“Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Steve Cox, chief operating officer at Technology Services Group.
With the proliferation of mobile devices and remote access, the boundaries between a company’s data and the outside world have increasingly blurred. What’s of more concern is that potential entry or access points have multiplied exponentially.
So when companies ask me where they should start with IT security, I have a simple answer: encryption. Rather than protecting the perimeter, which is almost impossible to define, it now makes more sense to safeguard a marketer’s crown jewels, which, in many cases, is data.
If you were to analyze news stories about corporate or government hackings, you’ll most likely find a common thread. The perpetrators are after data, whether it’s to expose the actions of individuals as in the Ashley Madison case or to capture credit card information for financial gain.
Should that information fall into the wrong hands, encryption renders the data worthless. The principle is similar to the use of security tags on clothing items or protection systems in vehicles transporting large quantities of banknotes. In both cases, the aim is to make the stolen goods or money unusable by covering them in colored dye.
Both techniques are in almost universal use. But the use of encryption is not, despite the fact that technologies have been available for many years.
It seems to have been overlooked in favor of other techniques used in the battle against the many and varied IT security threats, including anti-virus, anti-malware or web filtering software. Many are still under the impression that if they have anti-virus tools in place, they will be protected.
As the way we use technology evolves we need to take a much broader view of how we protect our vital assets. Although encryption should be at the top of the list, we shouldn’t disregard other areas. If you look at the security arrangements of any clothing retailer, the tags are just one part of their security strategy, along with radio-frequency identification to minimize “shrinkage,” as it’s known in the industry, along with the deployment of security guards, impregnable shutters and alarm systems.
It’s a holistic approach and each element makes a contribution. There’s actually a holistic aspect to encryption because it can be applied on many different levels. File encryption, for example, protects individual documents, whereas device encryption disables the entire device.
The key is to understand who needs access to data and why? Does it need to be shared with agencies, mailing houses or fulfilment partners? What’s the most appropriate mechanism for sharing? Email, online transfer or portable media are all options but each presents its own challenges.
Encryption can effectively cover intrusion, such as when someone hacks into a system and steals data. It can also account for the unfortunate habit of people, often the weakest link in any security setup, leaving their phone, tablet or laptop on the train or in the back of a taxi. Encryption also offers reassurance that the increasingly sophisticated phenomenon of social engineering will have limited impact.
Historically, marketing’s desire to protect data was driven by the need to ensure that competitors couldn’t get their hands on the crown jewels. In today’s digital world the threat is far more sinister and the potential repercussions far greater.
Considering encryption’s lack of adoption across all sectors, there’s no reason to suggest that the advertising and marketing industry is ahead of the game. In a world where perception and reputation are valuable currency, perhaps it’s time to take the lead?