Ellen Benaim, Templafy: ‘We should empower people handling data’

6 Dec 2019

Ellen Benaim. Image: Templafy

Ellen Benaim, information security officer at Templafy, shares her perspective on the evolving world of security.

At Copenhagen-based Saas firm Templafy, Ellen Benaim is responsible for developing security strategy and ensuring that the company is always pushing itself to be as efficient and compliant as possible.

Here, she discusses how cybersecurity culture in organisations could be improved by changing the method of delivery, the ‘cloud shift’, and more.

‘The ultimate leap of faith companies must take is the switch to cloud-based software from laborious on-premise solutions’

Tell me about your own role and your responsibilities in driving tech strategy.

I started at Templafy back in June 2018 and have been a part of developing our security-first approach ever since. Day to day, I am responsible for the design, implementation and monitoring of the information security program within Templafy.

This security strategy perfectly aligns with our overall business strategy, which is to achieve and deliver the highest quality services possible. The security team’s constant goal is to optimise our already high standard of controls – we’re always asking ourselves if can we do things in an even more efficient and compliant way? In the ever-changing environment that is security, it is important that we continuously ask this question.

Are you spearheading any major product or IT initiatives you can tell us about?

On the organisational side, I am currently leading our ISAE 3000 SOC 2 efforts. The report is created by third-party auditors PwC and demonstrates our commitment to following industry best practices, which span a wide range of security initiatives.

There are many ongoing initiatives for the product. For instance, I’m a part of our security guild team, which supplements existing software development life cycle practices. It is our job to ensure all aspects of security are considered during the development phase and arrange for external penetration testing before release.

How big is your team? Do you outsource where possible?

I am fortunate to be part of an ever-expanding security team, from the security guild, which specialises in securing and maintaining the availability of the Templafy solution, to the information security and controls team, which protects the entire organisation.

Each team enables us to ensure every facet of our business is looked after by harnessing some of the most competent skillsets available globally. With such great talent on board, we prefer not to outsource.

What are your thoughts on digital transformation and how are you addressing it?

Digital transformation is an essential and inevitable step for companies to modernise and become more productive and, ultimately, more profitable. The ultimate leap of faith companies must take is the switch to cloud-based software from laborious on-premise solutions. This change brings along different ways of working, especially for the IT team. This is where we make the transition to cloud, and digital transformation, a bit easier.

If IT teams are prepared to embrace new technologies and are sufficiently equipped to handle the cloud shift, they will reap the ongoing productivity and resourcing benefits that come with this transformation.

What big tech trends do you believe are changing the world and your industry specifically?

The big tech trend this year, and for the coming years, is the availability of 5G. The possibility of faster speeds and more reliable connections on mobile devices brings exciting opportunities for mobile working.

If we want to encourage digital transformation and the switch to cloud-based solutions, the supporting infrastructure, including 5G, is critical for its success. 5G will only enhance Templafy’s offering as the solution is currently available across all devices.

In terms of security, what are your thoughts on how we can better protect data?

We should empower the people who are actually handling the data daily with the right knowledge and tool set to do their job in a compliant and efficient manner. Raising awareness that each employee holds an integral part in the compliance journey of data is imperative. Every employee holds the key to perfect compliance or an utter data breach disaster.

An email containing confidential data ending up in the wrong mailbox can be a simple yet costly mistake. If employees who commit these errors aren’t trained to spot and report them, all other efforts are futile. During awareness training sessions, you should provide examples with real-world security implications, such as common phishing emails received.

To make sure everyone gets the most out of security training, it helps to encourage questions by having a ‘no such thing as a stupid question’ policy. Better protection of data starts from the ground up, and with constant reinforcement of data handling policies and procedures, better compliance can be achieved.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.