More to follow...

HCSS
From Josh McDonald, services senior manager

Anyone doing business with "electronic data and vendor services" needs to vet the securability of the data and services.  This can be a complicated topic if we let it.  To simplify, consumers need to know and be assured of two items:

—How the electronic data and service works.  An understanding of the application, data, and how it works technically will provide the right amount of information to Information Technology leads to design a solution to protect the data and services.  This should be a primary role of IT, but it requires thoughtful digging and asking the right questions to the software/service vendor.

—How the solution is audited and secured.  Whether it is hosted internally on company servers or hosted externally in any number of different cloud environments, the consumer needs to understand the auditing process and security layers that the solution provides.  Security includes firewalls, virus protection, and intrusion protection, but it also includes more tangible things like who has a key to access the server rack or what external providers are servicing the cloud solution provider and has potential access to data through ancillary means.

HCSS understands both of these points and takes strong efforts to understand how to environmentally secure our products as well as build security measures into the application itself to provide proper assurances.

The thing to remember when it comes to security is that it is an ever evolving problem with ever evolving solutions.  It's important to keep security efforts moving forward at all times and one advantage in this area can be found in simply selecting the correct partners to help.

JB Knowledge
From James Benham, CEO

While no company can promise that an event will never occur, just like they can’t promise that their data center is “flood proof” or “earthquake proof”, those of us who have implemented security policies and procedures can certainly reassure our customer base that we have taken every reasonable measure possible to safeguard their information. We can accomplish this through:

—Providing tours of facilities and responding to on-site audits. We have routinely had our customers visit our data centers and development centers to review our physical and logical security so they can gain first hand knowledge of our protective measures.

—Providing documentation of our security equipment, personnel and procedures that are in place to safeguard facilities, systems and data.

—Contracting with third parties for intrusion review and intrusion prevention and detection services. Our companies should have inside and outside eyes on our systems at all times.

—Providing proof of cyber liability insurance to our customers upon request.

While this is certainly not a comprehensive list of what measures a company can take to secure their clients’ information, it describes what I believe are the top things we can do to reassure our customers that we have their best interests in mind.

Nasuni

From Andres Rodriguez, founder, president and CEO:

From the perspective of storage and cloud, the most important measure AEC firms can take to protect their data is to encrypt everything stored in the cloud with keys that are created and controlled by the firm. That way, if there’s a breach at the cloud vendor, even if data were compromised, it won’t matter. Without the encryption keys, it’s just gibberish.