Обеспечение безопасности и конфиденциальности при работе с компанией по локализации веб-сайтов

Традиционные переводческие компании испытывают серьезные проблемы с локализацией сложных веб-сайтов. Можете ли вы доверять им конфиденциальную информацию своих клиентов?

Reagan Evans's avatar
Reagan Evans

18 сентября 2019 г.

ПРОЧИТАТЬ ЗА 4 МИН.

In today’s ultra-competitive and fast-paced world of online business, companies must be absolutely certain that their digital customer experience is secure and protects the privacy of its customers.

This is doubly true for companies that serve international markets with localized websites.

Most companies entrust the localization of their online experiences to translation vendors-many of which struggle to efficiently localize highly complex websites. This means it's vital that companies vet these third parties to determine they have the technical expertise to offer a secure, translated UX to international customers.

Here are several security best practices to keep in mind as you review the capabilities of your current, or prospective, digital translation partner.

Viewing and Storing Personal Data

Ideal vendors take exhaustive steps to identify and mitigate security risks, implement best practices and continually evaluate ways to improve their processes. This especially includes the use of website translation services that does not store website users’ personal information. Names, addresses and numbers should be automatically ignored by the technology.

In addition to automatic settings that ignore much of this private content, some solutions leverage special "directive tags" that provide even more security. These tags can be applied to code within a website that should be ignored and left untranslated. Any content enclosed within these tags pass through the vendor's system completely unrecognized and untranslated.

Security-conscious partners also support industry-recommended secure encryption protocols for transmitting your data—such as using your site’s SSL connection throughout the process of receiving, translating, converting and delivering content.

Fluency in Security Protocols

Ask vendors to prove that their security program provides flexible and comprehensive security controls to meet stringent industry requirements.

For instance, reputable vendors complete annual security assessments conducted by independent PCI SSC Qualified Security Assessors. They vendor should also demonstrate ongoing practices that comply with PCI DSS.

When relevant, they should complete regular independent assessments to ensure they comply with HIPAA Privacy and Security rules, too. Она включает аудит, демонстрирующий соответствие требованиям HIPAA. Look to see if they're listed on the Visa Global Registry of Service Providers, too.

Ultimately, the vendor should implement a security program that support customers in a variety of industries. In addition to PCI DSS and HIPAA, these industries often abide by security standards such as ISO 27001, HITRUST (Health Information Trust Alliance), ITIL and others. All demand the protection of confidential and proprietary customer data.

Your localization provider should be fluent in international regulations, too. For instance, the company should be well-versed in the implications of recent GDPR legislation. And it should be certified in Privacy Shield frameworks, which provide a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the U.S.

Secure Hosting Solutions

Leading vendors often provide hosting for their website translation services, which includes the content of your localized site. Their hosting infrastructures should also provide best-of-breed security, scalability and redundancy. Ask if their solutions are hosted in physically secure, geographically diverse data centers. Great vendors also use real-time network monitoring and system defense.

Hosted solutions should use data centers that are always staffed by security teams, with access restricted to authorized personnel, enforced with multi-factor authentication and controls.

Those facilities should also be rated at N+ redundancy, in compliance with industry standards, maintaining robust resilience plans for all computing environments.

Vet the Vendor’s Vendors

You'll also want to investigate how the translation vendor engages third parties to provide or support certain components of its hosting services. Security-savvy vendors choose partners that demonstrate maturity in effectively managing complex network hosting and application infrastructures.

These partners must also support stringent service level agreements and security controls that satisfy industry standards and third-party validation.

Look for solutions that recognize SSAE 16, PCI DSS, and/or ISO 27001 compliance as standards that best demonstrate a provider’s effectiveness in managing complex hosting and application services.

Secure Development Practices

It's not enough to use vendors that have secure solutions and robust hosting infrastructures. They should also have an on-site environment and programming practices that are supported by skilled, security-savvy professionals who are trained to protect critical business assets.

Leading approaches follow Center for Internet Security system hardening guidelines, and routinely train employees about attack methods, and how to avoid them.

Ask if the vendor integrates security into their training and HR practices. К ним относится отбор персонала и постоянное обучение способам защиты информационных активов. Training should include topics such as:

  • Физическая безопасность
  • Конфиденциальность данных
  • Сообщение об инцидентах
  • Безопасность рабочего места

They should also maintain robust operating environments with complementing layers of controls. Look for solutions that:

  • Honor industry recommended practices
  • Conduct routine updates and management of access to systems
  • Continually test systems to identify potential weakness
  • Routinely train employees about attack methods, and how to avoid them

Заключение

Data security and privacy are top priorities for your customers worldwide, as they should also be for your company—and your localization provider.

Leverage a translation approach that relies on safeguards aligned with various industry best practices and compliance mandates, and only use solutions that are supported by skilled professionals dedicated to protecting your critical business assets.

Последнее обновление: 18 сентября 2019 г.
Reagan Evans's avatar

About Reagan Evans

Reagan Evans is MotionPoint's SVP of Sales. He has a strong background in sales and data management and has nearly 10 years of executive level experience in the field. He uses his expertise in global sales, new business development, sales production, and data organization to drive MotionPoint's market expansion and new client acquisition. Evans leverages MotionPoint's industry-leading technology to drive sales and ensure higher customer satisfaction.

Reagan Evans's avatar
Reagan Evans

SVP, Head of Sales

ПРОЧИТАТЬ ЗА 4 МИН.