+
EDITOR’S QUESTION
ROB OTTO, EMEA CTO,
PING IDENTITY
A
/////////////////
s the digital revolution continues
to gain pace, many CIOs and
CISOs face a troubling challenge;
they want to offer consumers an amazing,
digital-native experience and seamless
interactions across all channels. They want to
move fast, out-innovate the competition and
put the customer firmly in control of their
interactions with us. On the other hand, any
savvy IT exec will be aware of the inherent
security and compliance risks associated
with such a strategy; of the dangers involved
in ‘letting go’ and letting the business do
as it pleases with sensitive consumer data.
How, in short, can you become the next
Monzo, or Starling, without running the risk
of becoming the next Equifax?
New regulatory requirements such as GDPR
add an additional challenge for companies
offering services to consumers in the EU. No
longer can they consider data security and
privacy as a ‘nice to have’ – the regulation
makes it a legal requirement to ensure
security and the penalties for not doing so
can be severe. While there is no silver bullet
here, there are a number of proven strategies
and tools that can help.
Firstly, consolidation of consumer data into
as few physical storage locations as possible
is a good approach. Losing track of exactly
where and how consumer information is
stored – within multiple legacy databases,
directories, unencrypted backup files and
spreadsheets – is often a key pre-cursor to
a damaging leak. Select a data store that
offers both tight security as well as the
www.intelligentcio.com
flexibility to allow wide integration into
digital channel applications, preferably via
modern, open standards. Where it is not
possible to consolidate, use synchronisation
tooling to ensure data integrity across
repositories and ensure that it is clear where
and how each data element is mastered as
well as which other repositories will contain
linked copies.
The ability to capture and enforce
consumer consent, governing how their
data will be used and shared, is another
key requirement. Unauthorised sharing of
consumer data with third parties – however
good the intention at the time – is another
common way in which leaks can occur.
Ensure that your consumer data strategy
recognises and respects individual user
consent every time data is accessed in
order to ensure that customer trust is
not compromised.
Digital Transformation requires access to
consumer data via a number of channels
– whether by the consumer themselves or
via trusted individuals within the business.
Ensuring that each party accessing data
is correctly identified (using secure multi-
factor authentication whenever necessary)
and that every data access event is audited
provides further control and allows for
consumer data access to be opened up
in a secure fashion. Identity and access
management solutions can thus play a key
role in ensuring consumer data security.
INTELLIGENTCIO
33