It’s been said that security is only as strong as its weakest link.
With so much technological advancement, particularly in the cloud, security and data privacy routinely top lists of CIO concerns every year. With each new cloud app they add, companies rely on the prowess of that cloud provider to maintain strong security and protect valuable data, because data security incidents can result in significant business impacts.
Fortunately, many cloud providers continually invest in their security and privacy measures. In fact, recent Gartner research indicates that cloud providers aren’t the biggest threat to security, by far. Gartner says 95% of cloud security failures are caused by users rather than providers.
Of course, that doesn’t mean cloud vendors are in the clear. Maintaining world-class security remains a labor-intensive process for any provider that takes security seriously. Doing so requires a constant process of evaluating both technical risks and market needs, and reflecting them in a provider’s security capabilities. It also requires strong methodologies. One of those methodologies is called “privacy by design,” a set of principles for designing high privacy standards into products. Partnering with cloud providers that use privacy-by-design philosophies makes sense to ensure that data and user privacy considerations are systematically considered throughout the products that your organization adopts.
The integral parts of privacy by design
Privacy by design makes privacy a key foundation of the entire product development process. Privacy by design incorporates seven key principles:
- Proactive vs. reactive: rather than wait for privacy issues to appear and then react, privacy by design evaluates the landscape and anticipates
- Privacy as the default setting: privacy shouldn’t require a user to enable it. Data and user privacy should be protected by default
- Privacy embedded into design: rather than building add-on privacy features, these elements get embedded into the core of products
- Full functionality: increased privacy doesn’t need to come at the expense of other product capabilities. Make privacy positive-sum instead of zero-sum.
- End-to-end security: privacy is protected, in part, by security embedded into the design of the entire product, not just portions of it
- Visibility and transparency: data collection, data use, data sharing, and privacy measures, should be transparent to users and easy to understand
- Respect for user privacy: product behaviors need to be driven with the end-user’s privacy in mind.
Why is privacy by design important?
When considering cloud partners, working with providers who use privacy-by-design principles can be an important difference maker in the decision-making process for several reasons:
At its most basic level, privacy by design delivers a universal set of best practices that incorporates feedback from experts. Best practices often result in consistently stronger products.
Identifying problem areas
An offshoot of adhering to privacy-by-design philosophies is that it makes it easier for providers to identify issues in data protection.
A provider that uses privacy-by-design standards has likely developed a strong security and privacy culture that permeates all aspects of its product lifecycle.
The benefits of privacy by design
Privacy-by-design philosophies provide several benefits for providers, companies, and end-users. Among them:
Many security regulations, such as the General Data Protection Regulation, can require privacy measures. Privacy-by-design principles are an important part of achieving the goals of these regulations. In addition, following privacy-by-design concepts can help productions stay ahead of the regulatory curve. By using privacy by design, it’s more likely that a company complies with current regulations and future ones.
While nothing can prevent every data breach, strong practices like privacy by design can reduce the associated stress of data privacy.
RingCentral and privacy by design
RingCentral uses privacy by design as a core element of systems engineering. Communications data has become the lifeblood of many organizations, a fact that RingCentral takes very seriously. The RingCentral security culture also goes beyond just privacy by design. “You also have things like data handling controls,” says Michael Machado, RingCentral’s assistant vice president of cybersecurity and compliance. “These are important concepts for us. Where and to whom am I communicating? Where am I communicating from? Where are my messages and recordings of my communications stored? What are the product’s default settings?”
RingCentral takes customer data privacy very seriously, Machado says. “We don’t do any content-based targeting,” he says. “It’s important to us that our customers know that’s one of our principles as well.”
Originally published Jul 22, 2020, updated Jan 28, 2021