How to Implement a Cloud ‘Privacy by Design’ System
By Karen A. Frenkel
CASB providers should define privacy controls that operate across all apps and across the organization. It’s much harder to set privacy measures once a cloud app or system is already in use.
Make privacy the default setting with cloud apps and services and CASB software, particularly the auditing capabilities. The CASB software should protect private user information, including cloud app access and activities, from IT administrators.
User privacy controls should be core to system design, not bolted on, to make sure they work seamlessly. Mash-ups of applications and loosely integrated cloud apps can make that hard, but CASB’s can monitor for privacy-oriented data loss and automatically encrypt such data.
The same features that protect sensitive business data, like intellectual property, should also protect employee or customer data. CASB software should protect privacy as much as it strives for security.
The type of data to be stored and protected is not the only consideration–duration is important, too. CASB software should not retain any customer data and should only retain metadata needed to provide security and privacy controls.
It’s important to include users in formulating the solution rather than dictating policy to them. Communicating about what cloud activity is being monitored and enforced is vital to keeping them happy.
Above all, privacy and security controls should be user-centric and respect the employee experience. CASB software should generate automated user coaching messages explaining policy and provide users with an alternative to their activity.
With the proper use of CASB software and by following the Privacy by Design framework, you can ensure that employees safely and confidently use cloud apps to get the job done while still respecting privacy.