On April 14th last year a large market research organization in France was victim of cybercrime. An unknown group was able to access the company’s data servers and copy all of its survey data for the last year. The stolen data included surveys, respondent’s answers, respondent’s personal data and data about a confidential customer projects. During the investigation it turned out the research company had hired a local outsource party based on price. Unfortunately that company did not keep very high security standards. In the onslaught that followed more and more customers retracted work from the market research company. Seven months later the company declared bankruptcy as it could not cope with the sudden fall in revenue.
The story above has not really happened, but it could. Technology has become so common place in the market research industry that we have come to rely on it. The majority of research revenue is generated using electronic data capture. And all the collected data is stored centrally, in databases or on file servers. Just imagine what could happen if one could gain access your systems? And what devastating effect that could have on your business?
But you already know this, right? You care about security and that is why you have your servers in your own building and the door to the server room is always locked. You have a firewall in place and your people need to change their password often. But how good is our security really? How do you safeguard against malware, against hackers or against mistakes? Do you always know who is in the building? Are your servers always up-to-date with the latest software updates and security patches? Keeping your data safe is hard work.
Contradictory to what many people believe, security is actually often better in the cloud than in it is in-house or in local data centers. This is especially true for the big cloud providers like Microsoft and Amazon. They rely on the same cloud for their own infrastructure and spend large sums of money to uphold very high levels of data security. Both Microsoft’s and Amazon’s data centers are certified for many security standards, including ISO27001:2013
OK, so if you move all your data collection infrastructure to the cloud. Does that mean you are better protected? Not by definition. Yes, your servers are safer and breaking into them will be a whole lot harder, but you must also make sure that what you put on them is safe. So make sure everything is encrypted, at rest and during transfer. Limit accounts to just the level of access they need, change your password regularly and use strong ones, check for any risks that are on the OWASP top 10 list
or get a strong application firewall in place, make sure your users can’t directly access date but always go through an authenticated channel and make sure that you monitor what happens on your systems so you can check for anomalies. If you do all that, you should be pretty save.
I am pretty sure you do not want to do all of that. You want to focus on growing your business, on collecting data and creating sights from it, not on becoming an IT company. This is where you should turn to your data collection platform supplier and ask them about their cloud offer. And when you do, make sure that you not just look at the platform’s features, but also at its security. When evaluating security look for three things: product security, data security and data protection.
Ask your supplier about OWASP and ask if they conduct penetration tests. This will give you an indication of how easy it will be to break into their product or corrupt the data you collect using it. Ask you supplier about data security: do they encrypt your data and when is it encrypted: at rest or only in transit? Ask them how your data is encrypted. This should give you a good idea about how safe your data is against burglary and data sniffing. And finally ask them about data protection. If they use one system for multiple customers, which most cloud providers do, ask them how they prevent another customer from accessing your data. Ask them about disaster recovery, how much the can recover in case of disaster and how long it will take to get you back in business. And finally ask them about access controls. Who has access to your data, what kind of controls they have for making sure you data cannot be accessed by an unauthorized person or fall in the hands of someone other than your staff.
At NIPO Software we understand that securing your information is important. We know that your business is based on trust. Trust on integrity, confidentiality and anonymity. We will do everything to make sure you do not have to break that trust. Because our business depends on it as much as yours.
That is why we make use of some of the strongest security standards in our Nfield offer, in product security, in data security and in data protection. Every year we have an independent party audit our security as part of our ISO27001:2103 certification. And we make use of safest cloud platform in the world to host our infrastructure, Azure, the cloud from Microsoft.
Want to know about all the measures we have in place to keep your data safe? Read our security factsheet
. To learn more about how Microsoft keeps their cloud safe, please visit the Microsoft Azure trust center