All data or information that relates to an identifiable individual that your business stores or handles needs to be properly protected. Yet for many companies, achieving this remains a path fraught with holes.
To explore the data privacy concept and provide advice to business leaders, Brian Pagano, Chief Catalyst and VP at Axway, for Data Privacy Day, has provided some tips for Digital Journal readers. Pagano is well versed in providing tips, best practices, and expert analysis for organization leaders tackling privacy issues.
Abandon the old faith in passwords
According to Pagano, it is goodbye to the password: “You can tell if an IT department is not evolving if you are required to frequently change your password (this practice has been shown to decrease security and has largely been abandoned). Keeping data private involves data-at-rest and data-in-motion as mostly ensuring that whoever is trying to access the info has the proper entitlements to that data. If privacy is a top concern, the organization should adopt a need-to-know check for any document. Prove you need this information. Keep logs and audit them randomly. This is similar to Apple’s posture. For new companies, open, fast communication is often more important than absolute privacy. Just remind team members that anything written down could appear in public—so think before you type.”
There is no one solution for optimized data privacy
Pagano says that anyone offering a one-stop-shop approach is most likely providing something less robust. He notes: “Cloud has the same problems around data-in-motion (you have to get data to and from the cloud) and data-at-rest (storing information in the cloud). What the cloud gives you is industrial-strength physical and digital security of the cloud provider. So it is a good step, a piece of the solution.”
Companies should adopt customized solutions their data privacy requirements
Companies that seek to replicate the services of others will probably end by providing substandard services, advises Pagano. He says: “Don’t blindly copy what some other company (or organization) is doing. You are not them. Your needs are not their needs. The amount of privacy you need is to support the mission of your organization, not to hinder it. So, start by asking what you need and what will support the mission.”
APIs and data privacy
The key innovation is with APIs, says Pagano. He recommends to firms: “APIs are the critical front door to your business. It is the perfect layer at which to adjust, check, and enforce entitlements to the information being requested.”