Thus far, we’ve spent much time examining the core principles of the GDPR and other pieces of data regulation. We’ve worked through some of the implications these documents carry for the UX and back-end functionality of consumer-facing applications.
Thus far, we’ve spent much time examining the core principles of the GDPR and other pieces of data regulation. We’ve worked through some of the implications these documents carry for the UX and back-end functionality of consumer-facing applications. However, there are many other components to your business’s robust, secure data operation. Let’s look at the core principles of ensuring your hardware, software, and applications are securely spec’d to withstand attack. It’s no secret, threats to digital security are on the rise. The consequences of a data breaches are a PR nightmare of epic proportions (Hello Equifax). Start with the steps to get smart about your company’s infrastructure.
Many businesses continue to use SSD’s and HDD’s as a backup storage solution. Data on these devices should get encrypted and password-protected in the first place. Doing so significantly reduces the risk that bad actors will access if a storage device is compromised.
The infrastructure hosting company communications are vital to your ability to do business. Each device is a potential security breach point to malicious outsiders. Your wireless router, your company phones, and your web servers. It’s easy to overlook these when you’re just starting your company. We strongly recommend that even small startups get serious about protecting their data. You can do this by conducting a network security assessment, identifying potential risks to your systems while working with partners on mitigation. It may seem like overkill. So remember, what you do now will save you in the future, especially where you’re a success and proliferate. You start becoming a higher target and risk increases. Getting your house in order now will safeguard you in the future.
Online resources are a great way to develop solutions quickly. Hence, SaaS platforms have grown increasingly popular. Third-party libraries have also been an essential tool for letting development teams work efficiently. One should never assume any one of these resources is impervious to attack. Your organization must perform its due diligence on any modular solution it uses as part of its solution. Do your users, customers, and/or org report vulnerabilities? What are the ways to mitigate them?
At a minimum, cloud service providers should be complying with criteria such as:
In some cases, it can be the right business decision to forsake the security features included with a given hosting platform to build your own. If your company is handling financial data, we recommend building your code from scratch. Additionally, using a five-level encryption process to ensure no one can read the data even if stolen during transfer.
Lastly, on the point of data transfer, it is increasingly a non-negotiable for business conducting any online commerce to invest in an SSL certificate. An SSL Cert, in the words of the makers themselves, “is used to keep sensitive information sent across the Internet encrypted so that only the intended recipient can access it.” If you’re in development, you understand the many waypoints a piece of data travels through in its transmission; encryption is vital. Furthermore, SSL Certs provide authentication that lets users know they “are sending information to the correct server and not an imposter.” Do they know the technical implications of what this means? Unlikely. However, do they get nervous when their browser bar flashes red and warns them that the site may not be trustworthy? The bounce rate from this alone is enough to justify SSL investment for almost any business.
Published from our Privacy Magazine – To learn more, visit Privacy.dev
Ethyca’s VP of Engineering Neville Samuell recently spoke at the University of Texas at Austin’s Texas McCombs School of Business about privacy engineering and its role in today’s digital landscape. Read a summary of the discussion by Neville himself here.
Learn more about all of the updates in the Fides 2.24 release here.
Ethyca’s Senior Software Engineer Adam Sachs goes through the thought process of creating Fideslang, the privacy engineering taxonomy that standardizes privacy compliance in software development.
Learn more about all of the updates in the Fides 2.23 release here.
Our Senior Software Engineer Dawn Pattison walks you through implementing data minimization into your business.
Learn more about all of the updates in the Fides 2.22 release here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo