towards the data owner and immeasurable damage to the brand. These intangibles are just the start too – compliance risks abound, particularly in heavily regulated industries like finance, utilities, healthcare and pharmaceuticals.

Stick to what you’re best at

The value of the data is directly related, of course, to the ability of your business to make sense of it. Data value touches people throughout the organisation too – placed in the hands of business users across the enterprise it has the power to streamline internal processes, transform customer relationships and drive both cost savings and improved revenue for the business to reap rewards through increased profitability.

The secret to deriving value from data is by placing it quickly, and in a digestible form, in the hands of the people who really understand how to use it. The cost of that movement of data to the right places at the right time though can be measured partly in terms of what it’s stopping your IT department from doing. When they could be working on innovative projects that enhance the effectiveness of the business, they may instead be engaged in projects to manage your data, secure your IT estate and deliver systems compliance. When that’s the case, perhaps the heavy lifting of data management and big data processing should be pushed out to the cloud?

Cloud first, second, third…

Moving your data to the cloud, particularly into a Software-as-a-Service (SaaS) environment, makes it ready for use. Actionable data, within a business-ready application, empowers your users to accelerate the use of that data and capitalise on the narrow window of opportunity during which the data is most valuable.

Reticence remains though around cloud migration; industry regulation causes compliance headaches, while there is an ever-present need to reassure enterprises on their journey to the cloud that security need not be an issue if you choose your managed service provider carefully.

ISO, PCI, SOC et al

Even a cursory investigation into cloud options will throw up a raft of security Three Letter Acronyms. The ISO27001 standard for Information Security Management helps organisations to keep information assets secure and is the very least that should be expected if you are entrusting your data to a third party. Likewise, the Payment Card Industry Data Security Standard (PCI DSS) is the benchmark for any organisation handling credit and debit card data and covers the prevention and detection of security incidents. The Service Organisation Control (SOC) framework has been developed by the American Institute of Certified Public Accountants (AICPA) and details a service provider’s non-financial reporting controls in key cloud areas like security, availability, confidentiality and privacy.

There are many more standards besides these but the key principle is that organisations achieving such standards have had to demonstrate by audit that they have in place a very robust and rigorous process, with supporting documentation and systems, for the management of any personally identifiable information (PII) and sensitive corporate data. This is a good indicator of trustworthiness, reliability and the overall seriousness with which accredited providers take their security responsibilities.

You shouldn’t have to worry about your organisation’s data collection or about the ISOs and PCIs of storing it in the cloud – with a good quality data collection provider these are covered, enabling you to just focus on the business value that you can drive through your enterprise by taking action on the most granular individual digital data available.

By David Hetling, Marketing Manager at IS Solutions Plc.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

Latest articles

5G will advance all of society as we know it

How empathy, ahead of tech, will be the key driver of business recovery post-coronavirus

Automation: a faceless route to customer alienation or a productivity driver?

The importance of data collaboration for marketers

Post-lockdown â€“ planning for your businessâ€™ road to recovery

The 4Ps plus purpose are the key to thriving in the 2020s

Join todayâ€™s data privacy and cyber security virtual event

Behavioural change, nudge theory and ultimate benefit â€“ why isnâ€™t the trial COVID tracking app harnessing the best in tech?

Turning Global Data Protection Into Global Opportunity

Weathering the storm: How cloud technology can help marketers to succeed remotely

Data Legislation Education: Businesses Must Boost Knowledge

Are you a digital polluter? Why advertisers must now end online waste in order to survive

Three key questions businesses should ask themselves before investing in AI tech

Hidden stakeholders: Why CISOs hold the key to successful digital transformation

The IAB Europe Guide to Cookies: Privacy Promises Should Do More Than Crumble

How Secure is Secure?

By David Hetling

Posted in Data on 12 May 2015, 13:00, 0 Comments.