We have chosen Modern Workplace as our interactive and work platform for our employees. But what lies behind this decision? What kind of technology have we chosen? Why is it so important for us and how important has it been since Covid-19?
For us it started when we made some definite choices and set clear, achievable targets. We chose ISO 27001, which is an international security standard, developed on the basis of good practice. That means that some clever people have put a lot of thought into what we should be doing in order to protect our data. On the basis of this standard we created our own security policy and clear security instructions for our employees. However, simply setting targets does not mean much unless we make plans for how we will achieve our envisioned targets. We can’t do that unless we look at the interactions which take place between people, processes and technology.
There is no hiding the fact that concepts such as phishing, ransomware, CEO fraud, multi-factor authentication and encryption can be abstract and incomprehensible. We should not underestimate the importance of training our employees and how important it is for us as a company and as a trusted partner for our customers to actively make our employees aware of information security. Many of our employees used to indiscriminately open e-mails and text messages containing tempting offers of easy money, gifts, prizes or something which might indicate that it had been sent by a colleague. This has changed. A mantra which has been spreading says that if something is too good to be true, then it probably isn’t. Online scammers are becoming increasingly more devious, and I have been surprised by how creative they can be at times. It is therefore important for us to establish good processes which are also supported by future-oriented technology.
Our company vision is "LIFE is now. WORK somewhere awesome". We want to be a fantastic workplace for our employees. We shall be competitive, and we shall attract highly talented people. We would like to have a work culture which creates enthusiasm and helps to facilitate innovation. This requires us to have a work platform which will facilitate cooperation and creative thinking. Basically we shall simplify the everyday lives of our employees so that they can develop freely and spend more time on helping our customers. We shall provide our employees with greater freedom and independence in respect of how they work, where they work and how they cooperate. And this should not have an adverse impact on information security.
But is it that simple? No, change is demanding. With Modern Workplace we wanted to be prepared. We need to be prepared and in position if something unexpected was to happen. We need to understand the importance of our values and we need to carry out systematic risk assessments. We need to understand that the "unexpected" can occur in several different guises, e.g. if your laptop is stolen on the bus, if you click on a link that you shouldn’t have clicked, or if the government orders you to work from home. This is why Amesto chose Modern Workplace a long time before anyone had heard about Covid-19. We certainly don’t regret that today.
What exactly is information security? Basically, we can explain this with the following three concepts: 1) confidentiality, 2) integrity and 3) availability. All of these are key concepts in respect of information security. Confidentiality means preventing unauthorised persons from gaining access to information (which could be personal data and business information, etc.) which they should not have access to. Integrity means preventing unauthorised persons from changing information (which could be payroll data and health information, etc). Availability means having access to one’s own information and systems (without anyone preventing us from accessing them). Concepts are rather like dimensions, and they are equally important, even though their importance may vary from one situation to another. Amesto’s Modern Workplace shall address information security and provide the necessary protection, regardless of whether or not an employee is working at home or at the office.
But what if a threat was to arise? A threat which could result in a breach of these very concepts of confidentiality, integrity or availability? How can we detect this, when we have hundreds of employees scattered across an equal number of home offices. The centralisation of services is essential for ensuring that we are in control. We must be able to administer and protect users, units, software and data across local, cloud-based and mobile media. This can be extremely demanding, but Modern Workplace also provides us with built-in security functions, advanced threat detection, protection and notifications.
Security management starts at the top. It is important to have the support of senior management, and managers need to stand firm when making decisions. It is demanding enough to deal with changes without having to engage in battle about decisions. For us this has been a digital journey leading towards a new interactive platform which will make us better equipped to deliver good services. It also shows that by using modern technology we are not locked in position. But you should make sure that you stay in control. You don’t want to send an employee to work at home before his/her PC has been verified as being compatible with the security requirements you have stipulated in Modern Workplace. And it is important that you have an IT partner or an internal IT department which monitors and detects any potential threats.
Amesto chose Modern Workplace with Office 365 Enterprise, Windows 10 Enterprise and Enterprise Mobility + Security. You can read more about Modern Workplace her