Colorado recently became the third state to pass a data privacy law, following Virginia and California, with four more states actively reviewing bills with similar provisions. Legislators around the world are getting serious about data protection as consumers become increasingly concerned about how companies collect, use and protect their personal data.
As more businesses move to the cloud, further regulation is inevitable to safeguard sensitive information and establish who is liable in the event of data being mishandled.
To help ensure compliance with an evolving and increasingly complex regulatory landscape – and keep their customers’ information safe – organizations must proactively implement measures that give them maximum control over data.
Be Prepared and Proactive
While data privacy is top of mind because of the regulatory landscape, protecting data is not just about complying with a particular law or rule; it is about maintaining security and engendering trust. Businesses succeed when they build stakeholder confidence and customer loyalty. To do so, they need to be good stewards of the data they generate and collect.
Stewarding data includes proactively implementing a robust security framework. This framework should be able to adapt over time so that a company can readily respond to changes in regulations and stakeholder expectations, and not get caught unawares or have to spend time catching up, revamping and rearchitecting their data protection and privacy policies and technologies.
Who is Protecting SaaS Data?
Another part of being a good data steward is understanding the role data storage location plays in protection. Increasingly, massive amounts of data are stored in third-party SaaS applications which, according to ESG, account for one-third of the average organization’s mission-critical apps.
There’s a common misconception that SaaS vendors protect their customers’ data, but in reality, that responsibility falls to the company generating it. SaaS vendors are only responsible for keeping their app up and running.
In order to better protect their data and comply with regulations, businesses need to bring that data under their ownership. This means that, rather than storing it in a SaaS application or backup vendor’s infrastructure, businesses should store data in their own secure cloud data lake, such as AWS. Owning data in this way allows companies to better control who can access it and from where, and minimizes data loss, corruption and security breaches.
Keeping data in an owned data lake also enables authorized users to access the information they need, whenever they need it, without having to worry about SaaS app vendor restrictions such as API limits. For instance, some employees utilize APIs to access data residing in SaaS apps and then download it for reuse in their own systems.
Making multiple copies of data for reuse results in more touchpoints and potential access points for cybercriminals. Downloading and altering data also makes it difficult for employees to feel confident they are working with accurate information, as multiple versions of a dataset could exist.
By storing data in a central company-owned data lake repository, you eliminate the need for users to download multiple copies in order to access and reuse it. This helps minimize the surface area of exposure, reducing the potential for breaches.
Documenting Changes, High Frequency Backups
Another proactive measure companies should consider is high frequency backups of SaaS app data into their own data lakes. By capturing every data change and key information about the lifecycle of that data – i.e., where/when it has been stored, altered, or copied, and by whom – businesses can more easily ensure a digital chain of custody, something that’s very difficult to do when data is stored in third-party environments under a third-party’s control.
Capturing every change to data and storing it in their own, readily accessible cloud data lake helps prepare companies for potential regulatory audits and ensures nothing falls through the cracks.
One common thread across all of the data privacy legislation that has passed in the U.S is that customers may request access to their data and have it deleted. This can only be done if a company has a comprehensive record of its historical data.
From Risk to Reward
Companies using their own cloud data lake as storage can also more easily push data into whatever analytics and operational tools end users prefer, transforming that data from a compliance and security risk to an opportunity to inform decisions and drive business forward.
Data generated by SaaS apps can be an asset to organizations that effectively reuse it to improve cybersecurity, customer service and retention, sales, product development, and even to feed machine learning and AI training sets.
In our consistently disrupted world, reusing historical data in these ways is crucial to predicting trends, responding to threats and taking advantage of opportunities as they arise. Businesses that intelligently reuse SaaS app data achieve more comprehensive digital transformation, agility and resiliency.
A Pivotal Moment for Data Regulation
By maintaining data ownership, companies will be better positioned to keep customer data safe and avoid costly non-compliance fines.
Beyond that, as the push for data privacy continues, companies that prioritize protecting customer data will gain the public’s respect and trust. These companies will also gain the added benefits from making historical SaaS app data an integral part of their data and analytics ecosystem.
About the Author:
Joe Gaska is the CEO of GRAX