Data leaks and security breaches have become a common topic in the news lately, with victims ranging from celebrities to the Democratic National Convention. But while the impact of information insecurity has become a hot button issue, there has been little conversation on how these incidents can be prevented.
From corporations to political campaigns, many groups rely upon outside software to turn their data into actionable information. This means that almost every organization has a stake when it comes to conversations on information security. Effective evaluation of the security applied by third party software systems can ensure that your data is only accessed by the individuals and organizations you trust.
To understand how to secure your data, you first need to understand what software companies do with your information. Within a third party software, the data management process generally looks something like this:
Storage: The cycle starts when your data is uploaded into the third party system and held for later retrieval. An example of this would be Apple’s cloud, which is a platform built only to store files so that they can easily be shared between devices. Some platforms stop here, but most third party software puts its value in the next phase, transformation.
Transformation: In this part of the data exchange cycle, the system you’ve uploaded your information into is used to transform it. A simple example of this is the Google Docs suite, where a document is edited and saved after being uploaded into the system. This is the phase where the software actually adds value to your information, and the function of most software companies.
Retrieval: In this phase, you can reclaim your data in compatible formats so that you can access and transform it outside of the third party system. In the Google Docs example, this would be the part where you re-download an edited document as a Word file and save it to your computer.
Now that you understand what software companies do with your data, it’s time to understand how to evaluate whether or not you should share it with them. Here are some questions to ask yourself before uploading your data into a digital system:
Who owns the data once it enters the system? Most storage platforms have no interest in owning your personal files, but this is not always the case. A few years ago, Google came under fire for a dubious usage rights policy that left the door open for them to assume ownership over any file in their system. The best defense against this? Read the terms and conditions before you upload anything and if you have an account representative, ask them explicitly about their ownership policies.
Is the retrieval phase present and easy to execute? Some systems make it difficult to export data through compatibility requirements or simply eliminating the export feature. This trick makes clients more dependent on the system and does them a disservice by limiting them to the software’s functions.
How do you ensure that your data is accurate once the system transforms it? This may not be as important for straightforward, computational software, but in systems where there are multiple people inputting various pieces of information, as is the case with most field outreach software, data integrity becomes an important issue to raise. Reliable softwares will have a means of ensuring accountability and accuracy.
Data breaches may be a more popular topic in the media, but starting the discussion on prevention and protection will take companies and other data-sensitive organizations a long way toward worry-free information storage. Properly vetting software companies for transparency and security is the first step in building a culture where proprietary data is safe and wholly owned by the organization it concerns.