Facebook EmaiInACirclel
Strategy

[Episode 06] Information system security concerns everyone

PentaGuy
PentaGuy
Blogger

This subject is inexhaustible but it can easily tire everyone as not everybody has the same preoccupations. The guarantors of this information system security can be considered extremists or obstacles to efficient practices. Users who are looking to achieve efficiency can be deemed as notoriously lax, as they want to get around security systems. Nevertheless, we must set things straight…This is not a New Year’s resolution (by the way, Happy New Year to everyone!), as we have been working on it for several weeks, but we are planning to organize a seminar, a round table or a “grenelle” (a trendy term) on security which would bring together a representative number of company employees. The objective of this seminar is to reach a general agreement on what constitutes proper security for our company, offices, projects or even individuals.Until now we have had an overall approach on security, i.e. we have implemented the same security level for everyone. We are noticing an increasing number of requests for providing special permissions, which affects security and its general use, as there are too many special cases.We must obviously continue to use an all-encompassing approach on security, as it must provide an appropriate protection on our digital assets, as well as those of our clients for whom we carry out projects. I am sure that if we asked individual Pentalog employees for their opinion, most of them would consider that security is important and that it must be improved at all times. There are numerous similarities between security and quality: everyone agrees to play by the rules, but changing practices is often difficult.We will therefore all agree that a proper security must:- be adapted to context: neither excessive, nor too lax.- regularly raise awareness.- constantly be improved.- concern everyone.- apply an overall strategy to entire systems.In addition, we must not overlook the fact that in IT offshoring, security is an element of confidence to the same extent as our employees’ abilities. We already have a good reputation in this respect as we have proven our approach, our abilities, our vision, but we must live up to our reputation through our actions and we must constantly improve our security.Another element that bears similarities with quality is budget. When awareness is not raised within the company, the justification of a budget or the deployment of a new solution are often difficult to present, as they are based on potential loss whose events are not certain. But choices can be supported based on the experiences of others.In order to improve our security, we are, therefore, going to have discussions on a range of topics: user access, VPN, backup, use of resources, protection of resources, company/office/project/individual needs; what improvements can be made to the infrastructure elements that we already have? How can we make sure that security instructions are adequately applied by everyone? And the list of subjects can go on. I am hereby inviting all Pentalog employees who want to participate in this online seminar. In order that the seminar is well prepared, volunteers will be offered the opportunity to get to know one another on our social network and take part in preliminary exchanges of information on this same platform. The seminar will be hosted by Alex, our infrastructure and security director. This seminar must enable us to bring our discussions to an end and thus determine our security choices for the infrastructure department.I will post another article on this blog in order to provide feedback on Pentalog employees’ enthusiasm for this subject and on the discussions that took place during this seminar. It will be a bit tricky to present the aspects that need to be improved, but I will try to make an overall synthesis.[Episode 05] A feature team for website development


Leave a Reply

Your email address will not be published. Required fields are marked *