You need to protect your data. That being said, there are a few things you should be thinking about when it comes to your platform. To clarify, we will break it all down for you. We’ll explain what you should be considering in regard to your platform.
5 Primary Parts to a Digital Platform
First, there are 5 primary parts to a digital platform. Here is what they are:
- Software selection
- Content planning
- Content modules
Questions You Should Be Asking Yourself When it Comes to Your Platform
Then, there are a few questions you should be asking yourself about your platform.
- Where is my CMS or platform built? (In house, open source, vendor provided, etc.)
- Does it provide:
- Audited logs?
- Staging sites?
- Are there patches or new revisions?
- Have I reviewed all content for security risks?
Basic Security Measures for Your Platform
Next, you have to take security measures when it comes to your platform.
- Always consider HIPAA, PCI and PII.
- Verify third party (authorize.net, Paypal, etc.) compliance.
- Consider encrypting data where it’s stored.
- Store the minimum data needed.
- Place modules under SSL.
- Examine downstream processes for how data is handled.
Mobile Sites – Risks and considerations
Another key point is mobile sites. There are risks and considerations you should be thinking about.
- Personal devices (BYOD) and enterprise; access/content (managed and unmanaged devices).
- Jail-breaking, fake apps, QR codes.
- Malware, social engineering attacks, infected SD cards.
- Activity/data interception & routing, insecure data storage.
- Lost or stolen devices.
Mobile sites – Solutions
Then, you have to consider solutions for your mobile sites.
- Mobile Device Management (MDM).
- Policies, configuration compliance, usage.
- Sanitize app user inputs, anti-malware, anti-spyware.
- Provision VPN profiles, SSLVPN, secure mobile forms.
- Remote data wipe, mandate PINs/passcodes.
Then, there are cloud considerations to keep in mind.
- Secure access
- Built-in firewalls
- Unique users
- Is there Multi-factor authentication?
- What are the VPN options?
- Is it Isolated GovCloud or Cloud HSM?
- Is your hosting vendor certified or audited yearly by an independent party?
- Have you visited the data center?
- How will the hosting vendors help in a security incident?
- Does your organization host? Therefore, does technical team have incident handling procedures documented?
- Have the technical teams investigated what role their ISPs will play in helping mitigate issues?
- In reality, if you’re not planning, then be prepared to fail.
- Security should never be an afterthought. So, use basic security principles and the questions that they answer as guidelines. Overall, make sure security is built into every phase.
Given these points, make sure you are implementing these platform considerations. As a result, you’ll ensure data protection.
At Goalpost Group, we help our clients break the cycle of bad marketing using strategy, structure, and killer content that drives sales and wins the day. Get in touch with a member of our team to learn more about how we can help transform your marketing.