Pavel Ignatov - Fotolia
Building relationships with local and government officials is an essential aspect of an enterprise security strategy, as experts pointed out in part one of this two-part series. Here, Lang Leonard, CFO at LevelUp, provides four additional tips for meeting the demands of digital data, which he shared during a panel discussion at the recent MIT Sloan CFO Summit.
LevelUp, a mobile payment platform that launched in 2011, links credit and debit cards to QR codes that are displayed through a mobile app for scanning. Securing digital data is essential to the company's business model. Leonard, who joined LevelUp a few months ago, provided CFO Summit attendees with a high-level overview of the startup's digital data security strategy.
"We basically have a quickly evolving landscape of regulations, interpretations and underlying technologies that are adjusting as there is a fundamental shift from payment in the physical space … to mobile technology," Leonard said. "It will probably be the shortest major platform shift in payments that we've ever had."
His four tips to CFOs included the following:
1. Find the right people. "We are not a large company by number of people, but we have very heavily and disproportionately invested in people from both the compliance and technology space," Leonard said. In addition to its general counsel, key people include a compliance officer, a security officer and a CTO, who was the former senior vice president of engineering at Akamai Technologies Inc. "We realized we needed that type of investment in infrastructure, which normally would be massively disproportionate to the size the business we are today," he said.
2. Leverage the strengths of your partners. Outsourcing certain functions and forming partnerships can add a level of scale, sophistication and security that would otherwise take LevelUp years to achieve, Leonard said. For example, credit and debit card information isn't stored on LevelUp servers. Instead, the company uses third-party services from the Braintree location of PayPal Inc. to store that information. "We have basically structured our network so that that information never runs through LevelUp," Leonard said.
3. Provide transparency. LevelUp takes an unambiguous stance on data privacy. Leonard said the company makes sure to have "absolute transparency with people who interact with the network so that they understand what pieces of data we're capturing and what we're doing with it."
4. Monitor the program. LevelUp continuously monitors and reviews how its security system is working, and the security checks are reviewed at the highest level of the company. "It is not an IT function. Not even a little bit, although they are key," he said. Fraud or system capability reviews, performed on a weekly basis, involve the CTO, CEO, general counsel and the chief compliance officer, Leonard said. He described the program as "very serious," adding that it's "tied into a real-time dashboard that would alert any of us to any types of issue beyond certain threshold."
"Every time we hear about a data security breach or a violation out there … it's a reminder for us that we are doing the right things," he said.
Expert Barclay T. Blair explains how data governance can buoy big data risk management.