Data privacy is paramount in this day and age.
Acadia handles data from millions of customers, on behalf of our clients. Most importantly, we treat all data with the same level of privacy. Regardless of company size, or type of data – down to phone numbers and emails – Acadia takes every measure possible to ensure that data is safe. Why? Because all data, no matter how nominal, is only as well protected as the most private piece of information (say, a credit card number) being stored. So the best approach, and Acadia’s approach, is to secure everything as if it is highly sensitive.
Acadia’s approach to data
When new clients come into the fold, Acadia starts with a Q&A to talk through our security posture and get the information needed from new onboards. For larger clients, we complete a risk assessment. This may involve 800 questions, or a short survey. The goal is to understand the type of data that will be stored by Acadia, who has access to it, and potential risk identification. Only once that is complete does any data come under Acadia’s purview.
This process means that from the get-go, Acadia is looking out for data security. It starts with how clients share their data with us. Without a trusted data sharing partner, that might raise red flags. We encourage Snowflake, the data cloud manager, for secure data transferrals back and forth using its security umbrella. Historically, large text files have to be transferred through a third party data protection service, making it less secure. Snowflake is a favored tool among Acadia partners, which makes it an ideal partner for us. Cost of ownership is based on data usage and consumption, which also makes it competitively priced.
Getting to know zero trust
Meet the latest buzzword in data security: zero trust. The security framework has become a hot topic in data privacy circles (if you’re really in the know, you’ll recognize it as NIST 800-207, the shorthand for the National Institute of Standards and Technology document containing the definition and parameters).
What started as a solution for network protection has become a data protection tool for companies as well. Zero trust requires that any user, in or outside of an organization, must be authenticated and authorized before touching any data within any network, including those in the cloud. Zero trust has evolved into data strategies, as companies including Acadia apply this outlook to data protection to its own strategies. What does this mean for us? Any user, even if they’re logged into the network, is not automatically entitled to our assets and can’t touch any company or client data without being additionally authorized. It’s all based around multi-factor identification.
The ultimate goal is to protect data against potential bad actors from exfiltrating data from the platform – essentially ensuring that data doesn’t go where it shouldn’t, in the wrong hands. All together, the measures that Acadia has in place under its zero-trust policy ensures that the right controls are in place without letting up.
Protections in place
What happens when there are risks? To catch abnormal behavior, anomaly learning detection software tracks typical logins and visitors to identify when something out of the ordinary might be trying to access the data. Unknown new users will set off an alert, for instance. Everything is encrypted, even beyond the storage level.
People assume that storage at rest is safe. But that only protects against employees – at the application level, you can protect against outside attackers.
Acadia takes all of this seriously so you don’t have to. Our data privacy practices rise to the same level as our marketing practices, so it feels as much a core part of our business as our core business. This means building trust with clients like you to share your valued customer information, safely and securely, with full transparency – no matter how big or small your company is.
Carol Davis is the Head of Technology at Acadia.