Information Security is a Top Priority for BitTitan
All online users are conscious of the privacy and security of their personal information. Corporations share the same concerns.
Just this week, news surfaced about a massive security breach of a major video-streaming service, apparently affecting all accounts made on the service. After hearing about it, I changed my own password on the site and enabled two-factor authentication. You have likely made similar changes after learning about one instance of leaked data or another.
BitTitan, home of Perspectium, recently took an important step in our security and risk-mitigation efforts by appointing Joseph Nguyen as Director of Information Security. Bringing decades of experience to the role, Joseph will oversee company-wide initiatives for a unified approach to development, quality assurance, and implementation.
I recently interviewed Joseph to learn more about his role, along with his perspectives on and vision for security at BitTitan.
“What does information security mean to BitTitan?”
Joseph: It means a few things. With MigrationWiz, Voleer, and Perspectium, we already have solid security built into each product. Now, we’re moving forward with a combined and unified security program across the BitTitan product lines. We’ll make it even easier for the divisions to meet the security requirements for customers.
Corporate-wide security will also provide internally a unified view of security and compliance processes. It will be easier for us to discover needed security information and to identify how we are doing with SOC2 and with ISO27000 series. So we’re looking at a more structured and a more unified approach to distributing information internally. We will have a strong basis to provide enhanced communications.
For everyone who is new to BitTitan security, they will get the information they need. So the security program within BitTitan is for everyone’s involvement, not just for the information security department and IT.
Everyone takes part in this program in order to make it successful. So with the unified structure, it’s easier for employees to find the information they need and to understand their part. There are certain things we’ll provide to help bring security for the entire company to the level that we want and the level that our customers expect from us.
Also, we’re streamlining the security governance initiatives that we will have going forward. They will further enhance our security, and further our compliance certification. So for now, we are looking at SOC2 compliance but in the near future; we will look into getting ISO 27000 series. This year, a corporate-wide program will help us achieve that.
“Could you speak more about company-wide investment into security efforts?”
Joseph: It’s very important for our customers to see that, and to understand the level of awareness training that we provide to our employees. Part of data security comes from the technologies that we provide. But the other part comes from the awareness of our own employees. Combining those two, we will be able to bring a top-notch security posture to our customers.
And to make it transparent, to make it available to customers, what better than getting these certifications? We will be audited by third-party professionals. And this will be shown in our reports – how well we train our employees, how well we design our security, and how well we set up our own compliance programs to satisfy all the requirements for security that our customers ask for.
“What does BitTitan’s information security mean for our customers?”
Joseph: Data security is the core of all the services that we provide to our customers. It’s very important that our customers understand how well we secure the data that they send us for processing.
A newly unified approach will make it easier for them to understand the streamlined processes that we put in place. With these and their understanding of the security architecture, it will be easier for them to do assessments on our information security.
“For Perspectium customers specifically, is end-to-end encryption the main security benefit?”
Joseph: Well, the benefit is both encryption of the data and how we handle the data within our architecture. So in our infrastructure as well – where the data is going to, who gets access to the data, how the data gets backed up.
All of those combined provide a very important view of Perspectium security for our customers to look at it and to see what BitTitan security means for them. For the process of client security assessment, we’ll be much more streamlined with this new structure in place.
“How do security breaches that customers see in the news affect their concerns about the security of their own data?”
Joseph: It’s just common sense that when you hand over your sensitive data to a third party, you want to know how well they will protect their data.
So with all of the security and compliance processes that we put together, we will be able to answer all of their concerns, including well defined monitoring and alert capability, intrusion detection and prevention, and full transparency in reporting. That will help them sleep better at night when they hand the data over to us.
And that will build a better trust for our future customers as well. Large enterprise corporate customers who trust the way that we handle their data and the processing of that data can be a good testament.
“How do differing roles within BitTitan contribute to the overall security strategy?”
Joseph: Everyone within BitTitan plays a very important role in our overall security. Regardless of one’s level of access to the customers’ data, what one does will affect directly or indirectly the security of our system or our customers’ data. How each of us safeguards the company’s assets – that is, computers or information – reflects the level of commitments we have to our customers.
Some of us are handling our customers’ contact data, some handle accounting information, yet some provide support to customers’ scoped data. Our software development folks do not have direct access to any of the customer information or scoped data, however, their final products do. Our strategy is to provide the highest possible level of security at every level, including how the products’ software is designed and implemented.
So, before engaging in any activity – be it opening a laptop in a public setting, or downloading a package from a site, or adding a software library to the software development process – I would ask everyone to pause and ask themselves whether the action follows appropriate standard security procedures and does not violate our security policy and put our systems at risk.
“Thank you for sharing your perspectives, along with BitTitan’s emphasis on security.”
Joseph: My pleasure. We’re excited about being on the road to additional certification, and providing a more unified view of security internally and to our customers.