Back to blog

Being secure in an unsafe world

14 Aug 2017 by Doug Davis

A day doesn’t go by that we don’t hear of another accidental or intentional security breach. If you’re reading this post around the time it was published, we’ve just seen the HBO Hack  which saw ransom notes, leaked episodes, and internal data leakage. There’s also been a significant event that occurred in our own part of the technology industry, impacting Office 365 customers: Microsoft’s recent data breach around tenant information.
Nobody can stop all breaches, unfortunately we live in a world when these events have become so commonplace that we often feel they’re inevitable and unpreventable. This doesn’t mean that you can’t take a proactive approach to security, make smart decisions, and choose tools that are more secure than other offerings. As a SaaS provider that collects and processes Office 365 data we understand the ever-present risks and responsibilities associated when handling data, and have always had a security first approach to our application creation and development.
This approach has three core elements: the right people, the right design and frequent testing of our security perimeter.
First, we ensured that security was prioritised from the outset. The founders of Cogmotive, Alan Byrne and Dan Rose, came up with the idea for the reporting application after many years in the trenches as Exchange Admins. They both worked within very large enterprises where implementing and verifying security was no small task, and developed an intimate familiarity with the challenges of secure design. Their projects were varied, and included creating an encrypted IM chat channel for traders within the Oil Industry, where trust and security are one and the same. It takes time and effort to understand how to build a secure application, and you can’t learn through failures that impact your customers. Cogmotive Reports has high grade security features built by an experienced, security conscious team right from the initial application design.
This approach doesn’t end with our founders, we have continued to put security experience and focus first as we hire and expand our development team.
The second core element is design. It is crucial that you create a fortress around your application as you build it. Too many companies look at what is on the market in their competitive space and just copy the UI and features without fully taking into account the design decisions that were also made.
Security always starts at the front door and naturally we allow the use of Two Factor Authentication as an extra layer of protection and Single Sign on so that the important security information such as passwords remain within your organisation’s control.
We ensure regulatory compliance with complete encryption at rest and in transit for all layers and interfaces. Using this design ensures that sensitive data is not readable by any user or application without a key, regardless of where it is within the framework of the application. This is one of the most secure methods to keep data protected.
Personal data needs to be treated as such, and Cogmotive offers the ability to both anonymise and opt out of service data.

We don’t have any access to your data. If we ever need to work with your data for support reasons, you have to give us specific access within a time window that you define.

Finally, it is important to test your security frequently and extend to independent testing. Have a solid regime of internal testing, but don’t rely on your own capabilities alone. If you rely on your own testing bias always creeps in. Independent testing from an organisation that’s up to date on all emerging threats ensures that the latest risks are always taken into account.
Continual Security Code reviews ensure we don’t have bad code (such as SQL injection) before it has a chance to become part of the base code.
Internal security testing ensures that developers review access and permissions on the data, and makes sure that known threats are factored in, and the team has a continual sense of the risk that the data may be in.
Hire and use external testing organisations to conduct activities like penetration tests to verify that all the precautions that have been taken are actually working.
These three design approaches combining people, design and testing create a singular security infrastructure that bolsters security for your data in an unsafe world. If you want to find out more about our security measures, FAQs, and how we handle your data, you can find more details here.
Cogmotive is the leading global provider of enterprise level reporting and analytics applications for Office 365. Find out more now.