No information security, no digital business
Digital business is pushing customer trust very high on its agenda. However, in order to achieve the desired level of customer trust, organizations need to ensure a certain level of information security. Put simply, our bottom line depends on our spend towards information security.
This perspective departs from the predominant perception of information security as a cost center rather than business enabler. Security is viewed as a necessary evil or a hysterical reaction of experts to low-probability security risks. However, when security is viewed in the context of our business models, we start asking ourselves what we need to do in order to earn our customer’s trust or whether we will trust our external providers and transfer our business into the cloud. Last but not least, where do we draw the line between usability and security?
How much does our customers' trust cost?
With any, even minute, change people will notice the deviation from our normal habits, and digital business often brings huge changes at all levels of the organization and with our customers. If we combine people’s reluctance to accept change with (excessive?) warnings about data abuse cases and the justified concerns about the purposes of personal data collection and processing, it is easy to understand why not every digital transformation project is a success story.
Since Mikrocop stores the documentation of banks, insurance companies and other financial institutions in Slovenia, and our solutions are used by healthcare institutions, pharmaceutical and other companies, the loss of a single document, e.g. a long-term loan agreement, or a disclosure of sensitive medical data, would cause considerable reputational and business damage and have a great effect on the company’s performance.
- Trust is the key component of every relationship. The customer should benefit from the business transaction, feeling safe due to inherent information security and compliance. There is simply no room for marketing clichés and empty promises.
The commitment to high-level information security comes at a price
If we already have the necessary IT infrastructure in place, our initial investment will have to consider the cost of maintenance, upgrade and regular testing of equipment. We need a competent and dedicated team that will actively monitor the development of the areas and new threats. We have to evaluate our actions and capabilities regularly and work to eliminate any non-compliances or deviations.
Mikrocop maintains a high level of information and physical security by acting in accordance with the ISO/IEC 27001:2013 data protection management system and regularly upgrading its security mechanisms.
Shall we transfer the responsibility for our business to external providers?
As an alternative, we can rent the needed capabilities and services from a cloud service. This will change the cost structure and open certain possibilities while raising other risks and questions. But most of all, we should be aware that despite external services we are still responsible for our operations and for our customers so it is important that we choose a provider who we can trust and who can guarantee a higher level of information security than we would have been able to provide.
Advantages of cloud service
- Better flexibility
- Lower costs
- Higher security
Paradoxically, this is the area where most questions open up. For example, our customers want to know how we make sure that our system administrators cannot abuse the data they are trusted with and then cover their tracks, or what we would do if their data was erased.
An advantage of Mikrocop being a local provider of cloud-based data management and long-term preservation services is that our customers can pay us a visit any time to check the situation for themselves. Apart from regular internal audits, we run several independent external audits and scheduled attack attempts and other abuse drills every year.
More information security or a better user experience?
So is there ever too much information security? We believe that digital business does not tolerate any such compromises and simply requires both. Is that simple to achieve? No, definitely not, especially in this time of rapid change when agility and continuous development are key.
When selecting your external provider, it is advisable to also consider other criteria apart from price, and the level of information security is definitely a major one.
Want to know more? Contact us!