Thus far, we’ve spent much time examining the core principles of the GDPR and other pieces of data regulation. We’ve worked through some of the implications these documents carry for the UX and back-end functionality of consumer-facing applications.
Thus far, we’ve spent much time examining the core principles of the GDPR and other pieces of data regulation. We’ve worked through some of the implications these documents carry for the UX and back-end functionality of consumer-facing applications. However, there are many other components to your business’s robust, secure data operation. Let’s look at the core principles of ensuring your hardware, software, and applications are securely spec’d to withstand attack. It’s no secret, threats to digital security are on the rise. The consequences of a data breaches are a PR nightmare of epic proportions (Hello Equifax). Start with the steps to get smart about your company’s infrastructure.
Many businesses continue to use SSD’s and HDD’s as a backup storage solution. Data on these devices should get encrypted and password-protected in the first place. Doing so significantly reduces the risk that bad actors will access if a storage device is compromised.
The infrastructure hosting company communications are vital to your ability to do business. Each device is a potential security breach point to malicious outsiders. Your wireless router, your company phones, and your web servers. It’s easy to overlook these when you’re just starting your company. We strongly recommend that even small startups get serious about protecting their data. You can do this by conducting a network security assessment, identifying potential risks to your systems while working with partners on mitigation. It may seem like overkill. So remember, what you do now will save you in the future, especially where you’re a success and proliferate. You start becoming a higher target and risk increases. Getting your house in order now will safeguard you in the future.
Online resources are a great way to develop solutions quickly. Hence, SaaS platforms have grown increasingly popular. Third-party libraries have also been an essential tool for letting development teams work efficiently. One should never assume any one of these resources is impervious to attack. Your organization must perform its due diligence on any modular solution it uses as part of its solution. Do your users, customers, and/or org report vulnerabilities? What are the ways to mitigate them?
At a minimum, cloud service providers should be complying with criteria such as:
In some cases, it can be the right business decision to forsake the security features included with a given hosting platform to build your own. If your company is handling financial data, we recommend building your code from scratch. Additionally, using a five-level encryption process to ensure no one can read the data even if stolen during transfer.
Lastly, on the point of data transfer, it is increasingly a non-negotiable for business conducting any online commerce to invest in an SSL certificate. An SSL Cert, in the words of the makers themselves, “is used to keep sensitive information sent across the Internet encrypted so that only the intended recipient can access it.” If you’re in development, you understand the many waypoints a piece of data travels through in its transmission; encryption is vital. Furthermore, SSL Certs provide authentication that lets users know they “are sending information to the correct server and not an imposter.” Do they know the technical implications of what this means? Unlikely. However, do they get nervous when their browser bar flashes red and warns them that the site may not be trustworthy? The bounce rate from this alone is enough to justify SSL investment for almost any business.
Published from our Privacy Magazine – To learn more, visit Privacy.dev
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Get a Demo