In today’s ultra-competitive and fast-paced world of online business, companies must be certain that their digital customer experience is secure and protects the privacy of its customers.
This is doubly true for companies that serve international markets with localized websites.
Most companies entrust the localization of their online experiences to translation vendors—many of which struggle to efficiently localize highly complex websites. This means it’s vital that companies vet these third parties to determine they have the technical expertise to offer a secure, translated UX to international customers.
In this section, we’ll provide several security best practices to keep in mind as you review the capabilities of your current, or prospective, digital translation partner. They include:
Safeguards for Viewing and Storing Personal Information: Great website translation vendors never view or store your—or your customers’—data. There are several best practices to follow, to ensure a vendor is never exposed to this information. We’ll tell you what they are, and why they’re important.
Fluency in Security Protocols:We’ll show you how to ask vendors to prove that their security programs provide comprehensive security controls to meet stringent industry requirements.
Secure Hosting Options: We’ll help you understand the critical value of choosing a vendor that uses web-hosting infrastructures with best-of-breed security, scalability and redundancy—and the best practices you should look for to prove it.
Diligently Vet the Vendor’s Vendors: It’s important to closely examine the technologies and solutions that your potential translation vendors use to make sure they’re just as committed to security and privacy as your company is. We’ll provide some compliance standards to look for as you examine your vendor options.
Secure Development Practices: World-class security practices begin in the development environment, and they’re followed every day. You’ll learn why supporting on-site, airtight programming practices is so critical to the business success of your multilingual efforts, and how a vendor’s personnel screening and ongoing security education can make or break the fate of a translated website.
Blocking Personal Data on Translated Websites
Ideal vendors take exhaustive steps to identify and mitigate security risks, implement best practices and continually evaluate ways to improve their processes. This especially includes the use of website translation technology that does not store website users’ personal information. Names, addresses and numbers should be automatically ignored by the technology.
In addition to automatic settings that ignore much of this private content, some solutions leverage special “directive tags” that provide even more security. These tags can be applied to code within a website that should be ignored and left untranslated. Any content enclosed within these tags pass through the vendor’s system completely unrecognized and untranslated.
Security-conscious partners also support industry-recommended secure encryption protocols for transmitting your data—such as using your site’s SSL connection throughout the process of receiving, translating, converting and delivering content.
Fluency in Website Security Protocols
Ask vendors to prove that their security program provides flexible and comprehensive security controls to meet stringent industry requirements. For instance:
PCI DSS Level 1
HIPAA/HITECH Business Associate
The vendor should successfully complete regular independent assessments to ensure it complies with HIPAA Privacy and Security rules. This includes audits to demonstrate its practices are fully HIPAA-compliant.
Visa Global Registry of Service Providers
The Visa Global Registry of Service Providers is the payment industry’s designated source for information on registered and compliant agents that provide payment-related services to Visa clients and merchants.
Your localization provider should be well-versed in the implications of recent GDPR legislation. And it should be certified in Privacy Shield frameworks, which provide a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
Secure Hosting Solutions for Website Translation
Leading vendors often provide hosting for their website translation solutions, which includes the content of your localized website. Their hosting infrastructures should also provide best-of-breed security, scalability and redundancy.
Ask if their solutions are hosted in physically secure, geographically diverse data centers. Great vendors also use real-time network monitoring and system defense.
Their systems should also be hosted in secure server environments that are ISO 27001, SSAE 16 and PCI DSS compliant.
Hosted solutions should use data centers that are always staffed by security teams, with access restricted to authorized personnel, enforced with multi-factor authentication and controls.
Those facilities should also be rated at N+ redundancy, in compliance with industry standards, maintaining robust resilience plans for all computing environments.
Vet the Vendor’s Vendors
You’ll also want to investigate how the translation vendor engages third parties to provide or support certain components of its hosting services.
These partners must also support stringent service level agreements and security controls that satisfy industry standards and third-party validation.
Look for solutions that recognize SSAE 16, PCI DSS, and/or ISO 27001 compliance as standards that best demonstrate a provider’s effectiveness in managing complex hosting and application services.
Secure Development Practices for Website Translation
It’s not enough to use vendors that have secure solutions and robust hosting infrastructures. They should also have an on-site environment and programming practices that are supported by skilled, security-savvy professionals who are trained to protect critical business assets.
Leading approaches follow Center for Internet Security system hardening guidelines, and routinely train employees about attack methods, and how to avoid them.
Ask if the vendor integrates security into their training and HR practices. This includes personnel screening and ongoing education on how to safeguard information assets. Training should include topics such as:
- Physical security
- Data privacy
- Incident reporting
- Workstation security
They should also maintain robust operating environments with complementing layers of controls. Look for solutions that:
- Honor industry recommended practices
- Conduct routine updates and management of access to systems
- Continually test systems to identify potential weakness
- Routinely train employees about attack methods, and how to avoid them
Data security and privacy are top priorities for your customers worldwide, as they should also be for your company—and your localization provider.
Leverage a translation approach that relies on safeguards aligned with various industry best practices and compliance mandates, and only use solutions that are supported by skilled professionals dedicated to protecting your critical business assets.
Read more about website translation in our ultimate guide to website translation.