In the 2008 housing market collapse and subsequent recession there were numerous reports of people ripping out copper wiring and other metal products from homes, public infrastructure and anywhere they could find it. People needed money and metals were (are) worth a lot, were readily available and in most cases, unprotected. Similar comparisons can be made to todays big data brokers market. People are willing to do whatever it takes to get their hands on any amount of data to sell for a profit. Hacking, social engineering, email scams, you name it people are trying it. More importantly, its not just individuals that you have to worry about, major corporations have been implicated in the sale of your personal and corporate data for profit.
- Facebook sold us out
- Twitter sold us out
- Google sold us out
- Our grocery store rewards card, sold us out
These recent “revelations” send a confirming signal to companies around the world that data is a high valued currency. There are levels of worth to the data that we all have, how much is it worth to sell, how much is it worth to keep private?
When it comes to our customers data, we need to decide how secure and how private they want/need it to be. If you are on an AWS server, or Alphabet or any other cloud platform it is innately not secure nor is it 100% assured to be private because you do not hold the keys to account access or the servers the data is stored on. That doesn’t mean that these services are bad for your business, the more you and your customer know the better you can decide on the next steps.
- We could build and manage your own encrypted cloud storage solution with multifactor authentication
- We could store everything onsite, hire security guards and implement anti fishing best practice training courses for all employees
- We could explore logless/anonymous Blockchain cloud storage solutions
- We could use a vetted, trusted 3rd party provider
These options all come with their own set of potential issues/cost and there is no “one size fits all” solution when it comes to protecting data and privacy. As more end users recognize the value of the data they generate there is a need to shift to “PraaS”, yes that’s Privacy as a Service!
- Do you sell your data to help with infrastructure costs?
- Do you buy more data to supplement what you have collected to make your marketing vehicles more efficient?
- Do you protect data for your customers and provide them with the highest level of privacy?
- Has your solution been audited and verified by an independent 3rd party to do what you claim?
- Convenience costs some measure of privacy and security
Assessing your customers threat model, identifying the attack surface, and focusing your efforts to secure the platform to the customer’s needs are the building blocks to success in the new world of data privacy. Have a plan, when your customer values privacy in data, they are probably willing to pay you more to manage the security and privacy than anyone would make off selling the collected data.
- Who is held accountable for the security of the data?
- Who owns the access keys to the servers?
- Has the network been segregated and hardened?
- What will we do about GDPR?
These questions need to be asked and answered before a project gets off the drawing board or privacy issues and breaches are a very real possibility. All of this comes down to a question of trust.
- Do we trust the storage provider?
- Do we trust the security of the network?
- Do we trust the customers physical and digital security practice?
Our reputation will hang more on how we address these concerns moving into 2019 and beyond than just our reliability or efficiency.