Plan for Data Privacy Today and Avoid Costs Later
Data privacy regulations are here. Companies that operate in Europe or California are working to ensure compliance with the GDPR and CCPA. Smaller US companies below the $25M revenue threshold of the CCPA are quietly watching as large companies are getting fined. The GDPR alone has fined an estimated 800 companies in the past two years with cumulative fines since it went into effect of $1.2 billion.
So smaller companies concerned with data privacy laws are diligently putting together privacy policies and trying to minimize any personal data collected to ensure the spotlight doesn’t shine their way. But is it enough?
Startups Need to Take a Zero trust Approach to Data Privacy
The reality is that data privacy regulations are being introduced at state and federal levels at a rapid pace, while decisions in lawsuits like Schrems II are interpreting existing rules restrictively. Small companies can’t take a wait-and-see approach to data privacy. Startups will find value in building a zero trust architecture to ensure that data and metadata are completely protected.
Data security and data privacy tend to overlap, but at its core, data security is about protecting the data, and data privacy is about limiting and protecting the metadata collected. While companies familiar with best practices will minimize the amount of data they collect, some metadata is needed for certain application features to function. This is where security again overlaps with privacy, as the next step is ensuring that metadata is secure. A zero trust approach to this involves implementing security measures that assume no one can be trusted.
Data storage is an area that hasn’t traditionally utilized zero trust security. If you’re using centralized cloud storage, the storage provider has access to your metadata—particularly if you’re not paying extra for encryption. The only truly zero trust data storage option existing today is decentralized cloud storage, as the entire system is built upon a zero trust architecture. Here are four steps that describe how decentralized cloud storage works:
- An object is uploaded and encrypted
- That object is then split into pieces
- Those pieces are then distributed across a global network of independent Nodes
- Those pieces are then retrieved, and reassembled when you need them
Here is a more in depth explanation of how decentralized cloud storage works.
Potential Costs of Not Using a Zero Trust Approach
Decentralized cloud storage is still new, so some companies are taking a wait and see approach. The problem is that they’re leaving themselves vulnerable to data privacy issues. Here’s a breakdown of the risks and related costs involved.
Risk #1: Customer Backlash
Consumers are getting more educated (and outraged) about the lack of data privacy in applications they use. They want all the great features of an application but don’t want it at the cost of sharing their data with others. Users don’t even want providers to see their data. So if satisfied users discover data exposure beyond what they are comfortable with, they may choose to stop using the app or tool.
A great example of churn over data privacy happened earlier this year to WhatsApp, a secure messaging app. An Apple security and privacy update shed light on how WhatsApp was collecting much more metadata than its competitors and sharing this metadata with Facebook. The result was millions of users abandoning the app for competitors like Signal.
Risk #2: Fines, Customer Loss, & costly Repairs
Data breaches are another example of how data privacy and security tend to overlap. If a startup is not protected with a zero trust cybersecurity model, then it runs a higher risk of malicious attackers stealing and possibly exposing data. This can result in upset customers whose privacy has been violated leaving the application. And regaining customer trust is no easy task.
In addition to revenue loss, a data breach is incredibly costly. The IT team or a third party will need to make sure the attacker is out of the system, ransomware may need to be paid, and there is typically a high spend on PR damage control. The more startups can provide data security in storage with a zero trust policy, the more they lower the risk of violating customers’ data privacy.
Risk #3: Fines for Non-Compliance
Privacy regulations are complicated and rapidly evolving, but as data privacy becomes more of an issue, fines for not being compliant can have devastating consequences for companies—especially smaller startups.
While Amazon or Google may get hit with hundreds of millions in fines and survive, it’s much more prudent to have a strategy in place, rather than leave it up to chance. With that being said, early-stage companies should plan and incorporate a zero trust model from the get go, or suffer the potential consequences.
Risk #4: Changing Cloud Storage Services Later
Companies that still want to take a wait and see approach to data privacy are at risk of getting hit with high egress costs when they are ready or forced to switch. In other words, when customers or the regulations cause a company to reconsider their cloud storage strategy, moving data to a zero trust storage solution can be costly.
Centralized cloud storage providers like Amazon, Google, and Microsoft give many incentives to utilize their services but will penalize those who want to leave heavily. In fact, the more data that has been accumulated, the higher the fees to switch to a new provider. As a smaller company planning on growth, it makes sense to avoid this problem and start with a zero trust cloud storage provider.
Read the comparison of data privacy in centralized and decentralized cloud storage here.
Don’t Risk Data Privacy—Start with Zero Trust
Any one of the risks discussed in this article have the potential to end a high-growth company. Holistically, the risks are too significant to ignore. That is why smart companies are seeking better data privacy solutions and addressing compliance sooner than later. The good news is that taking a zero trust approach to data privacy in cloud storage is quite simple. It’s just a matter of choosing a cloud object storage provider built on zero-trust.
Take advantage of zero trust decentralized cloud storage today.