Security Market Segment LS
Monday, 13 May 2019 10:04

Earning customer trust will help boost business: cloud security pro Featured

Earning customer trust will help boost business: cloud security pro Courtesy Office of the Australian Information Commissioner

Businesses that earn the trust of their customers by being responsible stewards of their information will be rewarded with loyalty and positive word-of-mouth recommendations, Mark Perry, the chief technology officer of cloud security firm Ping Identity says.

In comments to mark Australian Privacy Awareness Week which runs from 12 to 18 May, Perry said the observance of the week served to remind people that organisations which lack ways to protect data from unauthorised sharing, data breaches and misuse stand to lose this trust. That, he added, would translate into lost business.

The Privacy Awareness Week is an initiative of the Office of the Australian Information Commissioner.

"To thrive in this increasingly complex landscape, organisations must carefully control which customer data attributes are accessible to applications. They must ensure that apps only have access to the attributes they need and, particularly for partner applications, that customers have consented to sharing data," Perry said.

"Finally, they must make these consents intuitive. Lengthy privacy policies full of legalese are a thing of the past. An organisation’s customers expect user-friendly controls that let them manage their consents and clearly see who has access to their data.

mark perry"At the same time, centralised privacy management capabilities enable compliance with a growing number of dynamic privacy regulations. With centralised policies, businesses can confidently control how and where data is used.

"Without them, it’s risky to embark on new initiatives to improve customer experience, and you risk tight restrictions from security, legal and compliance teams. Those are steep sacrifices in today’s multi-channel marketplace, where competitive advantage lies in personalisation."

Joanne Wong, senior regional marketing director for security intelligence firm LogRhythm in the Asia-Pacific, said the week served to remind both consumers and employees that they should have good privacy and personal data protection practices.

"At work, you can adopt basic data protection practices for daily operational activities. It could be as simple as checking your emails to ensure there is no unnecessary personal data contained within before sending out," she said.

joanne wong"Another step is to practise password hygiene, which could be as simple as using different passwords across applications or multifactor authentication and changing passwords often. Akin to security locks for physical security, passwords have long been a standard means of protecting information, most importantly for information both offline or online.

"We use it to lock our mobile devices, protect our online banking information and for businesses, protecting their network from unauthorised access.

"At the same time, as bad actors become more persistent and increasingly sophisticated in their methods of gaining access to our critical digital assets and information, chief security information officers have an ongoing responsibility to emphasise the importance of password hygiene.

"Indeed, companies need to put privacy at the heart of all new applications and processes. Privacy by design will need to be part of the organisation’s mind-set, not just an afterthought. This is really a principle that businesses need to be thinking about now, not later."

phil kernickPhil Kernick, co-founder and chief technology officer of cyber security specialist CQR Consulting, said: "In 2010, Facebook publicly said that the age of privacy is over. Today, they are saying that the future is private.

"But what they aren’t acknowledging is that your private information is still yours, not theirs, even if you choose to share it on their platform.

"Personal information is the currency of social media. You need to protect it the same way you protect your wallet, and choose where to spend it wisely."

The Australian National Privacy Week provided a timely reminder to create or review privacy and security policies and ensure that staff training was part of any policy, according to Mark Sinclair, ANZ country manager of global network security vendor WatchGuard Technologies.

mark sinclair"Educating users is often the most overlooked area of security and the public mandatory data breach legislation reports show that user error is quite often a cause of a privacy or data breach," he said.

"Robust security technology is vital, but ensuring users are aware of policies, understanding how their privacy can be compromised, and the role they should take to keep data safe should be the first and last line of defence for every organisation."

Michael Warnock, Australia country manager of security solutions firm Aura Information Security, said: "When you look back over the past five years, adoption of new technologies like mobile and cloud have completely transformed many industries for both consumers and businesses. All have come to expect access to services from consumers wherever they happen to be and at whatever time they need."

michael warnockHe said at the same time, cyber-attacks demonstrated the vulnerable, expanded attack surface associated with greater cloud adoption.

"As organisations work to secure their applications and other sensitive assets in the cloud as part of their digital transformation strategies, these attacks demonstrate the need to quickly implement consistent security controls across cloud and on-premises environments to protect user privacy.

"After all, most people fail to only really care about cyber security until they are a victim of an attack. Cyber education in the workforce and awareness for individuals to manage their own privacy is not something people should do every 12 months with a few questions, it needs to be continuously reinforced and customised to front and centre of an organisation’s employee base."

petr adamekPetr Adamek, chief executive of the Canberra Innovation Network, an ACT Government initiative to accelerate innovation and diversify the economy, said people wanted reassurance that their data was safe and secure.

"The best tech start-ups focus not only on attracting new customers and building amazing technology, but also on building trust of their customers," he said.

"Being serious about privacy and data protection and demonstrating it is a key ingredient in building such trust and setting your startup for success.

Budd Ilic, ANZ country manager of cloud security provider Zscaler, said the week provided an opportunity for Australian businesses to review the introduction of greater data cyber security hygiene into their enterprises.

budd ilic"Organisations today need to take a more proactive approach to protecting and managing their customer data. At the same time, companies need to ensure they have insight into the various data pools, often kept in different departments within an organisation and identify whether permission to use personally identifiable information has been obtained," he said.

"Furthermore, in recent years, companies have had to put technology in place that helps them control and protect digital assets, and reconcile the disjointed conversations between departments to produce the shared insight necessary to update an organisation’s security posture.

"Processes should really now be in place to manage the data more effectively as companies have gained a better understanding of where they store PII and who has access to this, a necessity to be able to comply with the reporting requirements in case of data loss and to support robust customer privacy."

Albert Kuo, vice-president Asia Pacific for enterprise technology company ExtraHop, said: "Today, both business and consumer IT users experience encryption on a daily basis by way of the browsers and applications we use.

albert kuo"Application providers have invested heavily in elevating privacy and protecting sensitive data through encryption policies and technology, yet personal information is still often leaked largely because of unintentional human error, the weakest link in any defence."

Kuo said if attackers obtained user credentials, then encryption was of no use.

"For this reason, no organisation is free from the risk of a breach. As a result, organisations should protect their IT users’ privacy with comprehensive network visibility and automation that speeds up the investigation process," he said.

"After all, the faster you can locate an attack source and mitigate the damage, the sooner it’s stopped, and the less damage done to users and the and the organisation's reputation."

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News