echo ''

Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Business Privacy Q&A with Heidi Shey, Senior Analyst Security and Risk at Forrester Research – Part 5

August 2, 2017

Part 5: What are the most important factors to consider when evaluating business privacy and data protection technologies and initiatives?

Leading up to our webinar with guest speaker Forrester Research Senior Analyst Security and Risk, Heidi Shey, we had a chance to ask her to address some of the questions around the challenges organizations face today in terms of ensuring business privacy and data security. We’ll be sharing Heidi’s key insights (and some of our own) in a five part series over the coming weeks.

Q5: What are the most important factors the businesses should consider when evaluating business privacy and data protection technologies and initiatives?

Heidi: Recognize that it’s not a single technology, but combination of tools, processes, and policies that you will need to address data security and business privacy. A risk and maturity assessment will help you prioritize investments based on the areas of greatest risk and impact to your highest value data. With technologies, take care to evaluate enterprise fit and usability as key factors. How does this technology work with other applications or tools within your environment? Also understand how data is used and why, and what your employees need to do with data in order to do their jobs as well as how your employees get their job done. What are the needs of an employee working primarily in the office versus your road warriors or remote workers? A technology that is easy to use that employees will want to use is important; otherwise you set yourself up for a scenario where employees actively look for workarounds because you haven’t met their needs.


Virtru’s Take

At the end of the day, you know your users better than anyone. When it comes to evaluating business privacy and data protection technologies and initiatives, you must trust your instincts – particularly when it comes to ease of use and security.

Some of the most technically sophisticated tools might be too difficult for your end users, in which case they simply won’t be feasible solutions for your organization. Good data protection policies that your users will follow are better than perfect policies that your users will violate. So be realistic in assessing your employees’ thresholds for new technologies.

The best business privacy and data protection initiatives take advantage of your existing technologies, rather than revamping them altogether. Solutions like Virtru, for example, supplement Google and Microsoft products by embedding security capabilities within their software. Organizations still reap the benefits of the features that they’ve already paid for, such as 2-factor authentication and e-discovery, while also adding new benefits that their cloud providers cannot deliver.

Frustrated users and technical overhead might not ruin your business, but security holes can. That’s why instinct becomes particularly important when it comes to evaluating the actual security of the products you’re considering. If you have any doubts about the ways that vendors handle key management and access to your data, then there is no doubt – you must find a different solution.

This is especially relevant to organizations that exchange highly sensitive information – such as board communications, corporate IP, or financials – or need to meet regulatory compliance – such as HIPAA, CJIS, or GDPR. Requirements like these should dictate your buying and implementation processes, so you should not settle for technologies that check most of your privacy boxes, but not all of them.

It is better to delay your business privacy initiatives altogether than to settle for tools that you’re not 100% sure can satisfy your security needs. Does it make you a bit uneasy that cloud providers can access your unencrypted data? Then find a way to eliminate that concern. Are you skeptical to sign on with a new vendor without data location assurances? Then hold out until you can get these assurances.

Effective business privacy relies on trust, and trust relies on certainty. If you’re uncertain that your technologies and initiatives can satisfy the ease of use and security requirements of your organization, you’re better off taking a step back to reevaluate your strategy altogether.

Interested in learning more?