Preserving Customer Privacy With Zero Trust

Share this post:

To say that the pandemic accelerated the growth in online shopping, as more people chose to make purchases from the comforts of their home, is an understatement.

Digital interactions on a rise

As per a survey titled IBM Consumer Security Study – India Report, conducted by Morning Consult, on behalf of IBM Security, there was a considerable increase in digital interactions during the COVID-19 pandemic across retail, grocery, restaurant, and pharmacy segments (see graphic below).

% consumers using primarily digital formats vs. physical

Source: IBM Consumer Security Study – India Report

This trend is here to stay, as most Indian respondents are likely to continue digital-first interactions because of the convenience it offers, and because of the continued fears of the 3^rd wave.

Convenience over security

A worrying trend, however, eminent from the survey, is that Indians are choosing convenience over security. Picture this:

• 47% of the respondents said that they use the same credentials across online accounts.
• 49% said they store their online account information in their memory and 35% said they store it on a piece of paper.

With convenience comes risk

As per IBM Security X-Force, incidents involving e-commerce threats have increased nearly 400% since 2018, globally. Additionally, the Morning Consult survey tells us that four in ten Indians would avoid using an online platform to shop or place an order over concerns over privacy.

Additionally, the Personal Data Protection Bill, which is currently being analysed by a JPC, could result in penalties of up to INR 15 crore for non-compliance with personal data requirements.

So, what does all this mean for businesses looking to increase their focus on online interactions?

To thrive and grow in this booming market, as an e-commerce store, businesses need to build loyal customer relationships.

The best relationships, as one would imagine, are built on trust. And trust takes years to build, seconds to break and forever to repair.

Customers trust businesses with their data – all kinds of it, personal, demographic, and financial data. And businesses need to repay that trust by protecting this data and customer privacy.

However, with a recent string of breaches, customer trust is on shaky ground.

Zero trust to protect customer privacy

The need of the hour is to create a stronger security posture and limit potential risk. Businesses must protect privacy across a growing number of digital touch points.

But how do you do that?

To assure the greatest levels of security and protect customer privacy, businesses in India that are looking to increase their focus on online selling should consider adopting a ‘zero-trust’ approach.

You might ask why zero trust, and why zero trust now?

Given that sensitive data is pervasive, interspersed throughout the organization, businesses need to consider implementing privacy measures that extend data protection across the entire enterprise.

A zero-trust approach to data privacy and security never assumes that any user, application, device, or process is trustworthy. Instead, it continuously evaluates whether someone or something should have access to sensitive data based on contextual information. This continuous verification relies on context so that every user, every device, every connection must prove a legitimate need.

There are different types of users that you will come across. The question is, in a digital world, how do you decide who you are going to let into your circle of trust. The table below shows us how.

In addition, data privacy regulations require clear and transparent user consent management. Many businesses lack the processes to effectively obtain and track consumer consent. Hence, it is important for personas like developers and privacy officers to have the ability to collaborate quicker and more accurately to embed requirements directly into applications while automating away unnecessary repetition. Adoption of zero trust approach enables that enterprise-wide collaboration.

Zero trust approach ensures a smooth and secure experience for your users across the omnichannel journey. In that context, some must-have use cases:

• Risk-based Multi factor authentication (MFA): Built-in authentication that prompts users with (Two-factor authentication) 2FA based on selected risk criteria on device / user intelligence.
• Password less authentication: Allows bio-metric access.
• Scalable, cloud-based authentication: Highly extensible, reliable, and easy to use.
• In-built APIs: Enables developers to develop embedded security features in new applications.
• Cognitive phishing: Detection that identifies phishing attacks; gathers threat intelligence; learns from intelligence gathered to self-tune its algorithms and protects against new phishing threats.
• Behavioral bio-metrics backed by AI/ML: For improved fraud detection capabilities and identification of true users vs. fraudsters.
• Automated malicious pattern recognition: For increased speed of analysing and uncovering new threat intelligence.
• Privacy, consent tracking, and progressive profiling need to be consistently enforced across channels and interactions.

Zero trust is a marathon, not a sprint

It’s important to remember that zero-trust approach aims to wrap security around every user, every device, every connection — every time, and hence it takes time to build and is continuously adaptive.

To get started with zero trust, CISOs need to ask – and answer – some pertinent questions:

• How to map out business goals and define a zero-trust strategy tailored to specific needs?
• How to understand the landscape and capabilities offered by the current security and IT investments and identify gaps?
• How to clarify and prioritize zero trust projects and initiatives to ensure demonstrable success?

If you want to know where to start or how to merge existing solutions into a zero-trust security strategy, IBM Garage experts can work with you to co-create a modern, open approach to zero trust security. To get started you may consider the IBM Zero Trust Framing & Discovery Workshop. Click here.

To summarize, nothing is perhaps as important to an organization’s brand reputation as keeping its customer data private. Zero trust approach provides organizations with adaptive and continuous protection for users, data, and assets, plus the ability to manage threats proactively.

The practice of never trust and always verify aims to wrap security around every user, device and connection for every single transaction, and in the process helps CISOs safeguard their crown jewel – sensitive customer data – against cyber threats, by making data access limited and conditional.

It can help organizations protect customer privacy with access controls that are based on least privilege, giving access to only those with a legitimate need and for the agreed upon purpose.

Zero trust is always on the job to proactively find and address a compromise quickly and effective.

My next blog in this series will focus on zero trust for insider threats.

Connect with Tushar Haralkar LinkedIn

Read more here:

Ebook: Why data privacy is much more than compliance

Blueprint: Preserving Customer Privacy with Zero Trust