Why Data Security and Privacy Should Always Come First

To use data effectively and build customer trust, prioritize data security and privacy. 

The COVID-19 pandemic greatly accelerated digital transformation toward greater use and adoption of cloud and collaboration services. Any company that considers itself the custodian of customer data must recognize the responsibility of ensuring that it’s secure and safe. It’s vital to retain that trust. 

Finding ways to combine data governance and privacy with ease of use is fundamental. We need to be able to quickly connect people, deliver advanced features, and ensure data security. This is no mean feat, especially when operating within a complex regulatory, political and data security environment. 

The Challenging Regulatory Environment

As technology has become more sophisticated, so have cyberattacks. Cybersecurity is a constant threat to manage, with the risk growing as various governments and nation-states attempt to use data for political gains. Keeping data safe is extremely difficult. Having the right technology, systems, and processes will mitigate the risk. 

Next, there’s data sovereignty and data residency to consider; these are the laws and governance structures that data is subject to depending on where it’s processed and where it’s stored. This is especially complex from a European perspective. US and Asian companies largely dominate the global public cloud market, which means data can potentially be taken away from Europe. Individuals should have a right to keep their data local. Several regulations have already been brought in to resolve the issue, including the General Data Protection Regulation (GDPR), an EU data protection and privacy law. Additional regulations are being created. 

One of the biggest challenges for European customers regarding data privacy and sovereignty in the past few years has been the US Clarifying Lawful Overseas Use of Data (CLOUD) Act. The CLOUD Act allows federal law enforcement to compel US-based technology companies, via warrant or subpoena, to provide requested data stored on servers, regardless of whether the data is stored in the US or on foreign soil. This extraterritorial compulsion has raised concerns about the information in the cloud and potential conflicts with the EU GDPR. Given this issue’s sensitivity and the desire to protect the EU’s data sovereignty, in response, many organizations have partnered with or bought EU companies to ensure they’re the custodians of the data and aren’t subject to the requests. The European Parliament has since put new legislation in place to ensure data sovereignty for EU customers. The regulatory environment changes quickly, so it’s important to act quickly. 

How Compliance Builds Customer Trust

Every company has the responsibility to respect the laws of the country in which it operates. That means changing systems and processes and then changing them again as new acts and regulations are introduced. Building new data centers in Europe or contracting local providers of data centers isn’t a straightforward process and can take months or years to complete. By the time you achieve sovereignty, new challenges have arisen. However, by striving for compliance, customers feel more protected. While the challenges of regulatory compliance can slow down processes and business operations, compliance is necessary. 

From a business perspective, customers should have the choice of where they’d like their data to be stored, including options for European data centers. The right mechanisms must be in place to ensure that customer data is secure, accessible, and can be deleted as requested. Inform customers of their data rights. Make them aware of the laws that they’re governed by, and encourage them to ask specific questions before buying a cloud product. It’s important to have the necessary information regarding security and compliance certifications available and show customers that strict procedures are in place to adhere to regulations and mitigate the risk of cyberattacks. Being transparent about what you’re going to do builds customer trust. 

The Most Important Data Requirements

Building customer trust and ensuring data security and privacy means having the right processes, people, and technology in place. This minimizes the risk of data breaches and unauthorized access. The following tools and processes are fundamental: 

• Identity and access management (IAM): Mechanisms such as two-factor authentication are vital alongside audits, alerts, change requests, approvals, and strict access procedures. This should apply to everyone, regardless of their position within the company.
• Role-based access control (RBAC): This takes IAM to the next level by defining who can access each part of a system and what they can do with that access. For example, different levels of access will define who can read, write, download, and delete data.
• Access procedures: Under the GDPR, individuals have certain rights over their data. They can make a data subject access request (DSAR) at any time, so make sure data is easily accessible. Also, have procedures in place to ensure data is deleted within an agreed time frame. Finally, allow customers to unsubscribe from nonessential communications. 

Of course, having the right people in the right place makes processes far simpler. An experienced security and legal team are fundamental to ensure that data security and processing keep pace with regulations and that customers have the correct information about their data. With these data requirements, businesses can improve the agility and speed of their operations while still adhering to all the necessary laws and regulations. 

Putting Security First

Think of security before developing anything. Developing and launching products and services into the market with security as an afterthought can lead to reputational and financial damage. Make security part of every design process, with everyone in the company taking responsibility. It’s a constant challenge, but a necessary one. With the right systems in place, businesses can manage security effectively to drive customer trust and business growth. 

Rashid Shabbir is the technical sales architect—platform, focusing on security and compliance at Zoom, Gartner Magic Quadrant leaders in UCaaS for 2022 Worldwide. Shabbir specializes in data privacy and data residency on the platform with vast experience in CCaaS and UCaaS platforms. The information and opinions expressed in this article are the author’s own and do not necessarily represent or reflect the view of Zoom.

From the Privacera team (Please note, Rashid Shabbir is not employed by Privacera, and his piece does not imply an endorsement).

Security risks are everywhere in today’s connected world, impacting businesses, governments, critical public services and infrastructure as well as individuals. As the frequency, complexity, and severity continues to escalate, strengthening your organization’s security posture has become an imperative. In this environment, organizations that are responsible for data security governance must strive to assess and achieve security maturity. Get our whitepaper for critical guidance: Data Security Maturity Model in 5 Steps.