11.02.19 Deon Fourie Picture Deon Fourie Principal Engineer back to blog

Security and Compliance at Audiogum

Information security and complying with industry regulations comes as standard when integrating with the Audiogum services, enabling you to offer compliant services to your customers.

A little context

We’re in the age where consumers take note and care about their data privacy, and more so since the General Data Protection Regulation (GDPR) came into effect in Europe during May 2018. Data security is being considered of paramount concern, especially since data breaches and cyber attack-related costs are expected to be in the millions of dollars annually, rising year on year.

Historically, organisations may have considered information security retrospectively, but this can no longer be the case. Information security and in particular data privacy is now considered right from the start, during project initiation, with a focus on the processing or handling of any personal data. Whether you are a data controller or data processor, there are a number of requirements that need to be considered when handling and safeguarding personal data.

Trying to build new trusting business partnerships working with providers or being a provider yourself, it is not uncommon for organisations that do not have a recognised security accreditation to miss out on business opportunities.

The internet services landscape has also dramatically shifted where data security and privacy are concerned. Being able to demonstrate and maintain compliance with standards such as ISO/IEC 27001 has become the defacto standard for information security management system (ISMS) certifications, which demonstrate that security best practices have been implemented across the accredited organisation.

Security and compliance at Audiogum
Compliance encompasses every aspect of building, maintaining and operating services.

Some big challenges

Distributed data environments

With the advent of cloud services and the global reach they provide, it is common practice to distribute user data to multiple, geographically dispersed locations in order to provide an optimal and performant user experience, no matter where in the world your customer is.

With GDPR regulations regarding data residency, Personal Data can no longer be distributed across residency boundaries. This can be technically solved by obfuscating the Personal Data in some way, but strict controls and complex technical solutions are required so that the user experience can be optimised without compromising regulatory compliance.

Regulatory compliance and diligence

Horror stories are regularly reported in the press about organisations who have been subject to a data breach. With the new GDPR regulation in force, significant financial penalties can be imposed, not to mention the cost of such an incident to your reputation and business.

Working with third party providers requires that they are compliant in order to be compliant yourself. It is not acceptable if you are compliant but an underlying service you rely on isn’t. It is no longer just “their” responsibility; today, it is “our” collective responsibility to ensure that the services offered to customers are compliant with industry standards and regulations.

Meeting and maintaining business, legal, contractual and regulatory requirements takes significant effort, skill and experience. As a result, many organisations find they aren’t adequately resourced and therefore rely on outsourcing or integrating with third party providers in order to achieve their compliance.

Furthermore, policies need to be be put in place, such as a Privacy Policy that details exactly how a user’s data is processed and managed. Security controls need to be implemented to protect user data, along with the capabilities required that supports the user’s rights regarding their data and being able to opt out, delete their data or manage their preferences on how their data is processed.

Secure engineering

Building, maintaining and operating compliant cloud services, which are constantly evolving to meet the demands of customers, is by no means a simple task. Engineers need access to all environments in a consistent, secure and least resistive route, employing security best practices throughout the development lifecycle.

Regular risk assessments need to be undertaken to identify risks to confidentiality, integrity and availability of information. These risk assessments are important for continuously improving an information security management system.

New customers and retention of existing customers

Although this is a much bigger topic of discussion, there is one key point to make on this: although you might not be able to quantify the impact of compliance in terms of attracting new customers or retaining existing customers, being non-compliant is a sure fire way to cause a decline in new customer registrations and existing customer retention.

Offering compliant services that meet regulatory requirements clearly demonstrates that you take security seriously, thereby building trust with your customers.

Solution - Audiogum’s compliance is included

ISO/IEC 27001 demonstrates our commitment to information security and implementation of security best practice across our organisation. You can read about our ISO/IEC 27001 certification journey in our ISO27k certification journey, and beyond blog post.

Furthermore, Audiogum engaged the expertise of Gregg Latchams to act as legal advisors on data privacy matters and also our own GDPR compliance.

By integrating your products and apps with the Audiogum service platform, you will ensure your compliance needs are being met.

In Summary

The Audiogum platform provides you with peace of mind, safe in the knowledge that we worry about security and compliance so you don’t have to. By integrating with us, you can ensure that you offer compliant services to your customers.

back to blog 11.02.19
Deon Fourie Picture
Deon Fourie Principal Engineer