Transparency is an important part of your security practices—clients and collaborators alike should be able to quickly and easily understand what you’re doing to protect their data.
While data security has always been an important part of doing business, in recent years it’s become an increasingly urgent consideration. Public scandals, like those of Facebook and Cambridge Analytica, and growing government regulations, to the tune of GDPR and CCPA, have consumers on high alert about how their data is being used.
If you find yourself among the many brands looking for ways to build trust with your audience, you’ll need to consider not only how you manage data security at your organization, but also how you communicate with your clients. Transparency is an important part of security—clients and collaborators alike should be able to quickly and easily understand what you’re doing to protect their data. The more effectively you achieve that, the more trust you’ll be able to build.
Read on to explore the three most common questions our customers ask us (and might ask you!) about data security, and how we answer them. Feel free to use these as a blueprint to guide your own practices, though the particulars will vary from industry to industry.
“How is your company audited for data security?”
Our answer: Check out our SOC 2 audit!
If you offer a cloud-based product or service, and want potential customers and collaborators to see you as a trusted partner, a clean SOC 2 audit should be your gold standard. SOC 2 audits are exhaustive reviews performed by certified public accountants to ensure that SaaS companies meet strict security requirements and provide a safe operating environment for managing sensitive data. In order to retain a clean SOC 2 audit, companies must renew their audit annually.
The existence of SOC 2 as a process reassures clients, but it also benefits the company. As Seamus Abshere, Faraday co-founder and Chief Technology Officer, puts it, “SOC 2 audits provide a chain of trust going from the client all the way to Faraday and to our vendors (like cloud hosting providers). At every level, auditors are involved to ensure that policies and procedures are followed.”
“How is my data transferred and stored?”
Our answer: All data is stored with trusted cloud vendors (Amazon, Google Cloud), encrypted in transit and at rest, and access is controlled using multifactor authentication.
Simply put, encryption is a no-brainer. When customers share data with brands, they’re trusting them to protect it from bad actors, and encryption is the standard practice for doing so. “At this point, using unencrypted data is like a surgeon not washing their hands before surgery,” asserts Abshere. “If you are not encrypting everything, it’s just malpractice.”
It’s standard practice for clients and vendors to ask about encryption, but at this point, the answer should always be “yes.”
“What data do you actually use, and how?”
Our answer: We live by the “If we don’t need it, we don’t collect, store, or transmit it” mentality.
It’s essential for brands to understand what data they have access to in order for them to put the proper safeguards in place. Here at Faraday, where we handle the data of hundreds of leading brands, we’re extremely clear with clients about what we use—and what we don’t.
“We don’t want your account numbers, social security numbers, health records — any of that,” Abshere says. “All we need are known identifiers (like billing information) and transaction information. We do not require or accept account numbers, so we don’t affect our client’s PCI DSS scope.” In our case, we leverage this personally identifiable information (PII) to match consumers with our identity graph and train machine learning algorithms to make predictions about a brand’s current or potential customers.
Another important step is to prevent any co-mingling of your clients’ data, particularly if your clients are competitors. At Faraday, we understand this is a serious concern, and we’re careful to prevent it. “Data is logically separated, and everyone’s predictions are based only on their own data plus Faraday’s identity graph,” explains Abshere. “Mixing client data would be a huge risk.”
Security is always a priority
No matter your role at a given company, you’re always a steward of your customers’ data. Various teams, from security to engineering to marketing, may operate on very different datasets and roadmaps, but it’s crucial that everyone contributes to a trusted relationship with clients and collaborators, working together to efficiently and transparently implement best practices.
Written by Faraday
Link to Original Blog: https://faraday.ai/blog/common-data-security-questions/