IT security is the fundamental first step to ensure that information and digital identities, our online representations, are protected against unauthorized access, modification, or disclosure.
At Contactable, information is our business. We receive it, we store it, we process it, and we use it. Without it we cannot be an Integrated Identity Platform. As a result, information security and data protection is also our business.
As the custodians of personal identifiable information (PII) and digital identities, we are constantly working behind the scenes to ensure that this information is kept confidential, trustworthy, and available.
Being cloud natives, we’ve adopted a zero-trust enterprise security model where IT security is core to our approach when architecting, deploying, and managing our modern applications in cloud computing environments.
From my experience, IT security must essentially be focused around three key concepts.
Never trust, always verify
Never assume that a user, device, or network is inherently trustworthy. Always have authentication and authorization in place.
Least privilege access
Access is only granted to information and systems as required. This helps to reduce your attack surface and the risk of data breaches.
Continuously monitor and validate
Actively monitor your information and user behaviour to detect and respond to suspicious activity.
An item that is often overlooked in IT security is the human element. It is crucial to invest in continued IT security awareness training and initiatives for your entire organization.
Social engineering can bypass almost any technology; companies often spend millions on security technologies but neglect to address the weakest link in the security chain. A strong IT security posture starts with an informed workforce.
Some parting advice from Chris Pirillo: “Passwords are like underwear. Don’t let people see it, change it very often, and you shouldn’t share it with strangers.”
Infrastructure Architect – Contactable