This The Transform Technology Summit begins October 13 with a low-code / no-code: Enabling Enterprise Agility. Register now!
Consumer confidence in companies is increasingly rare, especially when it comes to data management and protection. The trend is accelerating as cyber attacks continue to grow and vendors use more customer data as part of strategic initiatives.
Businesses need more customer data to improve online sales, and how well a business handles this cyber trust gap can mean the difference between driving new digital revenue.
KPMG’s latest “Corporate Data Responsibility: Bridging of Consumer Trust Gap” report calculates how wide the trust gap is today and what factors are accelerating it. With 86% of consumers surveyed saying data privacy is a concern and 68% saying companies ’level of data collection is worrisome, closing the growing trust gap is not easy. The survey is based on interviews with 2,000 US-based customers and 250 director-level and high security and data privacy professionals.
While most security and data privacy leaders (62%) said their organizations should do more to strengthen existing data security measures, one in three (33%) said consumers are concerned about how their company uses their data. Should be concerned.
Furthermore, security and data privacy leaders are not sure how reliable their own companies are when it comes to handling customer data. A third (29%) say their company sometimes uses unethical data collection methods. And 13% of employees do not trust their employer to use their data ethically.
In short, the gap of cyber trust is wide, the future outlook of enterprises is largely based on the relevance of their data security.
Data governance alone does not work
Top-down approaches to data governance and data management are not closing the gap sufficiently. KPMG concludes that 83% of consumers are unwilling to share their data to help businesses create better products and services. And a third (30%) is unwilling to share personal data for any reason. This cyber trust gap continues to widen despite many businesses implementing a corporatewide data governance framework.
According to KPMG U.S. Privacy Service leader Orson Lucas, the trend of pushing customers back against data requests 70% of security and privacy leaders say their companies are stepping up efforts to collect customer data.
“Failure to overcome this division could present a real risk of losing valuable data and insights, which promotes business growth,” Lucas said. Clearly, data governance and data management initiatives need to prioritize customers from the start of the project if companies are to recoup large investments made in these areas.
In this way faith becomes zero
The goal is to protect privacy with cybersecurity that is flexible enough to give each customer access to their entire customer record. Three out of every four customers (76%) want more transparency in how their personal data is handled and used, however, only 53% of companies provide it today.
To close the data trust gap, companies need to go for a full disclosure, provide a complete view of customer data and explain how they are using it. The best way to accomplish this is to implement zero-confidence security at the individual customer account level to protect zero access endpoints, identification and other threat vectors.
By choosing to prioritize zero-trust security, companies can make progress in closing the trust gap with customers and at the same time achieve greater transparency. The choice of Zero-Trust Security to secure data responds to consumer concerns that companies are not doing enough to secure their data. Consumers are not happy – 64% say companies are not doing enough to protect their data, 47% are very worried that their data will be hacked, and 51% are afraid that their data will be sold.
Here are several ways companies can use Zero-Trust Security to provide secure, complete transparency while simultaneously protecting every threat level in their business:
Define first Identification and Access Management (IAM) to provide accuracy, scale, and speed. Getting IAM properly is the cornerstone of a successful zero-trust security framework that provides customers with secure transparency in their data. The IAM strategy needs to consider how privileged access access management (PAM), customer identification and access access management (CIAM), mobile multi-factor authentication (MFA), and machine identity management will be configured to achieve customer experience results. Confidence is needed to improve. CIAM systems provide identity analysis and consent management audit data that is GDPR-compliant, something sales and marketing teams need to improve online sales programs. Companies are also adopting a more grainy, dynamic approach to network access that can give customers more transparency. It is based on Zero-Trust Edge (ZTE), which combines network activity and related traffic with certified authorized users that can include both human and machine identities. Ericom Software, with its ZTEdge platform, is one of the many companies competing in this field. The ZTEdge platform is notable for integrating micro-segmentation, Zero-Trust Network Access (ZTNA), and Secure Web Gateway (SWG) with Remote Browser Isolation (RBI) and ML-enabled identification and access management for mid-tier businesses and small businesses. . . Additional vendors include Akamai, Netscope, Zeskeller and others.
Improve the endpoint’s visibility, control, and resilience by re-evaluating how many software clients there are on each endpoint device and integrating them into a more manageable number. Absolute Software’s 2021 “Endpoint-Risk Report” found that while endpoint devices are more over-configured, conflicting software clients will create security differences that could exploit bad performers. One of the key findings of the report is that conflicting levels of security at the endpoint are proving to be just as dangerous as none. In 2021, there will be an average of 11.7 security controls per software client or endpoint device. About two-thirds of the endpoint devices (66%) also have two or more encryption applications installed. The goal of adopting Zero-Trust Security is to achieve greater real-time visibility and control and enable greater endpoint resilience and enabling of each endpoint. The complete software approach to self-healing endpoints is based on a firmware-embedded connection that is undetectable from each PC-based endpoint. Additional providers of self-healing endpoints include Ivanti and Microsoft. To learn more about self-healing endpoints, be sure to read: “Facing Endpoint Security Hype: Can Endpoint Really Self-Heal?”
Enable multi-factor authentication (MFA) for all customer accounts so that customers can view their data securely. Endpoints and user accounts are often broken due to expired passwords. Configuring MFA in all customer accounts is given. In the long run, the goal is to move further towards password-free authentication that will make all endpoints and customers more secure from breach.
Define a roadmap for the transition to passwordless authentication for access to customer records as quickly as possible. Bad artists prefer to steal privileged access access credentials to save time and move back and forth across the network at will. Verizon’s annual performance on data breach investigations continues to find that abuse of privileged access is a major cause of breaches. Account access to eliminate password vulnerabilities requires a more intuitive, less hateful yet multi-factor approach. Leading providers of passwordless authentication solutions include Microsoft Azure Active Directory (Azure AD), Eventy’s Zero Sign-On (ZSO), OneLogin Workforce Identity, and Thales SafeNet Trusted Access. Each of these has unique strengths, resulting in Ivanti’s Zero Sign-On (ZSO) production across multiple industries as part of the company’s Unified Endpoint Management (UEM) platform. Ivanti uses biometrics, including Apple’s Face ID, to gain access to personal and shared corporate accounts, data and systems.
KPMG’s research found that 88% of consumers want companies to move forward in establishing corporate data liability and share more details on how they secure data. Addressing cyber trust issues boils down to providing more transparency, and companies need to focus on zero-trust security and its underlying benefits for accessing customer data.
VentureBeat’s mission is to become a digital town square for technological decision makers to gain knowledge about changing technology and practices. Our site delivers essential information on data technology and strategies to guide you as you lead your organizations. We invite you to become a member of our community, access access:
- Up-to-date information on topics of interest to you
- Our newsletters
- Gated idea-leader content and discounted access to our precious events, such as Transformation 2021: Learn more
- Networking features, and more
Become a member