No information security, no digital business

Digital business is pushing customer trust very high on its agenda. However, in order to achieve the desired level of customer trust, organizations need to ensure a certain level of information security. Put simply, our bottom line depends on our spend towards information security.

Brez informacijske varnosti ni digitalnega poslovanja

This perspective departs from the predominant perception of information security as a cost center rather than business enabler. Security is viewed as a necessary evil or a hysterical reaction of experts to low-probability security risks. However, when security is viewed in the context of our business models, we start asking ourselves what we need to do in order to earn our customer’s trust or whether we will trust our external providers and transfer our business into the cloud. Last but not least, where do we draw the line between usability and security?

How much does our customers' trust cost?

With any, even minute, change people will notice the deviation from our normal habits, and digital business often brings huge changes at all levels of the organization and with our customers. If we combine people’s reluctance to accept change with (excessive?) warnings about data abuse cases and the justified concerns about the purposes of personal data collection and processing, it is easy to understand why not every digital transformation project is a success story.

Since Mikrocop stores the documentation of banks, insurance companies and other financial institutions in Slovenia, and our solutions are used by healthcare institutions, pharmaceutical and other companies, the loss of a single document, e.g. a long-term loan agreement, or a disclosure of sensitive medical data, would cause considerable reputational and business damage and have a great effect on the company’s performance.

  • Trust is the key component of every relationship. The customer should benefit from the business transaction, feeling safe due to inherent information security and compliance. There is simply no room for marketing clichés and empty promises.

The commitment to high-level information security comes at a price

If we already have the necessary IT infrastructure in place, our initial investment will have to consider the cost of maintenance, upgrade and regular testing of equipment. We need a competent and dedicated team that will actively monitor the development of the areas and new threats. We have to evaluate our actions and capabilities regularly and work to eliminate any non-compliances or deviations.

Mikrocop maintains a high level of information and physical security by acting in accordance with the ISO/IEC 27001:2013 data protection management system  and regularly upgrading its security mechanisms.

Shall we transfer the responsibility for our business to external providers?

As an alternative, we can rent the needed capabilities and services from a cloud service. This will change the cost structure and open certain possibilities while raising other risks and questions. But most of all, we should be aware that despite external services we are still responsible for our operations and for our customers so it is important that we choose a provider who we can trust and who can guarantee a higher level of information security than we would have been able to provide.

 Advantages of cloud service

  • Better flexibility
  • Lower costs
  • Higher security

Paradoxically, this is the area where most questions open up. For example, our customers want to know how we make sure that our system administrators cannot abuse the data they are trusted with and then cover their tracks, or what we would do if their data was erased.

Naj predamo odgovornost za svoje poslovanje v zunanje izvajanje?

An advantage of Mikrocop being a local provider of cloud-based data management and long-term preservation services is that our customers can pay us a visit any time to check the situation for themselves. Apart from regular internal audits, we run several independent external audits and scheduled attack attempts and other abuse drills every year.

More information security or a better user experience?

So is there ever too much information security? We believe that digital business does not tolerate any such compromises and simply requires both. Is that simple to achieve? No, definitely not, especially in this time of rapid change when agility and continuous development are key.

When selecting your external provider, it is advisable to also consider other criteria apart from price, and the level of information security is definitely a major one.

Want to know more? Contact us!

Ivo Vasev

Ivo Vasev is the Product Owner of Mikrocop's InDoc EDGE information management platform. Through his endeavors at the intersection of different business areas and IT, he searches for answers to the challenges of digital transformation, focusing extensively on the customer experience and new ways to help companies realize their digital potential.

Jan Pagon

Jan Pagon is Head of Information Security at Mikrocop. He monitors and manages information security risks on a daily basis, and uses his knowledge and experience to devise, perform security checks and ensure the quality of InDoc EDGE. A firm advocate of prevention, Jan raises awareness, educates and encourages employees to act safely in the digital environment.