Data is one of the most valuable assets a business has at its disposal, encompassing anything from business transactions to valuable consumer information. Using data effectively will positively affect everything from decision-making to marketing and sales strength. This makes it critical for businesses to take information safety seriously and ensure that necessary safeguards are in place to protect this most valuable asset.
Data protection is an important issue for any business and is a crucial part of their strategic plan.
So, how is Engine B making data security a top priority?
The answer lies in our unique approach to data security. The majority of our working platform is built on Microsoft Azure. We strengthen the security of our Azure workloads by utilising services such as Azure Security Center, which continuously discovers new resources that are being deployed and assesses whether they are configured according to security best practices, by employing Azure Defender Services, Azure Key Vault to encrypt keys and passwords and utilising Azure DDOS protection, for example.
Protecting data at rest or in transit
Data security is a top priority at Engine B whether it is data at rest or data in transit. For data at rest, all data written to the Azure Storage platform is encrypted through 256-bit AES encryption and is FIPS 140-2 compliant. For data in transit, data moving between user devices and Microsoft data centres or within and between the data centres themselves, Microsoft adheres to IEEE 802.1AE MAC Security Standards and enables your use of industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).
We protect the data by ensuring we provide the right access to each user depending on their specific role. We provide access to the users, groups and applications with a specific scope and follow Azure standards by using Azure Key Vault and Azure Managed Identity to authenticate each user and application to provide them with access to the relevant data. We also control what users have access to by using the Azure Role Based Access Control (RBAC).
How does my client know the data is safe?
Any resource that is deployed is built on top-of-the-line network protection ensuring the client data is secure and safe. This is achieved by the use of virtual networks. Each virtual network is isolated from all other virtual networks. Communication of Azure resources with the internet, between Azure resources, with on-premises resources, filtering network traffic, routing network traffic and integration with other Azure services are the few scenarios we accomplish with the use of virtual networks.
At Engine B, we emphasise the importance of establishing a data audit feature. Analytics teams and best practice units can assist with ensuring the security practices are implemented and enforced.
Data security is strengthened through client-controlled policies
Engine B systems are integrated within Microsoft Azure with robust, secure access control, where the clients can rest easy knowing their information is protected. Integration with Azure Directory, Role-Based Access Control (RBAC), and Multi-Factor Authentication (MFA) ensures your data is only accessible to those with designated access. All users are authenticated and verified using client-controlled policies and process. Companies can leverage hybrid cloud architectures to combine on-premises and cloud resource management for a unified security solution. We have partnered with Microsoft to secure client data, safeguard client information in the cloud and protect data from un-authorised access.
How can I be confident that analytics are using my client’s data correctly?
Strong data security policies and processes help us to ensure that client data is safe and secure in any situation. We employ a variety of effective methods to ensure data protection:
- Workers have signed non-disclosure agreements (NDAs) that apply to all client work.
- Workers have signed a remote work policy which prohibits, for example, use of non-approved devices, software, or physical environments to access company or client systems.
- Access to client data and systems is restricted by multi-factor authentication, so workers only have access to the data required for their specific tasks.
- IP whitelisting is used to limit and control access to the network and data to authorized users.
- End-point reporting data is aggregated into a security information and event management platform, with a security operations team monitoring any abnormal activity.
A safe and secure platform
To lay a stable foundation for data security, Engine B is following different approaches around data security by following Microsoft’s best practices and leveraging their state-of-the-art security features.
We know that today’s businesses produce huge amounts of data which when leveraged effectively, can be a huge strategic advantage for any company. By addressing the issues surrounding access to client data in a safe and secure way and through the creation of robust, next-generation data solutions, Engine B is helping professional services organisations to unlock better quality insights from their data and provide better quality services.
The platform, comprised of our industry Common Data Models and Knowledge Graphs, allows the auditor, lawyer, or tax expert to quickly and securely access client data, to search for hidden links between both structured and unstructured data and subsequently, make more informed decisions with that data.
Article by Karuna Ishwarya and Rama Gudepu