Security Never Takes a Holiday
We’ve been hearing an increasing number of questions about data security, specifically about security certifications. People want to understand what certifications are out there, and why companies need to have them. So we wanted to set the record straight on what exactly those security certifications cover when it comes to company data.
Does purchasing a safe car make you a safe driver? No. You certainly made a great choice in car, but you can still drive that safe car without a seat belt at high speed while drunk. Their J.D. Power ranking for safety or the national insurance rating for your car has nothing to do with you, and how you drive. And why is that? Because security never takes a holiday or a break, it should be a constant concern for anyone driving down the street in a car, even if you’re only going 5 mph.
The same thing is true about running applications in the cloud. Amazon, Rackspace, Salesforce.com and others are all great choices for hosting company applications and resources, as they all provide a secure foundation. However, the PCI DSS, ISO 27001, FedRamp and other certifications that these fine companies work hard to get have nothing to do with the how the companies that run their products on these highly secure platforms are actually acting.
A company can run on a PCI DSS compliant platform and not actually be PCI DSS compliant itself, which means all the company did was buy a safe car. And we’ve seen some vendors who claim their compliant, but are in fact just running their solution on a compliant cloud platform. Claiming that just because your cloud provider is ISO 27001 certified makes you ISO 27001 certified is the same as claiming that the J.D. Power ranking has something to do with how you’re driving.
We all need to be aware that there are people who drive badly in cars highly regarded for their safety. And we all need to be aware that there are companies out there who are not secure, but who run on secure platforms.
Robust, enterprise-grade security is vital when it comes to customer data. A data breach will cost a company $4 million on average, according to research from IBM and the Ponemon Institute. And that is just the initial cost, that doesn’t take into account the loss of future business, as data breaches will diminish the perception potential new customers have of the brand.
As marketers become more advanced, they’re collecting greater amounts of customer and prospect data, which needs to be kept private. Predictive marketing and sales solutions ingest and utilize all this data in their outputs and insights, so it’s imperative that solution vendors are compliant with the most rigorous industry standards. At Lattice we don’t take this lightly, we’re certified as ISO 27001 compliant so we protect our customers’ greatest asset, their data, with the highest levels of security.
Don’t take a company’s word that they have the right guidelines in place to keep your data secure. Make sure you review any new vendor’s security audit results and determine for yourself if they take data security seriously. When any company is evaluating the security of their vendors, they should be very wary of companies that claim someone else’s hard won certification has anything to do with them. They may be driving 100 mph down the highway with your data in the backseat, while drinking a fifth of Jack Daniels.