{"id":182018,"date":"2021-09-23T14:41:01","date_gmt":"2021-09-23T14:41:01","guid":{"rendered":"https:\/\/www.motionpoint.com\/?post_type=pillar&p=182018"},"modified":"2021-09-23T14:41:01","modified_gmt":"2021-09-23T14:41:01","slug":"website-translation-security","status":"publish","type":"pillar","link":"https:\/\/www.motionpoint.com\/translation\/website-translation-security\/","title":{"rendered":"Website Translation Security"},"template":"","class_list":["post-182018","pillar","type-pillar","status-publish","hentry"],"acf":{"pillar_minute_read":"5","meta_title":"The Importance of Website Translation Security","meta_description":"Learn how to choose the right website translation service that is proactive against data security breaches.","meta_keywords":" website translation security, translation data secure, secure machine translation,","pillar_hero_title":"Website Translation Security","pillar_hero_subtitle":"Great website translation vendors never view or store your\u2014or your customers\u2019\u2014data. Discover several security best practices vendors should follow.","pillar_content":"

Introduction<\/strong><\/h2>\n

In today\u2019s ultra-competitive and fast-paced world of online business, companies must be certain that their digital customer experience is secure and protects the privacy of its customers.<\/p>\n

This is doubly true for companies that serve international markets with localized websites<\/a>.<\/p>\n

Most companies entrust the localization of their online experiences to translation vendors\u2014many of which struggle to efficiently localize highly complex websites. This means it\u2019s vital that companies vet these third parties to determine they have the technical expertise to offer a secure, translated UX to international customers.<\/p>\n

In this section, we\u2019ll provide several security best practices to keep in mind as you review the capabilities of your current, or prospective, digital translation partner. They include:<\/p>\n

Safeguards for Viewing and Storing Personal Information:<\/strong> Great website translation vendors never view or store your\u2014or your customers\u2019\u2014data. There are several best practices to follow, to ensure a vendor is never exposed to this information. We\u2019ll tell you what they are, and why they\u2019re important.<\/p>\n

Fluency in Security Protocols:<\/strong> Every industry has gold-standard certifications that vendors should acquire, and when it comes to privacy and security, website translation is no different. <\/span>We\u2019ll show you how to ask vendors to prove that their security programs provide comprehensive security controls<\/a> to meet stringent industry requirements.<\/p>\n

Secure Hosting Options:<\/strong> We\u2019ll help you understand the critical value of choosing a vendor that uses web-hosting infrastructures with best-of-breed security, scalability and redundancy\u2014and the best practices you should look for to prove it.<\/p>\n

Diligently Vet the Vendor\u2019s Vendors:<\/strong> It\u2019s important to closely examine the technologies and solutions that your potential translation vendors use to make sure they\u2019re just as committed to security and privacy as your company is. We\u2019ll provide some compliance standards to look for as you examine your vendor options.<\/p>\n

Secure Development Practices:<\/strong> World-class security practices begin in the development environment, and they\u2019re followed every day. You\u2019ll learn why supporting on-site, airtight programming practices is so critical to the business success of your multilingual efforts, and how a vendor\u2019s personnel screening and ongoing security education can make or break the fate of a translated website.<\/p>\n

<\/div>\n

Blocking Personal Data on Translated Websites<\/strong><\/h2>\n

Ideal vendors take exhaustive steps to identify and mitigate security risks, implement best practices and continually evaluate ways to improve their processes. This especially includes the use of website translation technology that does not store website users\u2019 personal information. Names, addresses and numbers should be automatically ignored by the technology.<\/p>\n

In addition to automatic settings that ignore much of this private content, some solutions leverage special \u201cdirective tags\u201d that provide even more security. These tags can be applied to code within a website that should be ignored and left untranslated. Any content enclosed within these tags pass through the vendor\u2019s system completely unrecognized and untranslated.<\/p>\n

Security-conscious partners also support industry-recommended secure encryption protocols for transmitting your data\u2014such as using your site\u2019s SSL connection throughout the process of receiving, translating, converting and delivering content.<\/p>\n

Fluency in Website Security Protocols<\/strong><\/h2>\n

Ask vendors to prove that their security program provides flexible and comprehensive security controls<\/a> to meet stringent industry requirements. For instance:<\/p>\n

PCI DSS Level 1<\/strong><\/h3>\n

Reputable website translation vendors complete annual security assessments conducted by independent PCI SSC Qualified Security Assessors. They should also demonstrate ongoing practices that comply with PCI DSS.<\/span><\/p>\n

HIPAA\/HITECH Business Associate<\/strong><\/h3>\n

The vendor should successfully complete regular independent assessments to ensure it complies with HIPAA Privacy and Security rules. This includes audits to demonstrate its practices are fully HIPAA-compliant.<\/p>\n

Visa Global Registry of Service Providers<\/strong><\/h3>\n

The Visa Global Registry of Service Providers is the payment industry\u2019s designated source for information on registered and compliant agents that provide payment-related services to Visa clients and merchants.<\/p>\n

International Regulations<\/strong><\/h3>\n

Your localization provider should be well-versed in the implications of recent GDPR legislation. And it should be certified in Privacy Shield frameworks, which provide a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.<\/p>\n

Secure Hosting Solutions for Website Translation<\/strong><\/h2>\n

Leading vendors often provide hosting for their website translation solutions, which includes the content of your localized website<\/a>. Their hosting infrastructures should also provide best-of-breed security, scalability and redundancy.<\/p>\n

Ask if their solutions are hosted in physically secure, geographically diverse data centers. Great vendors also use real-time network monitoring and system defense.<\/p>\n

Their systems should also be hosted in secure server environments that are ISO 27001, SSAE 16 and PCI DSS compliant.<\/p>\n

Hosted solutions should use data centers that are always staffed by security teams, with access restricted to authorized personnel, enforced with multi-factor authentication and controls.<\/p>\n

Those facilities should also be rated at N+ redundancy, in compliance with industry standards, maintaining robust resilience plans for all computing environments.<\/p>\n

<\/div>\n

Vet the Vendor\u2019s Vendors<\/strong><\/h2>\n

You\u2019ll also want to investigate how the translation vendor engages third parties to provide or support certain components of its hosting services. Security-savvy website translation<\/a> vendors choose technology partners that demonstrate maturity in effectively managing complex network hosting and application infrastructures.<\/span><\/p>\n

These partners must also support stringent service level agreements and security controls<\/a> that satisfy industry standards and third-party validation.<\/p>\n

Look for solutions that recognize SSAE 16, PCI DSS, and\/or ISO 27001 compliance as standards that best demonstrate a provider\u2019s effectiveness in managing complex hosting and application services.<\/p>\n

Secure Development Practices for Website Translation<\/strong><\/h2>\n

It\u2019s not enough to use vendors that have secure solutions and robust hosting infrastructures. They should also have an on-site environment and programming practices that are supported by skilled, security-savvy professionals who are trained to protect critical business assets.<\/p>\n

Leading approaches follow Center for Internet Security system hardening guidelines, and routinely train employees about attack methods, and how to avoid them.<\/p>\n

Ask if the vendor integrates security into their training and HR practices. This includes personnel screening and ongoing education on how to safeguard information assets. Training should include topics such as:<\/p>\n