By Anu Halme, Head of Professional Services and Basemark’s Security Officer
October 9, 2020
The Covid-19 pandemic forced people to move to remote work and leave the certified and secure offices . We’re in the same boat with the whole industry. As Security Officer I am prepared to answer our customer’s questions about things like access management and visitor management, of course. “Frau Halme, who visited your Helsinki office on February 15th, 2019 at 1 pm?” used to be an easy question to answer. Well, it still is, but the actual work doesn’t take place in the office anymore but the importance of information security still remains high.
Basemark was able to finalize its TISAX assessment flawless on the Very High Protection level which is sometimes also called TISAX 3. TISAX is the information security framework and standard for the automotive industry that brings all players, the manufacturers, suppliers and the software partners to the same level infosec-wise.
Communication and awareness
We think that communication is the key also in the case of data protection in the pandemic times. The scrum teams keep the level of communication high all the time, even when working remotely. We keep all daily and weekly meetings, retros and grooming sessions around the current C++, Python and automotive HMI projects. Close communication and an atmosphere of trust is crucial for the success of the software project itself, for the wellbeing of the people and for the security. Only when people feel themselves secure, they dare to tell about possible issues and incidents in their home office. If the IT doesn’t know about possible issues, they can’t help.
We pay strong attention to the awareness part, regular trainings and understandable policies help the Basemark developers, designers and other staff to work in a secure way without impediments.
Damian Nachman, a Scrum Master at Basemark about running agile projects during the pandemic:
“As an international company with colleagues around the globe, we’re used to hold our scrum meetings remote. When you get used to that, there is no difference to having everyone in the same room. The only downside is the onboarding of new people, that takes longer than normally.”
VPN and VDIs
The TISAX framework presumes that data is kept separate, Basemark data must not mix with the customer data. This separation is easy to implement with the help of the Virtual Desktop Infrastructure where the user is operating a remote computer through a video connection in her or his browser. In this way, no customer data or applications is stored on the hardware placed in a private home.
The connections between the remote working places and Basemark offices or our customer’s networks are secured with VPN and there is no access without Multi-factor Authentication. MFA is the new office key, I’d say.
Teams vs. Slack
Microsoft Teams has improved a lot during the last years and we have assessed it being a fairly cybersecure communication tool to be used also in confidential discussions. In our internal communication we use Slack a lot but our developers know well that Slack isn’t the right place to paste customer code because that would violate the separation logic of company and customer information. Personally I like Slack more because it is easier to see who is around; Slack creates better feeling of togetherness that is so difficult to maintain during the corona time.