Trivadis and the Security Industry
by Eric Bilang

Security has enjoyed a long tradition at Trivadis. As an IT service provider with our roots in the database sector, we have always had to address security-related issues. Since we work at the core of electronic company values and since we have developed and expanded these values accordingly in many customer projects, we feel a special responsibility towards the data and information. That’s why we’ve made IT security our business for such a long time now – and why we also make it an independent service offering.

Security is a question of consistency and balance

True to the motto: “You can't afford too much security, but you can't afford to have too little”, we apply this to our solution concepts to cover the total development of data in the net product. We therefore create security concepts that genuinely offer protection and not just the appearance of it. The strongest vault door is of little use if the walls are made of cardboard. For us, offering a solution is not “just” about the Return on Investment. We look for solution concepts that are scalable and that don’t unnecessarily complicate the handling of data or unnecessarily increase the operating costs. Our goal is to make IT security much easier for our customers.

Irrespective of a company’s own security demands and drives however; data protection laws also demand appropriate specifications. These laws do not define the how of handling data, rather they describe the rules and regulations governing this issue – how you choose to implement them is up to you. Besides data protection laws, other laws also define regulations which are fundamental for handling data and information, such as confidentially dealing with procedures that must be reported in listed companies. Since more and more people operate data with and through IT, the enforceability of legal claims by third parties now has a lot more fuel for its fire. Recent court cases clearly illustrate this. By moving business processes to IT, the ground for complying with laws in IT has become a question of the scope of the security strategy.

Groups seeking to enter into a business relationship with a company are increasingly asking about its risk management. Investors, whose financial commitment also applies to an information, and thus competitive, lead for the company, as well as customers and suppliers want to ensure that their orders will be filled and their deliveries and payments made reliably. This can only guarantee whoever is making sure that the systems and information necessary for this cannot be bugged or manipulated. Conversely, efforts are made to only grant access to information and systems to authorized persons.

A well-designed security strategy is an essential foundation stone in a world dominated by cost pressures, speed and heterogeneity. Developed as a modular concept, it offers the ideal solution for keeping pace with the company’s growth and expansion under the legal and business standard parameters. Drilled down, this security concept comprises the following services:

• Security strategy (security model, security concept & policy, risk analysis, security operation, security audit & review).
  
  
• Basic components (PKI, data correlation).
  
  
• Signature & encryption (data transfer, data storage, single or reduced sign-on, directory services, central user management).
  
  
• Access control (Enterprise User Administration, Single Sign-On, web entry services).
  
  
• Network & host (firewalls, IDS, system architecture, mobile systems security, VPN).