What does it mean to be secure? For some, security might represent a state of being – the absence of threat. Perhaps you’re picturing locked doors, a gated community, or a prison fence. All of these representations help us feel secure, but in and of themselves, they don’t make us safe.
Last week we met Mark – an analyst at a non-profit tasked with blending data from disparate source systems and generating reporting for his executive team. Mark did his level best with the tools at his disposal, but like most analysts, he was simply not equipped with the right tools or skills to match the C-suite’s expectations.
Mark is a member of the finance team, reporting directly to the CFO. In Mark’s organisation, the CFO also manages IT. This means that Mark reports to someone concerned with risk and responsible for the organisation’s digital security. Data security should have been at the top of Mark’s agenda, but without a framework to work from, it wasn’t even on his radar.
At BizCubed, we approach security not as an achievable end-state, but as a daily practice. We intentionally build security into every aspect of our operation. In our view, this is how we get better – we teach and learn, all in an effort to Make Better Decisions Each Day. We believe that security has to be approached this way because the threats are always changing and evolving, and thus our ability to identify, avoid, and overcome threats needs to evolve as well.
We enhance our security practices with industry-leading security features and best practices in data management. One simple example of this is access control. Whilst controlling access might seem to some as an oversimplification of critical security protocols, it’s not uncommon for us to encounter a user with a weak password, or two individuals sharing login credentials. Building a strong security practice starts here – at the ground level.
Our approach to security leverages these types of fundamentals to build an integrated and layered network of barriers to guard against malicious actors. Password management is augmented by user provisioning and a tenanted architecture. Digital access control is mirrored by physical access control at our data centre. Layered on top of access control is encryption of data in movement and at rest. All data is backed up nightly to increase resilience, and we collaborate with world-leading experts in cyber-security to develop customer-facing security modules on our platform.
Each of these features is critical to ensuring that we are offering a stable and secure environment for our customers, but none of them are sufficient on their own. Our data security practice keeps us honest – we are always learning, adapting, and adding the latest enhancements and best practices, because that’s what it takes. Unfortunately for Mark, he didn’t know what he didn’t know, resulting in increased organisational risk. Armed with a data security practice derived from the BizCubed Method, Mark would be able to offer his team – and his organisation – higher security and greater peace of mind.