Because a security breach or data leak has more than just financial consequences for businesses, it is important to choose event solutions that guarantee reliable and secure service.
Indeed, the consequences of such a leak can also be legal (possible prosecution for negligence) or impact your reputation. When you decide to use an external digital solution for your event, data is shared and risks may arise.
Here are some points to consider when choosing a provider for your event's digital platform: 🔎
It is a good idea to favor players who are committed to the issue of digital sovereignty. In other words, those who favor hosting their servers with French or European cloud providers. This will ensure that your data is subject to French and European legislation rather than the Cloud Act for American hosting providers.
Why is this important? Because by avoiding the Cloud Act (in the case of hosting with an American provider such as AWS, for example), you prevent your data from being transferred to foreign authorities on the basis of a simple warrant or subpoena. Whether the provider's servers are located in the United States or on another continent, the American justice system grants itself the rights. This means that your personal data, as well as your patents and know-how, are accessible upon request.
Even better, if this provider can guarantee that it uses dedicated and isolated servers, this further increases the security of your data! Depending on the hosting provider, certifications demonstrating the reliability of the data center may be issued to providers: ISO/IEC 27701 – PCI-DSS – HDS – HIPAA & HITECH – SOC I-II type 2 – and many others. Don't hesitate to ask them for their certifications.
The second point here is the assurance that your data will be protected from cyberattacks and comply with the GDPR. To this end, your service provider can carry out audits and counter-audits with cyberdefense experts to certify the robustness of its solution. Checking the solution's infrastructure with intrusion tests, for example, and recent audits will be signs of reliability.
Once you have chosen your solution, it is important to check certain points with your service provider. In particular, data ownership. Who will have access to it? If you process your data directly in the back office, there should be no security concerns. But what if the service provider or subcontractors have access to your data? Confidentiality clauses stipulating the authority of processing are often proposed to mitigate potential third-party access issues.
Prior to the event, it is a good idea to carry out certain vulnerability checks (internal, external, human, networks, etc.). These checks can be carried out via an audit that may be requested by your internal IT department.
Throughout theorganization of your event, it is important that information exchanges are secure. This can be achieved through the use of HTTPS protocols, JWTs for request authentication, etc.
Your data must be traceable to a certain extent. Who imported the data, when, who has access to it, who modified it, etc. All this information must be available on request. Make sure that this is possible with the chosen solution, because in the event of a problem, you will need to know this information.
After your event, all personal data must be deleted from the platform. But check that if you don't do this, your provider's terms and conditions stipulate that they must commit to deleting it within XX days after the end of your event.
The points discussed above are important considerations, often mandatory and regulated by law. But there are solutions available to take things further and make your event even more secure.
This can be achieved through more or less advanced means of participant authentication or through technologies that secure the content broadcast during your event, for example.
There are several authentication methods available. You can decide to make your event public and therefore open to everyone. In this case, no specific authentication method is required for participants. You can also decide to leave your platform open to everyone but make certain content private. In this case, it is a good idea to encourage participants to register in order to access the content in question (video, live stream, workshop, etc.). These participants will then need to enter a PIN code (common to everyone) or a username/password combination in order to access your entire platform. The choice between these authentication methods will depend on your data confidentiality requirements.
Another question that may arise is: how can I prevent participants from duplicating or copying my content? There are a few solutions for this: DRM or watermarking.
DRM, or Digital Rights Management, refers to a set of measures designed to control online access to your data. This means that everything you make available on your platform will be protected by copyright, and copying of files will be restricted by a conditional access system.
For example, you can choose to make this content accessible only to a specific geographic area, device (smartphone, tablet), or even a specific group. This could be certain participants at your event, for example.
This technology also allows you to restrict or prevent private copying or transfer of your content to an external device, as well as to lock certain media playback functions.
A second possible technology is watermarking. This device simply consists of displaying a mark on your digital content. This prevents your visuals from being reused without your knowledge. Simply add a copyright or other verification messages to a file or audio signal, video, image, or other document on the internet. This copyright can be the name or an identifier of the owner.
In the context ofdigital events, the question mainly arises with video files. With AppCraft, for example, it is possible to watermark these files.
If you would like to know what AppCraft does to ensure the security of its digital platforms, please don't hesitate to contact us! ☎️
