As a cloud-native organization with a large number of developers, Information Security (InfoSec) is serious business. Protecting Matillion from potential security challenges involves ensuring that our applications and cloud-based infrastructure are well designed, tested and monitored. Security doesn’t stop there, we must work across all business units to deliver safe growth, at pace.
We want to ensure that security at Matillion follows the current best practices and requirements for our business while continuing to give our employees the freedom to innovate
Here are a few common misconceptions about InfoSec departments and how we approach security at Matillion.
Myth 1: Security is the department of “No”
The information security department takes its job very seriously – and for good reason. In the first half of 2019, data breaches exposed 4.1 billion records and cost many affected companies millions of dollars to address.
InfoSec professionals have a reputation for being strict enforcers of best practices to keep the organization safe. This often means that coworkers are scared to ask about security for their initiatives because they fear that the project or concept they have will die at your desk.
At Matillion, we aim to do things differently. We try to shift the role of InfoSec from a department of ‘No’ to that of a true business enabler. Through internal security awareness training and open, transparent communication about risk, Matillioners can play as much as a role in keeping our company safe and compliant as our InfoSec team.
Myth 2: Security is the brakes
Security is definitely the brakes – we need brakes. But not in the way that you think.
I recently used the analogy of the Japanese bullet train at a company presentation to help Matillioners understand the role of security at our company. The bullet train could reach speeds well in excess of anything seen before in the railway industry. However, a bullet train isn’t practical until the train’s brakes are powerful enough to safely slow it down. By taking the time to tune the brakes, the bullet train can then achieve its fastest speed.
In a similar fashion, an efficient security department can do the same. If the proper protocols are in place, we can increase the velocity of the business.
Myth 3: Security is an afterthought
We develop our products, Matillion ETL and Matillion Data Loader, in-house. Inside software development, there has been a shift: incorporating product security now begins at the start of the development process, not halfway through, and lasts throughout. Empowering developers to think about security early in the design phase prevents large-scale refactoring and arbitrary logic gates at the end of the process.
In user experience, security is best when it can go unnoticed. We design Matillion products with the hope that security becomes part of the general user experience. It’s part of the fabric of the product and embedded in the culture of the business. It’s an indelible part of company-wide initiatives from the outset, helping to guide our stakeholders to their business objectives safely and securely. Working closely with our UX teams, we aim to reduce the security burden on all of our customers.
Myth 4: Documentation is boring
No matter what line of business you’re in, robust policies and procedures need to underpin your company’s security guidelines to help enable the second line of defense. At Matillion, we don’t see the value in hundred-page policies that are paid lip service to, but we do value the controls the effective policies can achieve.
We continue to refine our governance, risk, and compliance (GRC) processes to enable the whole business to operate inside of policy controls with ease. Allowing the business to be engaged in risk management from the ground up ensures that risk management addresses real business risks from each department.
We aim to automate policies where we can, investing in Policies as Code (PaC) to allow the business to move quickly, whilst maintaining compliance with our international standards.
Myth 5: Security is scary
Maintaining a security function is a bit of a challenge; you have to decide how to organize resources, build relationships and interactions with the rest of the business, and empower every department to ‘be secure.’ And while data and security breaches continue to dominate the news cycle, our mission inside Matillion’s security department is to be a resource for every employee. We welcome conversations about risks and best practices so that our company better understands how we can stay secure and keep out of the headlines.
Join the InfoSec team at Matillion
It is an exciting time at Matillion for security. As we continue to grow at rapid pace, security remains an integral part of the business. If you are interested in being a part of a world-class organization, browse our open InfoSec roles to learn more and apply today.