Cyber security is a hot topic right now. What is Clever Advertising doing to make sure it maintains the highest possible security standards?
Fernando Guedes - Indeed, a very hot topic, and in my perspective, it will always be a hot topic. Constant changes and IT developments force us to be ahead of the game.
Clever created Zero Trust Policies and has regular audits through SOC (Security Operation Center), which monitors our network traffic. We invest in software development processes like OWASP and in source code analysis tools.
Our company is human-centric although being a tech one. It has a deep focus on human resource training and a constant flow of knowledge and training prevents malicious acts to jeopardize our business.
What technologies do you have in place to do this?
To simplify, I will separate into three major groups of action. The first is the most sensitive to error: people. We have a Global Active Directory group policy, and our users work under it. To deepen the security process, we make use of password and secrets manager policies, antivirus and VPNs to connect critical services are mandatory. But, by far, the most important policy within this group is awareness.
The second group is data traffic, network, and assets. The biggest challenge is in relation to Zero-Day Vulnerabilities and DDoS. Given the amount of equipment and our traffic span, we chose to work with partners who are experts in the field. We have an agreement with Cloudflare, and a global agreement with our network provider, working from an IaaS (Infrastructure as a Service) perspective.
The third and last group is software. We develop our applications in-house. One of the tools that has helped us in the analysis of static source code is SonarQube. Also, we use Intruder.io to perform continuous Penetration Testing.
Can you tell us about some of the certifications for information security that Clever Advertising holds?
We are ISO27001 certified and have this certification renewed every year. This keeps the focus on the best practices and a culture of information security. The challenge is to remain an agile company without bureaucratizing processes. An ongoing process is ITIL and COBIT employee certification. Best practices and frameworks are key for service quality and continuity.
How do these strengthen your reputation as a leading online advertising company?
Everything in Clever is agile and lean. From acquisition techniques to our own non-bureaucratic IT process. We keep ourselves on our toes and we refuse comfort zones. We take the lead on innovation, and we focus on the long-term results. Every day, constantly.
How is Clever Advertising using new and innovative technologies to ensure it remains compliant with ever-changing regulations?
Great question. We have an incredible communication flow. Combining it with our lean and agile model we can always be up-to-date and compliant. Technology-wise, we test, test and test. We test programming languages, services, etc, and we make our own benchmarks.
Most of our IT professionals contribute to Open-Source projects, so we know what the community has been up to. Our global advertising structure has a similar structure for innovation, we first establish what problem we want to solve, and then we start to discuss and carry out MVPs (minimum viable product). This may seem very simple and easy but I can assure you it is not. This is the result of decades of work and many department synergies.
Source: SBC News