New research from Forrester predicts that strong privacy policies will give businesses a competitive edge in 2015. We think Forrester has a good point. Research shows that privacy is a major concern for consumers, so companies with strong security will be able to leverage their strength and enjoy the marketing benefits. When faced with the otherwise equal choice of a company with a history of big data breaches versus one with notoriously tight security, consumers will choose security first. Similar to the corporate social responsibility movement, consumers will vote with their dollars, giving the advantage to companies that align their values with those of consumers.
2015 Will Be the Year of the Privacy Advantage
Forrester says this is the year that privacy becomes a competitive differentiator among businesses. Gartner started talking about this in 2012, pointing out the need for cloud providers to offer better security and compliance protections to enable wide-scale adoption of the cloud. Since then, we’ve learned a hard lesson. Although it’s true that businesses need better security and compliance protections, they can no longer afford to trust their implementation to a third party. What changed the landscape so drastically? Two words: Edward Snowden.
When Snowden uncovered the depth of NSA intrusion into public data, he requested a transfer to allow him to gain even deeper access. His actions covered a span of several months where he made it his personal mission to make sure the public knew about the NSA’s ability to gather information from corporate internet leaders. This had a twofold effect. Companies realized that if the NSA could access their data and Edward Snowden could breach NSA security, their data was not safe in the cloud if they relied on cloud vendors to keep their data secure. Even if vendors had robust security, the NSA could still require them to hand over the data.
Privacy and Consumer Sentiment
While the Snowden scandal raised significant concerns about the privacy of data residing in the cloud, it also became clear to consumers that companies were losing their personally identifiable data at a frightening pace. Major breaches at several large retailers in 2014 showed that retailers faced significant challenges keeping consumer data safe.
This creates a general feeling of distrust between consumers and the companies they want to do business with. A TRUSTe survey focused on the Internet of Things (IoT), the sector of technology focused on smart devices, revealed:
- 35 percent of Americans own a smart device in addition to their smartphones
- 79 percent of US consumers worry about how smart devices use the personal information they collect
- 69 percent want ownership over the personal data collected by their smart devices
- 87 percent say they worry most about personal information being used in ways that they don’t know about
- 86 percent worry about malware infecting their smart devices
Forrester points out that 62 percent of consumers say they would not buy again from a company that shared their information with a data broker and 37 percent have cancelled an online transaction because they didn’t like the terms of service. That’s an enormous level of awareness in a world where terms and conditions are usually glossed over or ignored altogether.
How the Privacy Advantage Differs from Social Responsibility
There’s a vital difference between these consumer-driven trends that companies must understand. When it comes to social responsibility, consumers place a small premium on socially responsible goods and companies, but they strongly penalize companies who demonstrate poor values. A company selling an organic cotton T-shirt can get a few more dollars for the product. But a company selling T-shirts made in a sweatshop will see a far greater drop in the price consumers are willing to pay.
This means that companies must understand exactly what consumers want when it comes to privacy and security and that they must take great pains to avoid policies that undermine security. One could argue that there is no such thing as overshooting the mark on security. It benefits consumers and the business itself. At the same time, companies will always look to find the “sweet spot” where additional effort or investment in security only provides diminishing returns.
How Secure is Secure?
Encryption key strength is an interesting example. Many security services and products tout 256-bit or even greater encryption complexity. But most cryptographers believe it would take thousands (if not millions) of years to crack a 128-bit key given our current processing technology. Does it make sense to invest in greater complexity when the current level is already far more than adequate? It would make sense only if consumers believed that to be the case. Otherwise, no advantage exists. You’ll have to do your own market research on that one, as there is no universal agreement on the issue.
Public relations and marketing will have pivotal roles here to ensure the public recognizes your efforts to keep their data secure. Companies can protect themselves and consumers with stronger security, but it will not be much of a strategic advantage if the public doesn’t realize the level of effort you put in.
The Cultural Shift to Security by Design
Companies that make security an integral part of their culture will include security as a central theme in every aspect of the business. It will be included in product design, production, and sales. Any data that, if compromised, would pose a threat to the company or consumers will be encrypted. The keys needed to unencrypt data so that it becomes usable must also remain secure. Network monitoring can identify unusual access patterns and secondary authorization controls can make sure no single person is in charge of access to keys. These measures need to be in every aspect of the business – not just situations where consumer data could be compromised, but also to prevent insider theft and industrial espionage.
HyTrust Can Help You Gain the Privacy Advantage
Companies that take privacy and security seriously will align their values with consumers, gaining their trust and their dollars. Certain technologies can give companies a privacy advantage and HyTrust offers them. HyTrust DataControl®, for instance, can ensure that data you run in Amazon, or in any private or public cloud, remains secure.
We also provide operational assurance for the private cloud with HyTrust CloudControl®. CloudControl can prevent accidental or malicious activity from privileged private cloud administrator accounts. Two-factor authentication is a vital part of CloudControl, along with policy-based controls and comprehensive logging of administrator actions, letting you identify and even prevent intrusions before they become a threat. Contact us to find out more.