IT security has been a popular and much-debated topic in recent years, especially after the arrival of GDPR. To get an understanding of how increased security requirements affect business today and in the future, we turn to Anders Klintelius, CTO of Stratsys.
What does a CTO (Chief Technical Officer) do at an IT company?
"As the CTO, I take overarching responsibility for the development of our products. I ensure we can deliver a technology platform with global scalable services that are loved by our users", explains Anders.
"It's also my job to ensure that we implement the latest safety standards – and that the right level of security is present throughout the business. Safety considerations are applied to both our own internal processes and technically within our products, so our customers can always feel confident about how we manage their information."
What are the requirements for the security of cloud services today versus 5 years ago?
"These days our customers are more mature when it comes to driving discussions about security, says Anders. The questions asked are more advanced than they were five years ago, as many are now actively working with information security."
"Previously, a service provider's focus was primarily on the technical security of the applications and the operating environment. Today, it is equally important to ensure you can live up to international safety standards, such as ISO 27001/2/18."
What does this mean for Stratsys?
"When we develop our products on the Stratsys platform we work with manual security audits, but recently we have also automated elements of security. We scan, for example, all code that is pulled to find vulnerabilities – and when applications are built, we do automated security scans at the application level with Detectify."
"Additionally, we also do automatic scans of the operating environment to find security flaws in the infrastructure, Anders explains. A number of our customers even do their own safety reviews, including penetration testing of the Stratsys platform. A key component of information security is about secure logins and permissions minimization, which today is more or less standard."
"With a centralized login, you even have the opportunity to connect to new smart AI services, to be able to detect whether a user account has been hacked and automatically implement measures to minimize the risk of information leakage."
"But security is about more than just technology or organisation. The technology needs to work together with the organisation for the work to be successful."
"Achieving a high level of security in a system also requires that service providers and customers have a joint discussion to set up a secure solution. With that said, information security involves not just the IT department but often the whole organisation."
What do you see as challenges when it comes to the demand for increased security?
"The biggest challenges right now concern Cloud Act and GDPR – the laws contradict each other and thus make it difficult to keep compliant. When it comes to machine learning and artificial intelligence, it looks like they will turn security work upside down."
"This technology can be used to take data protection to a new level, says Anders. But can also be used by malicious actors who want to spy and steal information."
"Those who are investing most in the latest technologies are the American giants, which becomes problematic when many organisations don't want to release security-classified information because of the Cloud Act."
If you had to choose one – which trend can IT companies not afford to ignore in the coming years?
"If you ignore security you're not going to exist within a few years, stresses Anders. We are also seeing a transformation of traditional applications into smart services. Smart services that are based on the information that the application knows can give the user intelligent insights and suggestions – instead of just being an input interface and information display."
Are you ready to digitalize? Then I would like to recommend this guide "How to find the right system in the GRC-jungle", where we help you find the right system for your consulting services. You can download it on the link below.