Communications Academy

What kind of security is important for an employee app?

April 18, 2019 Season 1 Episode 10
Communications Academy
What kind of security is important for an employee app?
Chapters
Communications Academy
What kind of security is important for an employee app?
Apr 18, 2019 Season 1 Episode 10
Staffbase
Show Notes Transcript

What kind of security is important for an employee app?

Want access to the Staffbase Security Whitepaper ? Click here.

Speaker 1:
0:03
Let's talk about security, uh, trust. Um, when you decide to launch an employee APP, a mobile communications project, of course you know that you're going to face some internal barriers from your it team or from your cyber team. And they're gonna want to know is this safe for our organization to use? And we can go on and on and on about different security features. But I want to keep it simple and I want to keep it at a high level, um, because just a few principles are usually enough for your security team to have an initial feeling that hey, this might work. And then we can of course dig into details together to the initial principles are as follows. First of all, this project and this platform is intended to help facilitate your company's internal communications, uh, top down type of news and feedback from employees, communications within groups, within business units, within locations, um, community type communications from the bottom up inside those groups.
Speaker 1:
1:16
And these types of communications are not confidential in nature. So staffbase in general, it's not a platform where you are ever putting onto it, uh, your patent information, your most valuable trade secrets. That's just not content that ever you choose to put on the platform in the first place. Um, and this is a really important point in understanding the, the trade off, um, around security that you're making with a platform like staffbase. So I'll just make a couple more comments about it. The big trade off in insecurity is between high security and high reach and it's, it's basically a, a zero sum game between security and rich. So for example, you could have something that's really high security, like you need to be physically present in this room in order to access this information and we can control who gets into the room, uh, with, with biometric, you know, reading, um, that and that would be really high security.
Speaker 1:
2:24
We know who's, who's accessing that content, but it's going to be really low reach. I mean, I'm not going to be able to access it from anywhere else except for this room. What we're trying to do with the staff based platform and with mobile first communications is actually get everyone at your company on board, non desk workers, non salaried employees, folks in the field. And that means reach is a big priority for this project. Otherwise, what's the point? It's a communications platform. So I'm not putting confidential information is part of the off that we make to gain the high reach that can create so much value in transforming the culture, getting everyone on the same page, making it easy to find information. And so much of that information is valuable without it needing to be the highly confidential stuff. So that's the first point. The second point about staffbase is a certification and called ISO 27,001.
Speaker 1:
3:24
And the reason that this is really the be all end all, the one thing to say about what we offer of anything is because number one, it's a third party certification. Uh, that means it's somebody else who's vetting us. And we actually get audited every year, um, at a random time. They come in and they're checking what we do across a number of dimensions. So it's not just, you know, do we have secure software and secure software development practices, but do we limit the, the, the group of people internally at staffbase who have access to your data in the backend only to be the people who are serving your account. All of these in house best practices. What kind of internal password protocols do we have at staff based? What's our own information security policy? Like? Um, all of these things, these organizational best practices across a wide variety of areas are covered under the ISO 27,001 certification, which is the gold standard in the world for an organization being one you can trust with your information security. So between not putting confidential information on in the first place and ISO 27,001, you are pretty well armed just to get the conversation started with it and with cyber and with your security folks. And we'd be very happy to go into all kinds of details on the great security features that we have in every area of the apps development and deployment and the organization, et Cetera. Um, just give us a call.
×

Listen to this podcast on