It has become more common to hear about the following topics on the news "ransomware ensures that data is held hostage" or "there is a data breach that contains private-sensitive personal data to be traded online". As an organization, you can no longer ignore the fact that your IT Security must be fully compliant to prevent these types of incidents. But how do you do this? You’ll find out in this blog!
IT Security used to be a priority for the IT department and the enterprise architects to worry about, but a shift has taken place in recent years.
At management level you can no longer turn a blind eye to IT Security, as it’s now become a point of attention for the entire organization.
IT security issues have been on the news so much in recent years, you shouldn’t be ignorant as an organization. When a security breach takes place within the organization and you have not done anything in advance to prevent this you will not be able to get away it with.
Where does the responsibility lay?
When you use suppliers, the suppliers are responsible for resolving the so-called CVEs (Common Vulnerabilities and Exposures). This means that the supplier must keep an eye on the security of the software and regularly offer bug fix releases and updates to the customer.
The customer is then responsible for the updates. Do you use your own software, and do not have a supplier? Then this responsibility lies with you.
But what exactly can you do to ensure your IT Security? Lifecycle Management (LCM) of your software is really essential here. LCM ensures that you set up a system of protocols to keep the security of your IT in order. It’s crutial that LCM is set up within your organization as a continuous process and not as a one-off action. When you own software, you must make sure that your code is always secure. With LCM you set up processes to continuously test safety. Then you work out updates for your customers and make them available. Do you use the supplier's software? Then your responsibility is to carry out the updates regularly and to test them extensively. A software update can have any negative consequences for the operation of the software and the links with other systems.
In order to be able to execute LCM properly, it’s important that your entire organization is set up for this. You must have the capacity to be able to update and test monthly or quarterly. In the ideal situation, you’ve set up automatic regression tests. With this you ensure that the software is constantly changing and that the tests are also running regularly. If you do not do this, there is a danger that manual tests will be pushed back or that business functionality will take precedence over LCM. If this is you current scenario, then problems only become visible when they are already an obstacle and the entire organization suffers. Your LCM process should be set up in such a way that updates are actively tracked, without it taking too much effort within your organization. If you don't properly track ,delay updates and tests. Then the later update will be more challenging to perform. The update will then take much more time and your software will become more vulnerable with every skipped update. The faster you make small changes, the less effort it takes and the more secure your software remains.
WeAreFrank! is the in-house supplier at the largest insurance company in the Netherlands. For more than 20 years, we have provided a well-integrated IT architecture for bringing together data and smoothly running work processes. Curious how we do this? Download the case study!