If security seems like a race to keep up with the bad guys, it’s because, for a long time, privacy and security have taken a back seat to user experience for many IT providers. Instead of viewing security and privacy as fundamental to good design, they became afterthoughts or even obstacles. As a result, whole industries are stuck in a reactive mode, scrambling to patch vulnerabilities, and fix bad security and compliance practices.
Privacy by design shows that things could have been different. Developed in the 1990s, it addressed the need for encryption, transparency and other secure and user-centric practices long before massive data breaches were a daily occurrence. More importantly, it shows that we can still create a world that protects data, if we’re willing to see security and privacy as fundamental concerns.
Privacy by Design Basics
Privacy by design is a systems engineering framework for secure IT infrastructure and hardware, along with business practices. It preaches proactive privacy and security protections, built into the system in anticipation of future risks, rather than bolted on after the system fails.
It also advocates data-centric security, protecting data from the moment it is created, and a default-secure approach, where users don’t have to opt out to have their privacy protected.
Privacy by design also acknowledges that privacy protections exist for the benefit of the user. Systems should be secure by default, in user-centric and transparent ways, to allow users to verify their data is protected by appropriate safeguards.
Privacy by Design Today
Privacy by design was way ahead of its time. It was conceived in an era when businesses stored data onsite, and could protect them through firewalls, network hardening and other forms of perimeter security. That’s no longer the case.
In the cloud, information flows seamlessly from one system to the next. As breach after breach has shown, poor security anywhere along the way can expose user data and undermine the whole system. Unfortunately, privacy practices and compliance laws haven’t kept up. Compliance regimes and businesses still address vulnerabilities once they’ve already done damage, rather than building robust privacy into systems from the beginning.
Data can’t be guarded behind walls anymore, but it can be protected with data-centric encryption. Even if encrypted data is stolen from a cloud service provider, it remains unreadable without the key. Instead of trusting every app or service that touches their data, users only need to verify that their encryption provider maintains appropriate controls.
Virtru Encryption as a Service epitomizes Privacy by Design principles. Our encryption is:
- Data-centric encryption, protecting data throughout its lifecycle
- Fully functional, securing data without compromising workflow
- User-centric, preventing third parties like Virtru from reading user communications
- Transparent, disclosing operational details and data policies to users
Virtru email encryption and Virtru Pro allow users to protect messages and attachments with a single click, making private communication accessible to everyone.
Virtru DLP adds another privacy by design objective: default privacy. Its inbuilt and customizable rules can automatically encrypt emails, strip attachments and warn users before sensitive information is disclosed. With tools like our HIPAA compliance rule pack, organizations can automatically prevent the disclosure of PHI and PII, from names and birthdates to ICD-10 codes and social security numbers.
To protect data anywhere, you need to protect it everywhere. Virtru email encryption creates a force field around each piece of data, using data-centric encryption to ensure that privacy can’t be compromised by one weak link.
Contact us to learn more or to request a demo.