Content

When “Free” Isn’t Worth It: Staying Secure In The Age of Machine Translation

“Hindsight's always 20/20,” the saying goes.  

This pithy adage held much weight for Statoil this fall after the Norwegian oil giant found conversations it had translated with Translate.com were leaked online.

Using a quick Google Search, anyone could find internal memos translated using the site, including what seemed to be a private correspondence letting an applicant know they did not receive a job at the company.

NRK reported that the data was translated and then stored in the cloud, making it available via Google. Statoil had the translations deleted, and told NRK no sensitive material was leaked.

Whatever the outcome, a breach like this emphasizes the need for secure translation solutions. This is especially true as free, online tools with increasingly sophisticated Machine Translation (MT) engines become more popular.

As the translation industry continues to grow, so does the need for global companies to localize their content. The role language services play in eCommerce is undeniable: According to industry research firm Common Sense Advisory, it takes a minimum of 14 languages to reach 90 percent of the world's online GDP.

But how do companies reconcile the need for effective translation services with the severe risks posed by quick and easy solutions? The simple answer is this: They can't.

But, what global businesses in need of translation can do is work with experienced Language Service Providers (LSPs) and take into consideration the following security tips.

Read The Fine Print

As tempting as it may be to use Google Translate, the convenience isn't worth the risk. Google states in its terms of service that:

“When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”

In other words, the tech giant has quite a bit of leeway with how it uses your data once input into its system.

In the case of Statoil, Translate.com had a similar admonition on its legal page:

“Although we will use reasonable means to safeguard your information, we cannot and do not provide any guarantees regarding the effectiveness of the security we employ or our ability to prevent third parties, acting unlawfully, from obtaining information that you provide to us.”

It's likely that you'll find these clauses on any online translation website. Keep them in mind when thinking about taking the quick and easy route.

Aim For Quality, Not Quantity

Quality standards matter, especially when it comes to procuring translation services. It's a good idea to work with an LSP that has processes certified to ISO 9001 or 27001.

Broken down quite simply, the MT process has three major risk areas: file transfer, storage and processing. Working with a language provider that has established a framework for its Information Security Management System and data breach protocols will ensure that if data is corrupted, at least there's a process to remedy the situation.

In that same vein, make sure you're working with a translation vendor that utilizes trusted file transfer methods, like 256-bit encryption.

If you're using MT services with an LSP, find one that employs NDAs among its translators. When having material post-edited, it helps to work with linguists who have had background checks completed and have agreed to keep client information confidential.

These safeguards aren't usually included with online translation portals.

Know The Drill – And Do Your Homework

The most important step an organization can take in securing safe translation services is developing an understanding of both the process and risks associated with MT. Ask yourself the following before selecting an LSP:

  • Are they ISO-certified?
  • Do they use secure file transfer?
  • Do they have Data Breach processes in place?
  • Do they have a data backup plan?
  • Do they employ NDAs for translators?
  • Where is my data stored?

The language industry is huge – but it's knowledge base is held, for the most part, by an insular group that works within the sector. By acquainting oneself with a foundational knowledge of the industry, the likelihood of data corruption lessens dramatically.

And, maybe more importantly: Learn from the recent Translate.com breach. If the incident teaches us anything, it's that free online translation tools aren't worth it.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.