Security continues to be an important topic relating to all things digital, both for individuals and online businesses. Breaches in security can happen through a variety of means, and one recent ransomware attack that affected the UK National Health Service has a lot of people asking how they can protect themselves and their businesses.
“It’s in the cloud!” is a phrase that doesn’t really tell you much, if you’re not already familiar with modern hosted software infrastructure.
One of the most commonly used cloud-based services is probably email. Web-based email providers from Hotmail to Gmail don’t require you to physically store your email data on your own hard drive or on your own server. Instead, you can access it on a website through your browser, where you can login and access your email. The email data is retrieved from where your email service provider stores it. In the cloud. Hmm. Still confused?
Let’s back up a bit.
Just where the heck are these clouds, anyways? Why are they so special? Part of why cloud computing has become so popular over the last couple decades is that it pools together processing power and other resources, which makes it easier for software providers to deliver their services more quickly and efficiently.
This is particularly useful when the software needs to use large sets of data and run searches and complex queries on it. It’s also why some cheap-and-cheerful solutions for job board software out there can run into trouble as their database grows. Data processing power is not equal on every server or hosting service provider.
Software-as-a-Service (or “SaaS” for short), is software that is delivered to you as a (surprise!) service, as opposed to a package that you purchase, download, run, and host yourself. Gmail is a commonplace example. Social media management tool Hootsuite, personal finance tool Mint.com, and online storage solution Dropbox are all SaaS products.
SaaS products often sell on a “freemium” model, where they have a free version of their software with limits on features or usage, and offer paid, premium options that unlock more features or provide more use in the form of things like their number of users or amount of data.
Most SaaS products tend to be accessible by all customers from the same website by logging into their individual accounts. All of their customer data is stored together, with each customer’s data partitioned from each other. For some SaaS solutions (including Careerleaf) the set up is a bit different. With each job board existing on its own domain, each job board’s data is separate, and our customers maintain ownership over their data.
In the recruiting industry, the intersection of SaaS products and data is particularly interesting when it comes to how it’s used and who may profit from it. Sites like LinkedIn, Indeed, and Glassdoor all offer products and services delivered through a SaaS model. Recruiters can post jobs and connect with candidates, but those interactions, and the data that candidates submit to recruiters and employers, is “owned” by the SaaS platform.
A couple weeks ago I wrote the following about data ownership for recruiters as part of a news round-up:
To me, it emphasizes how important it is for both job boards and recruiting companies to avoid heavy reliance on providers of technology, traffic, and/or candidates who can claim ownership over candidate and employer data. If all your candidates pass through and register on Indeed or LinkedIn, it adds to the coffers of those companies, not yours. And if or when they decide it’s no longer in their interest to be helpful to you, they can take their toys and go home.
Of course, there are also other cases of data insecurity in SaaS products that have resulted in data bleeds, leaks, or otherwise compromising on the promise of keeping customer data secure:
Data ownership and security has consistently been voiced as a top priority for our clients – and we totally get it, because we see corners being cut. From our experience, we’ve seen cases where one database was used to store multiple customers’ data, and due to negligence, was inadvertently leaked and was accessible to different clients.
Data security and ownership is a topic we don’t see getting enough attention in recruiting and in the realm of job board businesses.
When recruiting on your own platform, you have the advantage of connecting directly with candidates and (depending on your business model) with your customers.
It’s not about secluding yourself from wider networks or spurning the use of tools they offer, but instead it’s about building value you can rely on in the form of data. If you recruit talent through your own platform where candidates can register and update their information, without fear of your service provider transforming into a competitor and poaching them.
One way in which Careerleaf stands apart from its competitors is its ability to deliver white-labelled job board platform to each of our customers, each on its own secure instance. “Data” is a deceptively simple term for what helps make online recruiting and job board businesses so valuable and profitable, which is why it’s important to us to deliver a great SaaS solution for job boards that lets our customers retain ownership of their data while keeping it secure.
In January I wrote about the importance of having compassion for job seekers, both the highly sought-after “top talent” candidates and the ones who don’t even make it to your shortlist. Even if job seekers follow every bit of wise advice, it’s still so often a frustrating and unrewarding process.
Well, one man decided to build a bot that would apply to thousands of jobs for him as a kind of experiment while he searched for jobs. His thinking was he might be able to A/B test different cover letters and email subject lines. In theory, he would have been able to refine the content based on the results. But he was disturbed to discover that most large companies using Applicant Tracking Software rarely even viewed his applications, and fewer still returned any response, automatically generated or otherwise.
While his experiment confirmed that applying to jobs en mass (sometimes called the “spray and pray” method) isn’t effective, it also underlines how often employers and recruiters can miss out on great talent due to the systems and processes they use. There are many factors at play here, but Robert Coombs’ experiment illustrates how important it is for employers and recruiters to look closely at their candidate experience, and whether they are losing out on great talent because of their processes and tools, or assumptions and attitudes that may shape them.
No corporation seems to be safe these days. Target, Home Depot, Sony, and most, recently Ashley Madison are just some of the billion-dollar brands that have suffered lapses in digital information security. Literally, just a couple days ago, we received a phone call from a job board owner who had been victim of a data breach.
The Careerleaf team is currently prepping to launch exciting new software in the coming months. In this effort, our updated FAQ features a question about approach to data security. However, given the level of attention currently being devoted to the topic (Ashley Madison specifically), we felt it prudent to delve deeper with an entire blog post.
If you’ve taken data security for granted, this blog post is dedicated to you! Ask yourself, when was the last time you considered: