Using strong data security for business advantage

19th November 2019

Becky Pinkard
CISO, Aldermore Bank

There’s a crisis of confidence underlying digital transformation. Businesses are investing heavily in cloud deployments and even putting themselves through company-wide change management initiatives to re-build their operating models – sometimes from the ground up.

Constant worries about cyber attacks however, are shaking these new foundations. Boards are concerned about loss of IP, reputation and revenue after a significant attack or system outage. Consumers, partners and clients meanwhile, fear that their data can be exposed, damaged or lost.

Surveys show that consumers will abandon a brand after a major breach, and that makes cyber a source of differentiation. Strengthening a company’s reputation for data and privacy protection can breed confidence: not only with customers but also inside IT security teams and among those sitting at the organization’s top table.

In an environment where everyone is rushing to innovate and be first to market, the risk of moving too quickly and treating strong data security as an afterthought is real. For any organization that wants to realize the long-term benefits of digital transformation, cyber has to be treated as a baseline requirement for sustained business advantage.

Cloud security concerns haven’t really gone away

We’ve seen repeated examples in the media where people files have been accessible that shouldn’t have been, so we still have to ask hard questions about data security where cloud deployments are concerned. GDPR and heightened consumer awareness mean appropriate care and due diligence have to be applied consistently around where data is held, how we access it and who can access it. Whether we’re setting up new cloud services or reviewing existing arrangements to make sure they’ve been set up correctly, the right security controls and access permissions have to be in place.

Putting people’s cyber fears to rest

Because ‘the cloud’ is still such a nebulous term to many people, it may be natural to have a level of fear about technology they don’t fully understand. Something that can help allay those fears is being transparent about your approach to security and demonstrating your risk management around cloud.

Security as a basis for growth and innovation

There are varying concerns coming from regulators and customers; for example around strong customer authentication, how we look at third party risks and even fourth party risks, and so on. As pressure increases to get data security right, we have to be able to take those regulator and customer concerns and then turn them into the correct measures for our products and our customers. We can use cyber to create transparency for customers so that they have a feeling of assurance that they’re in good hands.

Are breaches inevitable?

Security in the past may have been a bit of a mystery to non-technical parts of an organization. One of the things I’m trying to do is make sure that my superiors and my team understand that cyber is not a guarantee. It’s up to us to make sure that we have excellent visibility of network activity, effective monitoring and clarity around events when they happen. We then have to ensure we have sufficient responses and follow-through if a breach does occur.

View our full interview with Becky as part of our Security Begins Here series.