Data security needs continuous improvement

Data security is never a project. Instead of occasional quantum leaps, data security should be improved constantly. Each layer of data security is important for the whole.

The data security of an organisation consists of different data security layers. These layers include, for example, the software used, authentication of system users, and the server environment with its networks and programs. One of the most important data security layers is the system user, in other words, the persons with their different profiles and rights.

The weakest link among the layers determines the level of data security. Because of this, all layers must undergo constant monitoring, testing, and development. Instead of individual data security projects, the development of data security is an ongoing process that must be a key component of the operation and management system of every organisation.

In case of good software, data security is a central constituent of the DNA of all design and development work. A responsible software provider takes into account all layers of data security. Informed customers also demand this increasingly more often.

Risks must be minimised

Data security used to be based predominantly on the physical layer and closed data network. This approach has been typical for industrial applications. It remains an important form of data security management, but modern data security thinking stresses the importance of all data security layers.

The current trend is to transfer the systems to more public and open cloud services. This way, data and programs are accessible for users from anywhere in the world and at any time of the day.

In Finland, systems important for security of supply and the software of financial institutions, for example, have been well protected for a long time. A responsible software provider considers data security with all of its customers in a proactive manner. Because of this, we at Vitec ALMA also constantly emphasize the importance of data security in our various customer projects. Risks must be minimised from the very beginning.

Data security is everyone’s concern

From the data security perspective, logging into systems must remain secure. Technically, an outsourced co-operation partner of the customer usually arranges this. The data security expertise of own personnel also plays an important role.

If a USB flash drive found outside the gates of a plant is carelessly connected to a computer in the plant, thereby providing a hacker with access to the company’s system, no fingerprint-based protection will help. In many companies, various data security trainings focusing on the subject of security awareness are arranged. They are often tailored to different personnel groups, so that typical data security issues related to the workdays of each personnel group can be dealt with during the trainings.

At the trainings, the practices of phishing are described and the vulnerabilities and security breaches targeted by hackers explained.

When everyone is aware of data security risks, problems can be dealt with faster.

Google’s secure data centres

With ALMA, data security issues have been taken into account in all design and development work, from the very birth of the software. As more and more ALMA customers leave behind the world of closed data networks, the security issues of server environments have become even more important.

Our outsourced servers are located in Google’s data centres managed by Elisa’s OmaIT, which means that the level of data security is as high as it can be. On top of this secure platform, we have built a secure architecture and uninterrupted services for ALMA solutions. Owing to this, our customers can sleep well and without worries every night. The data security of ALMA software is state-of-the-art, and the same applies to ALMA’s hosting environment and other important layers of data security.