by Jon Hyman, co-founder and CTO at Braze
Modern life is creating a flood of information. In fact, 16 trillion gigabytes of data were created in 2016 alone, and that number is expected to rise tenfold by 2025. Mobile devices allow brands to gather more nuanced customer data than ever before, providing actionable insights into what people value and how they engage–the kind of insights that strong customer relationships are built upon.
But these relationships are also built upon trust. Customers trust that brands will keep their data safe and private—and they trust them to use that data responsibly in turn. To earn that trust, brands need three essential things: a security philosophy, a plan to identify and address security needs and a clear roadmap.
Putting privacy and security at the core of your business
Keeping data private means being vigilant about managing access to information, and ensuring that you always understand where data is coming from, as well as understanding when it can and can’t be used. That’s much easier to accomplish if you emphasize data privacy and security across your organization from the start.
In turn, strong security requires a smart development process. If your company is pushing out code that is not being adequately reviewed, it is a security risk on par to a lack of traditional safeguards, such as firewalls and virus protection.
Demonstrating a commitment to security and privacy
Securing your data is essential, but it’s just as important to demonstrate your data security capabilities to customers and partners. Brands could consider putting together a security attestation roadmap featuring some of these common certifications and actions:
- Engage a security vendor to carry out digital security audits and penetration tests
- Evaluate security controls against the SANS Institute’s Cybersecurity Risk Framework
- Implement the U.S.’s Health Insurance Portability and Accountability Act (HIPAA)’s data privacy and security rules
- Complete the Service Organization Control (SOC) 2 Type 1 examination, developed to protect systems against unauthorized access
- Update data policies and contracts with technical partners to ensure material compliance with the EU’s General Data Protection Regulation (GDPR) by May 25, 2018
Some of these steps can be accomplished in a matter of weeks, but others, such as the SOC 2 examination, can take more than 18 months from start to finish. The SOC 2 certification is the gold standard, as it touches on every element of security from physical infrastructure to software safeguards, as well as the procedures a company has in place for those with access to its systems.
It’s a major investment in time and resources, but a necessary investment all the same. By finding the certifications that are vital for your business and investing in expert legal and security guidance, brands can improve on data privacy and security while showcasing a commitment to data protection.
How to embrace a privacy and security practice
To ensure you are focusing your efforts, take a holistic view of the organization and use that understanding to complete a security risk assessment. For digital security, embrace traditional measures like firewalls, encryption and virus scanners, in addition to two-factor authorization and IP whitelisting, to prevent unauthorized access.
However, digital security isn’t just about keeping data safe from outside intruders—it also means using things like role and permission management to ensure that only the right members of your team have access to that data. Physical security matters, too. You can have world-class cybersecurity protections, but if you don’t secure your company’s physical assets by installing security cameras, requiring ID badges, maintaining maintenance logs and making sure that guests can’t just roam around your offices unescorted, you’re not really securing your data.
Security isn’t just about safeguards; policies and processes matter too. Role-based permissioning can’t work effectively, for instance, without a process for terminating access when employees leave the company. In addition, if your brand shares customer data with technical partners, you need to fully understand their security measures.
Privacy and security is a journey
Security doesn’t stand still. Technology keeps shifting, new threats continue to crop up, and last year’s secure system may suffer from previously unknown vulnerabilities today. Stay ahead by making security and privacy a priority every day by instituting strong processes, staying alert to the changing security landscape and choosing partners with the same mindset.
To dig a little deeper, check out #NoFilter: Braze on Security.
More from Digiday
TikTok has officially launched its new e-commerce platform, TikTok Shop, earlier this month on August 1. Using the new e-commerce platform, brands and creators can sell products directly on the platform, potentially creating new revenue streams, and tap into the short-form video platform’s growing popularity.
‘The influencer industry can be really vile’: Confessions of an influencer marketer on the industry’s unfair hiring practices
While the influencer industry might sound exciting and like it’s full of opportunities, one marketer can vouch for the horrific scenarios that still take place behind the scenes.
After a tumultuous 12 months, marketers are getting a clear picture of how they really did during a time of true uncertainty. And, as it turns out, it wasn’t all that bad.
Ad position: web_bfu