Establishing a Culture of Security in an Organization

Published in Silicon Republic on October 18, 2019

See published article here.


Martin Kurpiel is the senior vice-president of Valid, a global technology provider that offers a robust portfolio of payment, mobile, data and identity solutions. Here, he discusses the importance of engendering a culture of security in an organisation in order to successfully safeguard data.

Tell me about your own role and your responsibilities in driving tech strategy?

In my role at Valid, I am responsible to ensure that the technology resources are aligned with the company’s business needs in supporting internal and external clients. I manage the Valid technology teams, which include IT Infrastructure, software engineering, database development, data analytics and the project management office (PMO).

Are you spearheading any major product/IT initiatives you can tell us about?

Due to the demands of our clients and the pace of change in our industry, we are continuously evaluating and making upgrades to our security, hardware and software environments. Valid is currently undergoing a large IT infrastructure refresh. We are upgrading to the latest in high-performance, high-security systems to continue to lead in the delivery of quality data services.

In addition to the IT infrastructure initiative, our larger projects include the enhancement and development of the following products, such as an enhanced API-enabled framework to support SaaS and third-party connectivity, development of the next generation of a managed persistent ID solution, and extending our depth and breadth of our analytics product suite, which includes the latest trends in AI and machine learning (ML).

How big is your team? Do you outsource where possible?

My team of over 150 professionals supports five locations and three data centres in the United States. We currently do not have the need to outsource.

What are your thoughts on digital transformation and how are you addressing it?

Digital in the marketing world has gone beyond buzz to be commonplace; it is all about the ‘customer journey’. Valid has a blend of self-developed solutions along with collaborating with industry leaders to provide their clients best-of-breed solutions to be able to reach customers with the right content, at the right time, via the right channel.

As part of our development activity, we are enhancing our API platform to facilitate the ingestion and dissemination of digital data via omni-channel ‘pipes’ to internal as well as external partners and services. We are also utilising our ‘continuous data integration’ engine for stitching the online and offline data into a composite customer view. This view is critical for our clients since it provides analytics and insights to our clients’ customers and how they interact with their brands.

What big tech trends do you believe are changing the world and your industry specifically?

The ever-increasing volumes of data coupled with the requirement of continuous data integration has driven Valid to provide leading edge solutions that leverage the latest emerging technologies such as CDP, AI, IOT and ML. We’re currently utilising these technologies across multiple business verticals and clients in solving their real world challenges.

In order to continue to provide the robust product offering that the industry demands, my challenge is balancing an Agile organisation along with evaluating emerging technologies that will ultimately be leveraged in our technology stack.

In terms of security, what are your thoughts on how we can better protect data?

My thoughts on security centre around three functional areas: physical, logical and human resources. At Valid, we must comply with several security standards including ISO 27001:2013, SOC 2, PCI, GSMA-SAS, HIPAA, GDPR and CCPA. We undergo over 28 security audits by third-party auditors annually, and have an internal audit team that is dedicated to ensuring we are meeting these standards.

How can we better protect data? It is establishing a culture of security being part of your DNA. It starts with educating your teams. From the very basics of where the data must reside to recognising phishing emails, education is necessary.

Then, it’s down to building out highly secure data centres, the use of encrypted systems from the storage to the network paths, and constantly testing, verifying and validating security protocols.

When utilising the cloud, do not just take the providers word regarding security, but validate it. Make sure the pipes to and from the cloud solutions are locked down and monitored. Finally, proactive threat monitoring and detection within our intranet and extranet is paramount to the security of the data that we are entrusted with.

Conteúdos Relacionados

Related Content

Contenido Relacionado