14. 05. 2019
Digital business is based on client trust, and this requires an adequate level of IT security. If we simplify it a little, in the end, how much we put into IT security depends on how much we’ll get back.
This differs from the prevailing view of IT security, which is only about cost, some kind of urgent threat, or an excessive response to security risks that are unlikely to actually occur. When we consider IT security in the context of our business model, the important issues become the question of what we have to do in order for clients to trust us, and whether we should trust external service providers and transfer our business into the cloud. Last but not least, where should we draw the line between usability and safety?
How much does our clients’ trust cost?
People notice even small changes in their usual habits, and digital business processes often require major changes at all levels of a company and its clients. Beyond a(n excessive) reluctance to change, when we consider the occasional abuses and the well-founded concern about why personal data are collected and processed, we can quickly see why digital transformations are not always a success stories.
Confidence is the key word in any relationship - all the more so when we work together remotely. The client has to not only benefit from the relationship, they have to feel the high level of IT security and compliance - there’s no room for marketing jargon or empty promises.
Since we store documentation for most banks and other financial institutions in Slovenia, and since our our solutions are used by healthcare institutions, pharmaceutical producers, and other companies, the loss of even a single document (such as a long-term credit agreement) or the disclosure of sensitive health data would cause great business damage, a severe loss of credibility and, consequently, strongly influenced a company’s performance.
A commitment to high-level IT security isn’t cheap. When setting up IT infrastructure at your premises, after the initial investment, you’ll also have to consider the ongoing costs of maintenance, upgrades, and regular inspections of the equipment. You’ll need a competent and committed team that will actively monitor technological developments and new threats. You’ll have to regularly evaluate and manage your operations and capabilities in order to detect discrepancies and deviations.
Should we outsource our business processes?
Alternatively, you can rent the necessary facilities or services in the cloud. This will change the structure of your expenditures, open up new opportunities, and bring new risks and issues. Above all, you must be aware that, even when using external services, you are still responsible for your business and your clients, so it’s important that you choose a trusted external provider.
The key advantages of the cloud are certainly greater flexibility, (usually) lower operating costs and (usually) a higher level of IT security than you can guarantee on your own. Paradoxically, it is in this area that the most issues arise. For example, clients ask us how we can ensure that our system administrators do not abuse their information and hide their tracks, or what they would do if their data were deleted. The advantage is that, as a local provider of cloud-based document management and electronic storage services, clients can visit Mikrocop at any time, so we can convince them in person. In addition to regular internal audits, each year we arrange several independent external audits and planned intrusion attempts.
In addition to cost, we recommend that you consider other criteria when choosing an external provider, and IT security is certainly one of the most important.
More information security, or a better user experience?
As a rule, in business IT solutions, more information security means a worse user experience, and vice versa. Poor security jeopardizes our business, while a poor user experience runs the risk that employees or clients simply won’t be able to use the solutions.
So, when is there too much security?
We believe that digital commerce does not allow such compromises, that both are required. Is this easy to achieve? Of course not, and certainly not during times of rapid change, so agility and continuous development are necessary.
Jan Pagon, Chief Information Security Officer at Mikrocop
08. 05. 2019
24. 04. 2019