Intranet security 101
Now that the corporate headquarters has gone digital, information security is at the forefront of protecting your enterprise. But what does it take to safeguard your intranet? We've invited our Chief Information Security Officer, James Heathcote, to unpack everything you need to know about keeping your intranet secure in our latest podcast episode.
The essentials of intranet security
When it comes to intranet security, the stakes have never been higher. Your intranet is no longer just a tool for communication and collaboration. Instead, it is the channel your employees rely on to connect with colleagues, exchange information, and contribute to the success of your business.
Your IT team is likely to already have security threats on their radar, particularly as cybersecurity risks continue to climb. While protection efforts may be focused on your client-facing systems, your intranet can also be vulnerable to hacking. Consequently, keeping your employee experience platform secure is a priority that can't be overlooked.
On-prem security vs the cloud
On-premise intranets come with lots of layers of security, and everything is handled in-house. Typically, this means that your users will need to go through several hoops to access your intranet, including VPN access or dealing with limited accessibility when they're outside of the office. Consequently, this model can prove limiting, particularly in the hybrid era when many of your employees are likely to be working remotely.
"On-prem security means you control it yourself. But you then have to hire a whole suite of people to manage that."
As a result, cloud-based options are frequently preferable because you can keep everything secure, while still having the freedom to make things accessible to everyone. James Heathcote highlights that if you have an on-prem set up, you will need to hire a number of people to take care of your security. In contrast, if you use a platform that’s built on third-party software from organizations like AWS and Microsoft, you get this perk built into the product. Those organizations have huge teams of people whose sole purpose is to ensure the platforms are secure.
"The true benefit of the cloud is leveraging the expertise of those organizations (AWS, Microsoft etc.) and rolling out those best practices and implementing them into your own organization."
Identity protocols
When you're talking about the cloud, identity is everything. If you're implementing an intranet platform, you'll already have identity protocols in place, so there's a process that needs to happen to navigate this into your new EXP.
There are a lot of security systems and protocols that have to be worked around, and the team discusses what needs to be done from Unily’s perspective. Glen Chambers highlights that you can run security training sessions and work closely with all teams, but there is a human element involved and the onus is going to be on the individual users:
"Even if you put in place all the best practices in the world, it ultimately comes down to the individuals themselves, and they are the most insecure part of the chain."
When you have identity protocols in place, there’s a risk of password sharing that can’t be ignored. James explains that if you're trying to lower that risk, it's important to prioritize cryptography, data storage, legislation and encryption.
The power of ISO
There are lots of different security accreditations available. Unily is proud to have both ISO27001 and SOC2. But what does that actually mean? In short, these accreditations ensure that the systems and processes that are implemented offer greater protection from external threats. James gets into some of the details, explaining:
"ISO is about pulling best practices together and standardizing them; making a common set of criteria that you can be assessed against. It’s about quantifying everything you say."
ISO certifications are critically important to organizations because they are universally recognized and set the standards for intranet security. If an enterprise is already meeting those standards, it saves time in the long run; everything has already been audited and the need to check individual factors is removed because the certification is in place.
"ISO is a baseline for us at Unily – we take it very seriously and it’s essential we get this right. If you’re using a cloud provider, you’re relying on these independent assessments to determine if the company is legitimate to do business with."
Balancing intranet security with innovation
Is it possible to continue to drive innovation without compromising the security of your platform? In the case of intranets, you can achieve the best of both worlds: a platform that is safe and secure, but also ever-evolving in order to engage your workforce.
"The process for accreditations is rigorous, but we apply that same level of rigor to the way we go about development of the product itself. Some of those accreditations talk about our people, how data moves from one system to the next etc. But we’re doing all of that at the same time as building a product to the highest possible tech development standards."
Collaboration and feedback happen constantly, and as support tickets come in, opportunities are being looked for. James explains that when penetration tests pick something up, it opens the door to new possibilities. Ultimately, it’s a balance of compatibility and security, and the team constantly walks that line to deliver the best experience to customers.
Learn how to keep your intranet secure
If you’re looking to join the conversation and learn more about the importance of intranet security, check out the full podcast episode, now available to download on Spotify. To find out how we can help keep your intranet secure, contact our digital workplace experts today.
Your security is our top priority
At Unily, the security of our clients’ data is of utmost importance. We use the latest technology and processes to ensure your intranet is always secure, so you can rest easy knowing your data is in the right hands.
