Insights

Why data storage policies matter in your remote support software

Laura Leaver

August 23, 2023

Providing remote IT support to remote workers or customers is essential to improving business continuity, productivity, and customer experience, but it’s critical to protect the data that is inherently communicated as part of that support process. The transfer of sensitive information during the support process, whether personal or company-related, can become a vulnerability if not protected by robust security measures. Malevolent actors are all too ready to exploit any gaps in data protection, potentially exposing business and end users to data breaches.

That’s why, as an IT support leader, it's important to set clear data storage policies and ensure that your remote support solution allows you to uphold them. Essentially, these policies dictate how data is stored, backed up, and protected within an organization, ensuring that data is kept safe and secure or properly deleted. By implementing effective data storage policies, you can mitigate the risk of data breaches, reduce the likelihood of data loss, and ensure that your organization is compliant with relevant regulations.

When considering your remote support tool, research the data policy basics: Has the company you’re working with designed its privacy and security programs to ensure an appropriate level of data protection? Have they outlined the supplemental measures and safeguards for transfers of personal data outside of their country? How is data protected in the case of a security breach or a legal audit?

To help ensure sufficient service availability, uptime, and redundancy, and to provide a global user base with the best possible experience, companies should be using solution providers with a combination of geographically distributed physical co-location facilities and cloud hosting providers that perform replication in near-real-time.

The risks of overlooking data storage protocols

In our increasingly interconnected world, the fallout from overlooking stringent data storage protocols can be monumental. Beyond the immediate financial pinch of potential fines, there's the lingering sting of eroded trust from clients and partners. A single slip in data security can cast a long shadow over an organization's reputation, potentially leading to dwindling business and lasting brand damage.

Furthermore, with the advent of regulations on user data like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), there's a legal dimension to consider. Organizations are now bound by law to uphold the sanctity of user data. Any deviation can invite legal scrutiny, underscoring the importance of a remote support tool that's in harmony with data storage norms

Types of data you should consider

There are various data types that may have personal identifiers and sensitive information that need to be handled with state-of-the-art security: 

  • Session data
  • Uploaded files
  • Stored credentials
  • Chat history

Session data might include mostly benign dates and times of connections, whereas uploaded files and stored credentials could have company and personal sensitive data. Chat history might seem like simple metadata, but if sensitive information was communicated in the chat, or audit trails of work performed is considered private, then you’ll want to have some control over exactly where this data resides and who has access to it.

Data storage options

Where your data is physically stored, in what geographic region, and what specific data is stored is a concern for many IT managers.

Having no storage connection between, say, an EU-based data center and a USA-based data center, becomes paramount when trying to adhere to policies that protect EU PII (personal identifiable information). Many EU companies are slightly wary of hosting their data in the US because of the Patriot Act and other legal system protections that are deployed. The storing of data locally can alleviate concerns about information being accessed (both lawfully and unlawfully) from the US.

People who want control over their data storage want control of the retention policy. If you trust your own servers for storage, you can control how often information is deleted and where you store backups. This takes your support tool’s potential risks out of the equation. If a customer has strict data prevention policies, they will want full control of retention of PII. Companies have been sued for unintentionally storing PII information. Non-cloud storage options are helpful for GDPR, and other mandatory compliances. The bottom line is that your remote support solution should give you control over your data storage and retention policy. If you want to use your own servers, so you can control how often information is deleted and where you store backups, your remote support solution provider should be 100% out of the picture.

Chat data storage options

For companies such as banks and credit unions in the financial services sector, the goal is often to store information indefinitely in a way that helps with reporting and ensures compliance. For other companies, including some in the insurance industry, it is prudent not to retain the data for legal reasons. If, for example, a customer accidentally enters their password or credit card info into the chat of a tool, the customer would want to have the peace of mind that when this session ends, the information is completely erased.  They would not want it stored in a 3rd party database, which would most likely result in them having to contact the tool’s support team to remove their data.

Chat can hold PII even if it something seemingly benign, such as when a technician and a customer are chatting and the question, “Are you in good health?” is posed. This simple question counts as personal information. Or as in the example above, a customer may accidentally enter their password or address into the chat. 

PII is the type of data that needs protecting to meet the compliance requirements set by HIPAA, PIPDA in Canada, and other compliance standards. Other times it might be seen as an optional additional security layer, to be able to either restrict or allow local downloads of your chat logs. But for some companies, it’s best to give the customer peace of mind that when the session ends, the information is totally erased rather than stored in a database.

IP retention policy

Knowing what IP address a remote support session connected to and from provides security and peace of mind. Having a product automatically infer your location based on your IP address helps it route you to the closest available data center, for optimal performance. At a minimum your software should provide this routing intelligence and basic session tracking. Should a security threat arise, this data helps the services stay secure.

You can actually learn a lot about a person using their IP address if you have the right tools. If your company doesn't want to save that level of PII for the users they are supporting, you should be able to prevent your remote support solution from storing that information. This not only helps with compliance but also helps you avoid legal action for unintentionally storing PII information via your remote support solution.

Imagine if you were subpoenaed (or there is an audit) because someone entered credit card information in the chat of your support tool. If that support tool stores the data, they will be required to hand over the data.  This would compromise the customer, impact the service company and cause unhappiness all around.

Does your remote support tool support your data policies?

Overall, your products should utilize geographically distributed data centers worldwide to prove low latency, highly performant services, as well as data segregation.?Products like Rescue, built by GoTo, have strong data residency controls and put you in control of where and how PII is stored – if it is stored at all. 

Learn more about Rescue’s security measures

Recommended Posts

ぜひご自分の目で今すぐお確かめください

迅速、安全で企業レベルのリモート サポートをいつ、どこにいても受けられます。今すぐご体験ください。

デモを確認