As businesses grow, they accumulate ever-increasing amounts of customer data, ranging from contact information to spending preferences to credit card details.
In the past, companies usually stored this information on local servers or in file cabinets, solutions that can become expensive and cumbersome over time.
Yet recent improvements in cloud storage allow businesses to keep entire petabytes of information for mere pennies on the dollar. Not only is this approach much cheaper than traditional storage, but when done correctly, it can also be more secure.
However, what does "done correctly" mean when it comes to enterprise-level customer data storage in the cloud?
Data Security Best Practices for Cloud Storage
There are some obvious strategies that every business should follow, including:
- Avoid the temptation of building your own cloud storage solutions. Stick with providers that specialize in 24/7 data security.
- Compartmentalize all data access. Employees, vendors and suppliers should only be able to see enough information to perform their duties correctly.
- Never use a “bring your own device” (BYOD) policy. All employees should be provided with secure corporate computers, tablets and smartphones.
- Use secure passwords that are impossible to guess. For a list of best practices, click here.
- If you handle any type of credit card data, choose cloud storage options that adhere to the strictest PCI-compliant standards.
- Choose a provider that takes data recovery seriously. It should store information on multiple servers spread geographically — and it should have clear disaster recovery protocols in place.
The above represent low-hanging fruit that are easy to implement — but to truly make your customers’ data safe, you should encrypt this information before placing it in the cloud.
What Does Data Encryption Mean Exactly?
Data encryption involves encoding information to make it less readable and less accessible to prying eyes. Most cloud storage providers offer at least some level of encryption.
You should also be sure to explore the benefits of tokenization — one of the most reliable fraud prevention strategies around.
Tokenization is most commonly used for credit card transactions. Instead of capturing and storing personal account numbers (PANs) during the payment process, merchants use tokenization to swap out these numbers with randomly generated IDs ("tokens"). The tokens can only be read by the payment processor.
Equally important, each generated token will only work with a single merchant. No other vendor (or criminal) can use that unique alphanumeric string to complete any transactions of any kind in the future.
Tokenization is highly effective at protecting credit card data. Card details are never physically stored in the merchant’s payment environment — and with nothing to store, there's nothing to steal.
Tokenization can also be used to protect non-financial data — a practice that has already become standard outside the U.S. in countries with strong consumer privacy laws. Many companies in Europe, for example, use tokenization to protect:
- Patient and employee records
- Usernames and passwords
- Email and postal addresses
Similar to only the payment processor reading tokenized financial data, only authorized parties within your organization can decode tokenized customer data. These details are worthless to everyone else — including other employees.
This last point is important. Remember that the recent NSA leak didn't come from an external hacker using malware. Snowden was an internal contractor who used a simple thumb drive.
BluePay's Enterprise Cloud-Based Payment Solutions
At BluePay, we specialize in enterprise-level cloud storage solutions to keep your payment processing and customer data safe — both from internal and external threats.
To learn more, visit Customized Enterprise Level Credit Card Processing Solutions.