FountainBlue’s August 5 VIP roundtable was on the topic of Balancing Privacy, Security and Access! Please join us in thanking our gracious hosts at Dell and our esteemed execs in attendance. Below are notes from the conversation.
This month’s execs represented a wide range of industries, roles, functions and company sizes. Thus, their perspectives on balancing privacy, security and access varied based on their current and past experience and their view of the future. But they shared many common viewpoints:
- Data and apps are used by everyone everywhere and controlling who uses which app, and what data is used where is impossible! The proliferation of devices, IOT sensors, big data analytics, mobility and cloud solutions is making the security of our corporate and personal accounts so much more important AND so much more precarious now than ever before.
- Choosing security may mean investing more time and money to make sure that the right information and funds is being transferred to the right entity or account.
- Choosing security often means investing more into proactive planning as well as reactive management should breaches occur.
- Security breaches are bound to happen, so planning for them, anticipating specific scenarios, mitigating risks, and responding thoroughly and quickly and transparently are a necessary and integral part of running a company, and managing your personal data.
- It’s amazing how easy it is for the bad guys to get into a system, to access sensitive information. There are companies who employ people full time to do just these things. And also companies who spend many man-hours hacking into their own vulnerabilities to keep ahead of them!
- Security and access are so important in the eyes of corporate leaders that many times privacy takes a back seat.
- Corporate and IT leaders are challenged with the need to educate their staff about security protocols and processes, while also making it easy for them to access the networks and devices and data so that they can efficiently get work done! It’s even more challenging when leaders are dealing with a wide range of staff members and cultures with many different and fervent thoughts about following protocols!
- Compliance with protocols and standards is difficult at best as there are no standards across states, across countries. Yet, compliance is required, as it’s incumbent upon companies to be proactively secure, and transparently communicative should there be a breach!
Below are some collective thoughts on what you can do to proactively balance privacy, security and access.
- Look closely at the scenarios when someone is identified as an owner of something (like a car for example). In some contexts, it’s necessary to know, and in other cases, it’s an invasion of privacy to know. Consider making all necessary-to-know contexts (which owner of a 2016 car must be contacted regarding a recall notice for example) mostly automated, between machine-to-machine, while making most no-need-to-know scenarios (which Starbucks locations or grocery stores are most visited for example) managed by the owner, so they define who gets access to this type of information.
- To respect the privacy of users while also understanding trends, consider aggregating data usage for specific locations, genders, backgrounds, etc.,
- A Knowledge-As-A-Service or Data-As-A-Service model empower users to control who has access to their patterns of behavior and usage and even charge interested others to get that information from them.
- Reward people for successfully hacking into a system, to help keep in front of the professional hacking companies!
- Do understand the preferences of your customers so that you can anticipate their preferences and tendencies, but don’t keep enough data so that their privacy is compromised.
- Limit access to sensitive data only to those who need-to-know, and know why and in which contexts they need to know.
- Particularly sensitive areas around data include healthcare and children. Both areas have many support groups and many policies managing how data is used and exchanged.
- We have enough data and information to be able to mitigate risks and manage and understand risk profiles, and even anticipate security breaches. There’s a business opportunity to serve companies charged with managing the security of their data and assets.
As leaders, be the conscience of the company and fluctuate between the big picture and the execution pieces to proactively navigate that balance between security, access and privacy.