The importance of information security in the age of information
As an experienced provider of professional solution delivery services, Saratoga has built a solid global client base of organisations within various sectors, such as financial services, retail, media and supply chain management.
To ensure that we continually provide sustainable and secure technology solutions to our clients, Saratoga embarked on a journey to understand and adhere to key information security principles within our work and engagements with clients, partners and our staff.
Information security is the practice of protecting sensitive personal or important business information so that people who should not have access to the information cannot distribute, view, alter or delete the information.
Let’s take a closer look at three of the main aspects of information security:
- Data and information is confidential when only those people who are authorised to access it can do so.
- To ensure confidentiality, you need to be able to identify who is trying to access data and block attempts by those without authorisation.
- Passwords, encryption, authentication and defences against penetration attacks are all techniques designed to ensure the confidentiality of important information.
- Integrity within information security refers to maintaining data in its correct state, and preventing it from being improperly altered, either erroneously or maliciously.
- Techniques that ensure confidentiality will also protect data integrity by ensuring proper access controls over the data, mitigating the threat of unauthorised alterations of the information.
- Other measures that protect the integrity of information include checksums to verify data integrity, version control software and frequent backups, which would enable you to restore data to a correct state if need be.
- Another key aspect of maintaining data integrity is the concept of non-repudiation, whereby you are able to prove that you've maintained the integrity of your data – especially in legal contexts.
- Ensuring that the data and information can be accessed by those who have the proper permissions.
- The implementation of a proper backup policy for disaster recovery to prevent the loss of data.
- In essence, end-users still need to perform their normal job functions, and by ensuring availability of information in a secure manner, the organisation is able to function efficiently and securely.
Ultimately, information security is the need to reduce the risk of unauthorised information disclosures, modifications and destruction of information through internal or external threats such as negligence, incompetence and malicious intent.
The most common information security threats experienced are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. By implementing appropriate information security principles and practices and by building secure technology solutions these risks are greatly reduced for organisations.
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” – Tim Cook, CEO of Apple
The first step in implementing effective information security starts with providing continual education and training to staff to limit internal threats. As we’ve implemented within Saratoga, making sure that staff are correctly trained and aware of information security practices can help prevent common human error and negligent threats within an organisation. An important part of implementing information security protocols within an organisation is to also have a comprehensive information security policy that provides clear guidelines for compliance measures for the staff and company. The information security policy should be used to establish the rules and best practices for staff to follow, as well as provide consequences to any wilful negligence and violations of the policy.
An effective information security policy should not only contain the measures that are currently in place, but should also look ahead to the eventual security needs of the organisation, and the policy needs to be updated as the organisation evolves. “As Saratoga partners with both prominent local and international clients, we have to ensure compliance with the applicable privacy laws such as POPI and GDPR. These laws and regulations are in place to protect personal information that could potentially be exposed through data processing, and therefore play an important role in effective information security,” said Shabier Cassim, Head of Development Outsource at Saratoga.
When done correctly, securing and limiting access to company technologies and infrastructures greatly reduces the organisation’s exposure to both internal and external information security threats. ‘Secure by design’ is increasingly part of the mainstream software development approach, and is becoming the expected practice within the industry to ensure the security and privacy of software systems being developed for organisations. Following this approach, security of the system becomes a key factor for consideration during the design and architectural stages of developing technology solutions.
Information security remains a top priority for Saratoga, both within our organisation internally and in the technology and business solutions we provide to our global client base. As information security measures and protocols evolve, we’ll continue to develop our understanding and skills in providing secure and sustainable solutions. “A key step Saratoga takes to ensuring solid information security compliance is having well trained, competent employees who understand the importance of implementing tried and tested best practices while keeping up to date with technology innovations and improvements,” said Cassim.