Is personal data safe on a cloud based CSP?

How is the growth of cloud based customer service platforms impacting data protection, especially for those organisations with highly sensitive personal data?

The popularity of cloud based customer services platforms has grown at an exponential rate across businesses, public sector organisations and charities. In addition to removing the need for organisations to run their own systems, the platforms provide immediate savings of both time and money to the customer and offer flexible pricing options (which can generate further financial savings). What’s more they are a driver for a type of innovation that may not otherwise exist in traditional software offerings.

[easy-tweet tweet=”The popularity of cloud based customer services platforms has grown at an exponential rate ” user=”ExpAssist”]

Adapting to new technology

Adapting to new technology that allows access to applications, documents and software from any web-enabled device has inevitable risks. There have been numerous examples of security breaches across the public, charity and private sectors due to malevolent activity or operational errors releasing highly sensitive personal data. One very clear example is the recent high profile case involving mobile phone retailer Carphone Warehouse, which is at the centre of a major data breach investigation after up to 2.4 million customers’ financial information and personal details were accessed through a malicious cyber hack.

Risks of data protection

For organisations such as charities that hold highly confidential beneficiary and stakeholder information, data protection is a big issue, and rightly so. Staff can face criminal charges and the organisation may risk losing customers as a result of reputational damage. What’s more, organisations could also face fines worth up to £50,000. Having robust data security in place is absolutely paramount to avoid long-term damage.

The biggest risk for customer data leaks is from a contractual, rather than technical perspective

The biggest risk for customer data leaks is from a contractual, rather than technical perspective. So as cloud based customer services platforms continue to evolve and underpin processes of organisations throughout the world, it is crucial that organisations have a clear understanding of shifting regulations and responsibilities that must be upheld when protecting data.

Effect of privacy breaches

[easy-tweet tweet=”Due to EU regulation changes organisations now have increased responsibility to minimise data breaches”]

With the growth of customer service cloud platforms, and more data being generated by customers across multiple channels, many organisations are using third parties to store and handle customer information on behalf of organisations. But as the EU shifts its regulations to adhere to increased levels of cloud data storage and online customer service platforms, organisations now have increased responsibility to minimise data breaches. They must show they have developed policies and provided in-house training tools to teams, in addition to demonstrating that they have checked their data cloud provider is also taking the appropriate security measures to protect, secure and share highly sensitive customer data. Signing an agreement that ensures the cloud provider has enforced appropriate policies and procedures, and that teams have also been trained in the right way is important when future proofing the storage of customer data. If a leak occurs, it is likely the cloud provider won’t accept liability for data security – meaning the organisation will bear the monetary and reputational brunt of the consequences. 

The effects of privacy breaches on organisations using customer service platforms can have significant and long-term damaging effects.  For example, customers may lose trust in the company and take their business elsewhere, particularly if switching costs are low. In addition, where big data loss scandals are concerned, it takes a substantial amount of time and money to conduct a review into what went wrong and integrate more advanced security processes and procedures. Security breaches can have a major impact on reputation, which can consequently deter future customers and cause a long-term impact on revenue streams. Ultimately, prevention is key.

Preventing security issues

ddos-impact-survey-infographic-hires
Read more about Security and DDoS attacks here

Read more about security and DDOS Attacks hereTo prevent security issues, it is vital that companies work with an accredited cloud vendor with a working Information Security Management System that is certified to ISO 27001 or equivalent security standards. This is because the parameters for how data is stored and protected haven’t changed since the last update of the Data Protection Act in 1998. With increasing numbers of organisations using integrated and customer-centric technology systems to provide support systems, it is important that personal and sensitive data is secured to prevent misuse or unauthorised modification of data, regardless of its type.

In addition to signing a contract, it is also important that companies receive a technical description of how customers’ personal data is stored, secured and processed to validate the provider’s claims. However, cloud suppliers may be reluctant to share this information, as they may not want to share insights on processes that could make them redundant and vulnerable as a supplier. Ultimately, it is likely that the cloud vendor will have a number of different clients of varying sizes, and smaller companies may find it more difficult to retrieve the information they need over larger enterprises.

Advantages to outsourcing to cloud vendors

There are numerous advantages to outsourcing to a cloud vendor with a portfolio of different customers. For example, if the supplier has received various different briefs from a number of companies, it is likely their solution and the systems on which it runs will have gone through extensive testing and updates to support the influx of highly sensitive data. They will also be equipped to run and support this advanced level of infrastructure, and will be likely to have teams who constantly monitor systems to maintain the security of its contents. Conversely, if a company hires somebody to build a unique solution, then it is likely it may not have undergone the same level of testing, which ultimately may result in security breaches. This is a particular risk factor if the company’s in-house team isn’t highly trained in managing the security of the server accurately.

As more organisations invest in cloud based software to transform the customer journey and analyse business performance, investing in a robust security system and ensuring IT functions are understood and valued by all is absolutely critical for any organisation working with highly sensitive data.

[easy-tweet tweet=”Ensuring IT functions are understood is critical for any organisation working with highly sensitive data” via=”no” usehashtags=”no”]

+ posts

CIF Presents TWF - Miguel Clarke

Newsletter

Related articles

Generative AI and the copyright conundrum

In the last days of 2023, The New York...

Cloud ERP shouldn’t be a challenge or a chore

More integrated applications and a streamlined approach mean that...

Top 7 Cloud FinOps Strategies for Optimising Cloud Costs

According to a survey by Everest Group, 67% of...

Eco-friendly Data Centres Demand Hybrid Cloud Sustainability

With COP28’s talking points echoing globally, sustainability commitments and...

The Path to Cloud Adoption Success

As digital transformation continues to be a priority for...

Subscribe to our Newsletter