What actions does Kontent.ai undertake to implement security in a modern hybrid workplace, and what are the key elements of a robust security plan that we put in place? Keep reading to find out.
Petr ProchazkaPublished on Jul 25, 2023
Implementing security in a modern hybrid workplace requires a holistic approach that addresses several challenges and potential risks associated with remote work and a mix of in-office and remote team members. At Kontent.ai, we embrace a global and remote-first mindset with team members from all over the world. This gives us the freedom to work remotely while maintaining our company culture intact.
We’ve successfully implemented security in our modern hybrid workplace thanks to the following key elements of a robust security program:
Acceptable use guidelines
We provide baseline security guidelines for all colleagues to protect Kontent.ai against various security threats and to bring a good balance between cybersecurity and productivity.
The Acceptable use guidelines cover device security, data security, password management, and acceptable use of company resources. In the case of password management, for instance, our colleagues are well-informed about the process of creating and maintaining their passwords.
Focus on identity
We work in an organization that is remote and hybrid. That means we have colleagues connecting to the work environment and collaborating on projects worldwide. These geographically dispersed teams give us perfect benefits such as efficiency, cost savings, and the ability to choose team members with the best skills, regardless of their location. The challenge is how to secure access to all the systems. Therefore, identity is our new security perimeter. Our systems and applications require multi-factor authentication and advanced conditional access policies. That means our colleagues need to meet specific policies when accessing company resources in the cloud, such as minimum operating system version.
High-security posture for all company devices is ensured. Baseline controls such as full-disk encryption and antivirus solution are required for all devices with access to company resources in the cloud. Compliance policies and configuration templates for devices are in place, and only users and devices with authorized access can use certain parts of the network. Our endpoints are patched up-to-date, and important security patches are prioritized.
We continuously optimize endpoint usage within our organization through procurement, provisioning, maintenance, and decommissioning. For each of these phases, a specific record exists in a company ticketing portal, so we can prove which actions were taken with a specific endpoint.
Secure cloud services
We set up a control framework for information security in Kontent.ai. All services are classified with Confidentiality, Integrity, and Availability criteria. Certain rules are required for each level of these criteria. Then, the system owner and custodian can follow clear guidelines for implementing security requirements based on the classification.
Asset and software inventory
Asset and software inventory is implemented to have complex visibility of what’s our network and what’s happening in the network. Security-related processes for handling 3rd party suppliers are in place. All systems are properly documented and periodically reviewed based on Confidentiality, Integrity, and Availability criteria.
We also constantly review Kontent.ai supply chain and all parts of Kontent.ai infrastructure (applications, network, services) from Initiation - Classification – Selection – Procurement – Onboarding – Lifetime to Ramp down & Closing.
Auditing and monitoring network access
Lack of visibility often increases the possibility of data breaches, cyberattacks, and compliance violations. We ensure network access, such as untypical travels in sign-in logs, is monitored so that we can detect unusual or suspicious activity.
Periodic penetration tests
All settings related to security are periodically reviewed with internal and external vulnerability assessments and penetration tests. We perform actions such as scanning for open ports or looking for vulnerabilities within our network environment.
Kontent.ai ensures adherence to internal and external policies, standards, laws, and regulations. We demonstrate that by maintaining our ISO/IEC 27001 and 27017 certifications, providing penetration testing and SOC 2 Type 2 Report to our customers, and being transparent about the state of our security controls in questionnaires such as CAIQ.
Maintaining stability in an evolving security landscape
We live in a changing world and see many challenges in the security field, but we need to be reminded that the important things have not changed, and the important things will not change if we keep our priorities in proper order. The key is full visibility into your work environment, getting to know your users, their operations, and applications, and covering their needs while implementing a high-security posture. That means setting up clear rules and ensuring these rules are followed and integrated into the daily routines of coworkers in your organization.