What your service provider isn’t telling you about data security
2014-29-05, by Diana
Many service providers claim they can guarantee data security, but how can you be sure? Data security isn’t just a onetime thing – it’s an ongoing process. It requires both parties to understand each other’s security concerns and achieve common security goals. Is your service provider telling you all you need to know about how your data will be treated?
Why data security?
According to the 2013 Trustwave Security Report, 71% of CIOs agreed that data security is either important or super important. And it should be. 2013 has been the worst year of all time for data security. OTA and Security Watch report that 40% of the largest breaches occurred in 2013 and 740 million records were exposed. Remember Target? (Of course, 2014 has Heartbleed, which means 2014 might surpass 2013 yet.)
What’s more appalling than the seeming rise in data IN-security is that 89% of attacks could have been prevented with basic security measures (according to Trustwave). If your security password is still Password1 it might be time for a change. And this brings us full circle: keeping data secure and protected is not a single occurrence. Unfortunately, data security and protection is not as easy as changing your password.
Components of reliable data security practices
It takes an entire process and an understanding of what it takes to protect your and your users’ data. Especially if you are engaging with a third party service provider, the data security process becomes critical for project success. When engaging in an outsourcing partnership it is imperative to know the reliability of your provider’s data security process. You can do so by assessing their:
Partnership (outsourcing) model
The partnership model tells you to what extent the vendor is involved in achieving common data security goals. If their model is not very involved, their stake in the security of your data (and your overall well-being) is much smaller. As a result, they’re more likely to run the other way when trouble arises. If they offer dedicated teams or more involved models such as remote in-sourcing, they will care about your data security just as much as you, if not more.
Certifications & regulations
Does your provider know about the latest security practices? Are they certified (with things such as ISO 27001 or US-EU Safe Harbor)? Verify their certifications and ask about how they follow those security regulations.
Ask them to walk you through their security process. What is their security infrastructure? Do they offer network segmentation? How do they ensure data encryption and can they set-up a private VPN? Find out whether or not they can legitimately control who gets access to what information – physically and online.
Data security is a set of continuous procedures which guarantee security when carried out constantly and correctly. It should be your service provider’s top priority to let you know how your data will be treated. Don’t be afraid to verify your service provider’s data security practices – especially if they are not explicitly presenting their process to you. If your service provider is unable to describe some aspect of their security infrastructure, it’s likely their security process has some gaps, which might be a sign that your data will not be in the best hands. And your data deserves better than that.
Stay tuned for more info about data security or hear more on data security on June 11th in London during the NOA Breakfast Club on Data Security.
Back to Company Blog
More on this Topic in our White-Paper
Outsourcing Operations During Political Instability: Current Business Climate in Ukraine and Beyond