It’s all fun and games until a data breach costs you millions


Rupert Tagnipes

Director of Product Management

Data is pretty neat: It can help uncover trends for more insightful business decisions, improve customer satisfaction and service, calculate the perfect dating site profile, and be weaponized by people with ill intentions.

Yes, with all of the good that data brings, such as life-saving healthcare initiatives, data can also bring a world of hurt. Businesses that operate with vulnerable technological architecture can inadvertently exploit customers to credit card or identity theft (it’s not a joke, Jim) and, in rather extreme cases, could illicitly influence an election.

It comes as no surprise, then, that data breaches are extremely costly. Organizations that fall victim to these attacks can end up spending upward of millions of dollars to rectify the breach, some of which—brand reputation, trust, and customer base—may never fully recoup.

The good news is that innovations in cloud-based planning technology can help businesses secure data, guarding it more securely against unauthorized access. For businesses that need an even higher standard of protection, such as those in the financial services industry, advancements in solutions can even provide additional layers that further encrypt sensitive data.

Below are four questions you can ask your cloud provider about its data security safeguards, as well as the benefits of bring your own key (BYOK) solutions supporting businesses that need even higher standards of protection.

Security features that cloud providers need to have

Data breaches threaten every organization in every industry. As cyber criminals evolve, leading technology vendors need to re-evaluate and innovate upon how they approach data management. With a wide range of cloud service options to choose from, customers should make data security a key part of any initial and ongoing conversation.

By discussing data security up front in the selection process, customers can feel confident that their data will be protected through up-to-date security measures. The following four questions are a great starting point for talking through safeguards that ensure greater protection against data threats.

  • What types of security measures does the provider take to safeguard customer data?
  • Does the provider use end-to-end, “defense in depth” techniques that provide a multi-layer approach to protection?
  • Does the provider run consistent third-party penetration tests and comply with standards such as International Organization for Standardization (ISO) or Service Organization Controls (SOC) certifications?
  • Are there multiple authentication options available to control authentication without a need to physically store passwords?

Defense in depth security, in particular, addresses diverse types of cyberattacks by implementing various defenses at each layer of an application. Following a best-practice defense in depth security model is critical when protecting data across any ecosystem, whether on premise or in the cloud. This reflects the “deterrence, detection, and response” strategy of data protection.

Securing sensitive data with a cloud-based encryption solution

Recently, bring your own key (BYOK) solutions have been introduced in enterprise planning to provide businesses with an additional layer of managing and controlling their data. BYOK solutions supply organizations with trusted, high-quality data and can be used to closely support IT objectives and protect, control, and encrypt proprietary data.

BYOK is designed to protect against attack vectors focused on data at rest, as well as preventing intrusion by those with back-end access to systems. It delivers strong encryption at the data level, and it augments layers of security that protect software and hardware.

Additionally, they can provide the following six benefits to customers:

  • Removing provider access to company data by giving full transparency and complete access to the organization’s encryption keys
  • Encrypting, auditing, and protecting data at the workspace level so that proprietary data can be incorporated into planning and forecasting
  • Enabling customers to develop their own solutions for government regulations and compliance with ease by avoiding complex third-party integrations to reach acceptable security levels
  • Providing the right users with access to the right data while ensuring the protection of individual rights and privacy
  • Delivering an easy integration that reduces set-up and maintenance costs of additional security infrastructure
  • Using a hosted security solution that doesn’t require any on-premise hardware

Maintaining an open dialogue with current and prospective providers around data security remains a critical opportunity for today’s businesses, and it helps keep the best interests of consumers top-of-mind. Businesses that leverage data security in cloud technology can now ward off cyber threats with a greater peace of mind.

Interested in Anaplan’s bring your own key (BYOK) encryption solution and hearing about why it helps our customers sleep soundly at night?

Learn more about how Anaplan approaches data security differently.

Read paper