21 July 2021

A common & integral security policy

The impact and complexity of digital threats is increasing. The supply chain attack through Kaseya is a good example of how sophisticated these attacks are. It underscores the importance of a collaborative and integrated security policy, acting together, sharing knowledge and looking critically at both the internal and external organization.

An important part of the security policy is not to blindly rely on reputable suppliers in addition to best practices and standards. It is important to ask questions, request documents and assess the risks with all suppliers, large and small. It is part of our culture, woven into our DNA and an important part of our service.

A good example is the recent PrintNightmare vulnerability we informed you about. We performed a technical analysis on the vulnerability over the weekend, immediately after the announcement, to understand the risk, the impact to our customers and the attack vectors. Based on the technical analysis, we determined follow-up steps. This structured approach is a permanent part of our working method and culture; always perform an analysis first, involve all relevant stakeholders and only then determine the next steps. In this way, we ensure a well-considered approach to vulnerabilities and potential risks, with data confidentiality always at the center.

Of course, this is not up to us alone but a joint effort. We can learn from each other, join forces and discuss how to work together on this. Security, privacy and compliance is a broader issue, about which we are already in discussion with various customers and would also like to spar with you. We do not have a monopoly on wisdom and would also like to hear your insights in order to jointly arrive at an integral security policy.