Security Built in from Day One at VAKT
These days, security of data – particularly digital data – is a key concern. As many adopt SaaS solutions in the cloud and applications are often hosted outside of their own premises, security of that data is also increasingly important. So, when VAKT got started a few years ago, not only did it resolve to utilize blockchain, “but it also built everything it did around security,” said Nicholas Secrier, VAKTs’ security head. “In fact, I was employee number three – security was seen as that important!” As he told me.
“The industry has and will be the subject of attacks and so security is paramount.” Security posture was seen as critical to the successful adoption by VAKTs’ growing customer list and so there was a security roadmap in place from day one that is constantly being updated. With a global set of customers, VAKT also had to understand and be compliant with different standards and attestations like the ISO27001 standard or SOC2 and, it had to adopt the right security posture to satisfy customers but without hindering or placing roadblocks in front of VAKTs’ development.
Nicholas is clear that security is not simply about adhering to a standard but is in fact, a way of life and built into the DNA of the company. This means that communication is imperative with staff, partners and customers – communication and training. “You have to make sure that people naturally do the right things and that there is a culture in which people can openly point out an issue without fear,” he told me. With the latter point he means that if someone makes a mistake, they can report it immediately without fear of consequence thus hopefully allowing a fix before the situation gets worse. “We started with ISO27001,” he said. “Then we expanded to the SOC2 standards but then Governments and regulatory bodies recognized that more needed to be done and so they came up with NIS2. However, we are operating well beyond NIS2 and other standards and intend to remain that way. It isn’t cheap and it takes time to reach that level of security posture.”
While VAKT is still quite small itself, it fully appreciates that its customers see security as important and are themselves covered by these standards often as critical service suppliers. The NIS2 directive becomes mandatory on November 27th and contains “a lot of good practices and good hygiene.” Of course, since the pandemic, much has changed with many remaining working from home for at least part of the work week. VAKT is also a cloud company, so it has no physical infrastructure of its own. VAKT and its staff only really require a good or reliable internet access so applying proper security processes and procedures is simply good risk management. As is demanding the same security posture of its suppliers as well.
Essentially, from its establishment VAKT has approached everything it does with a security mindset to satisfy the concerns of both customers and partners, but also to provide a secure service. In the future, it also hopes that perhaps the NIS2 directive could be another reason to potentially drive the oil industry to adopt its vSure product to validate or confirm trades as the current processes of using insecure emails is suboptimal from a security perspective and the NIS2 directive may encourage the oil sector to adopt vSure and grow the existing VAKT network of clients.
Keep in touch and sign up to our Newsletter
