Security at the core enables good business

Learn why security certifications are more than just a badge, but a fundamental element woven throughout Objective

Recently, during Collaborate 2020, Anthony Turco, Chief Technology Officer at Objective, discussed the work that goes into certifications like ISO27001 and IRAP assessments.

“Often, when people think about certifications, it’s the badge they see and it makes them move to the next stage. You’ve satisfied that requirement. But for objective it’s much more. There is an entire program of work that goes into these certifications. These certifications are the token outputs of the daily work everybody does,” said Anthony.

For Objective, it's much more. There is an entire program of work that goes into these certifications. These certifications are the token outputs of the daily work everybody does.

Anthony Turco

Chief Technology Officer at Objective

“A certification like ISO27001 has 14 different security domains around 114 different compliance checkpoints that need to be considered. It’s an enormous amount of work covering everything from employment to HR security, to the way we use cryptography to security policies and so on. It is also a risk-based approach to security.

“IRAP is specific to Australian government organisations and in case of Objective Connect, it’s been assessed all the way up to protected level. With IRAP, you can set a targeted evaluation that gives it the scope of what’s going to be reviewed. And within that, there are a number of assessments that have to go through to demonstrate compliance with the government’s objectives. In that case, it’s considered highly compliant- a wonderful result.”

“Another one that is on the forefront of SaaS vendor if you will, is CSA STAR – 16 domains, 133 different control objectives. What’s interesting there is it’s aligned with most international standards.”

When it comes down to it, ISO27001 and IRAP are really just scratching the surface of Objective’s security program.

The cloud perspective

“If we look at the cloud in terms of security, in most cases the cloud is more secure.” If you look at your internal security team, and that team has a number of competing interests, they have to consider the enterprise user, they have to consider the homegrown apps, the enterprise apps – all of the networking infrastructure. It’s a huge footprint and the attack surface is large and buried.

When you look at a SaaS vendor and SaaS application, in most cases you have multiple security teams and internal security teams responsible for that organisation. If you have a reputable vendor, you will actually end up in a more secure position as you move those applications and data to the cloud."

Security looks like for objective products and customers

“The security we spoke about is breathing and we have to do that as a by-product of good product design and good execution.”

The security we spoke about is breathing and we have to do that as a by-product of good product design and good execution.

Anthony Turco

Chief Technology Officer at Objective

"When I think of security and Objective moving forward, my mind more often than not goes towards machine learning and what we are doing within that space and vast amounts of data necessary for building models that are actually useful. "

“Without security at the core, you are really setting yourself up for failure. Security should be transparent. It should enable me to get my job done and enable me to securely share information or collaborate with third parties. Security is woven in at a fundamental level throughout Objective’s suite or products.”


Watch the conversation from Collaborate 2020: