Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

The Way You Protect Your Customers' Data Is Fundamentally Changing

Published 11/10/2020

The Way You Protect Your Customers' Data Is Fundamentally Changing

By Whistic

As an InfoSec professional, you’ve seen your fair share of growth and change in the industry. Information security presents an interesting challenge because the technology is actively solving for very real threats and risks. As the technology used by malicious forces grows and expands in scope, so too must the technology used to secure data and information.

The Shift from Reactive to Proactive Security

As information security started to grow as a focus and become more critical to an organization’s long-term strategic success, reactive security strategies slowly started getting replaced with flexible, dynamic, proactive innovation. Real-time, instant access to the cloud replaced bulky hardware.

Here is a look at the general timeline of how InfoSec teams have protected data and established customer trust.

Phase 1: On-Premise

On-premise servers housed all of the organization’s burgeoning data. Because servers were physically on-site, an organization had explicit control over who had access to what information. As vendor data was added or shared with a team, this connection was literally hard-wired into the system.

Simply put, this first phase of InfoSec wasn’t too focused on vendor security. Security protocols were not discussed as part of the sales process, and post-partnership audits weren’t done. After all, how much trouble could data get into when housed in a basement server?

Phase 2: Software-as-a-Service (SaaS)

This first phase of vendor security continued until the introduction of cloud-based SaaS business models. However, storing data in cloud-based structures introduced a whole host of risks and threats. Cloud security was suddenly thrust into the spotlight as a consideration for vendors, customers, and organizations.

In this phase of vendor risk management, the vendor serves as the main controlling force behind data security and determines how and what information is shared. Vendor risk assessments and questionnaires can help determine whether an organization can safely share information with another, but it could take weeks for a vendor to respond to a Q&A request. While this phase opened up the world of InfoSec, it did create some gaping holes in the process.

Phase 3: Hyper-Connected World

Now, our hyper-connected world is creating new opportunities and challenges for InfoSec teams. With both customers and vendors having real power behind their data and analytics, vendor security arrangements can be jointly defined and executed on both sides.

Security is now a competitive differentiator from a sales perspective and a topic discussed during the vendor selection process. Many times, executives and upper-level managers are actively involved in the vendor security process and these conversations. Additionally, security profiles, postures, and workflows are proactively addressed and publicly published for complete transparency.


About the Author

Now is the time to shift from reactive to proactive vendor risk management. Whistic can help you get there. You can learn more about how Whistic is helping InfoSec teams operate more efficiently and effectively in this hyper-connected world here.

Share this content on your favorite social network today!