Data Analytics: A Checklist to Avoiding a Security Breach

With predictive and prescriptive analytics beginning to gain traction in B2B markets, CIOs are faced with the ever-present build-versus-buy decision. Yet, building the in-house expertise to tackle advanced analytics is a very costly, time-consuming and risky endeavor.

Best practices suggest that companies look outside of their internal capabilities and seek out packaged SaaS applications designed to solve specific business challenges.

Consider this guidance from Gartner Research director Lisa Kart in How to Take a First Step in Advanced Analytics (June 2015): “The ‘build vs. buy vs. outsource’ decision is an important one. Organizations may revisit this decision for many different analytics problems they want to tackle. However, for organizations taking that first step to advanced analytics, leaning toward the outsource or buy options is a quicker and easier solution to achieving that first win.”

In evaluating SaaS solutions, one of the primary concerns for any CIO should be data security. Advanced analytics solutions require the use of company data, and as such, it’s critical to ensure that data will remain secure through each and every touch point.

In order to ensure this level of security, CIOs should be prepared to ask a few important questions before implementing any technology from a vendor that requires access to company data.

1. What technologies are in place to prevent a data breach in the data center? 

It’s important to understand how the data flows in and out of the data center. Is the data center regarded as a premier service provider? Are the controls at the premium level? Leveraging fingerprinting technology for data loss prevention is key. Ask how your data will be handled and encrypted when at rest and in transmission.

2. How will your company data be protected outside of the data centers?

Consider how your company’s data will be used by vendor employees and ask what protocols are in place to protect your company’s data outside of the data centers as well. Are the laptops of the vendor’s employees secured and encrypted in a way that prevents data from being pulled to a thumb drive? Does the vendor have a data security policy for employees who have access to the data?

3:  What protocols are in place to ensure the data is secure when accessed via mobile devices?  

Access to email and documents on mobile devices is extremely pervasive in today’s business environment. Just starting the conversation about what protocols and controls are in place could reveal some insight into how well the vendor does (or doesn’t) handle data security on mobile devices.

Once you’ve asked these initial questions, dive into the type of data that’s required. Is Personally Identifiable Information (PII) or credit card data required, or can the vendor rely on other less risky data sets, such as your transaction data? The type of data will determine which data security standards need to be followed.

Lastly, it’s important to ensure the data is transmitted, used and stored in accordance to regulations. CIOs must ensure the vendor can provide a secure, cloud-based data infrastructure to receive your data files and deliver advanced analytics back to your organization. The vendor’s cloud-based data infrastructure should make transfers back and forth as secure, reliable and easy as possible.

Your data holds a wealth of information just waiting to be unlocked, and how potential vendors keep that data secure should be crucial to vendor selection. Most importantly, company data should be handled with respect to ensure the most complete protection possible is in place.