It seems that every time we turn around, another major security breach has occurred. The latest was the data breach at Epsilon, which manages customer databases and provides third-party email marketing services to 2,500 corporate clients, including some of America's biggest firms.
Companies outsourcing functions to third-party service providers should have service-level agreements that ensure the data being shared is being protected by the strongest measures appropriate to the level of sensitivity of that data.
Specific criteria for what that protection includes should also be defined as part of the agreement. Some service providers and cloud platforms let clients restrict access to their data.
However, companies must first have controls in place in-house to ensure that only the right data is being exported. Further, they should conduct audits periodically and oversee security to ensure it's current.
