Information Security on Cloudy Days

Even if you are a sunglass salesman, some types of iPad and coffeeclouds can be good for your business. When talking about cloud technology and cloud services, the word ‘cloud’ is essentially just a metaphor for the Internet. Instead of using the hard drive on your computer, the Internet is used to access data and applications. One of the great things with cloud technology is that the tasks that previously only could be carried out at work, now can be performed on any device, anywhere, anytime. Just think of the possibilities… Maybe invoicing from the bathtub?

Cloud technology does not only bring flexibility – end users no longer have to install and update software. The software is accessible through your web browser and the updates are performed by the service provider.

What About Security?

In cloud services, there is a lot of information being sent over the Internet. This information is often sensitive and must be protected. Trust in the cloud service provider is therefore essential. You do not want to send sensitive information over the Internet if you can not be sure that it is handled with care by the service provider.

Cloud SecurityIn an investigation from The Norwegian Business and Security Council (Næringslivets Sikkerhetsråd), Norwegian businesses were asked if they had been victim of hacking. Only 4% answered yes. Two independent security actors then analysed security related data in a selection of the businesses. Their analysis showed a hacking rate of 50% and 66% respectively (read more here). In other words, many of the businesses that had been hacked were unaware of the attack. When you choose a cloud service provider that you can trust, you do not need to worry as much about security as before.

Visma’s customers entrust Visma with critical and sensitive information. To provide transparency, Visma recently launched a Trust Centre website. On that site, the actions taken to ensure information security are presented. It aims to provide customers with necessary information to make a qualified decision about Visma as a service provider.

When using a cloud service, important parts of the security work such as updates and backups are handled by the service provider. Even though many security aspects are covered by the service provider, you can not let your guard down completely. You must for example make sure to choose good passwords, and protect your passwords. See what Edward Snowden has to say about passwords in the video below.

My First Management Trainee Project

My first project as a management trainee at Visma has to do with IT security measurements and awareness. In Visma’s Trust Centre, you can read the following:

“The nature of threats is constantly changing, so security awareness is a natural part of our development process and we constantly strive to be even better.”

An important part of security awareness is the ability to communicate about security, and this is what my project is about. The goal with my project is to develop the ways in which security is communicated. The focus is mostly internal within Visma, but in some aspects also external. Security matters have to make sense for all parties – both security experts and other roles. So how is this accomplished? It starts with visualisations.

Visualisations are great for processing and making sense of complex information. In the project, I have created dashboards with visualisations for security matters that can be used by different parts of the organisation. The developer teams in Visma use a project management system where information about projects is communicated. This is where the data for the visualisations is collected. As a part of my project, I have also proposed routines for reporting security matters in the project management system that will enable more detailed reports and visualisations in the future.

Coming up for the Management Trainees

On the 4th of November, the first of five projects comes to an end for the management trainees. All 12 trainees have then been in Oslo since the end of August. For the second project, the trainees will spread out in the Visma organisation and be present in the following locations:

  • Denmark (Copenhagen & Lyngby) – Cecilia, Camilla
  • Finland (Helsinki) – Amanda, Eeva, Peder (partially Oslo)
  • Norway (Oslo) – Alexander, Anders, Julie, Martin, Michael
  • Sweden (Malmö) – David
  • The Netherlands (Amsterdam) – Jonas

Stay tuned for an upcoming blog post from a management trainee in one of the locations mentioned above!

Michael Håkansson is a Management Trainee at Visma. His combined interest for technology and business led him to a bachelor's degree in computer science and a master’s degree in industrial management from KTH Royal Institute of Technology. These same interests have now led him to Visma.
Connect with Michael: