When working with third-party data, security trumps trust

What does security look like for services that support key corporate processes of major brands? See how GRiT approaches it

Main photo for this article.

Companies today are not only concerned with digitizing processes. It is equally important to be sure that the systems and environments on which companies operate remain reliable even in times of increased load or unexpected events. It is then that the quality of the environment on which the company's operations are built becomes clear.

Security is therefore an integral part. In GRiT solutions, we work with customer data, which is the basis of key company processes. With this comes responsibility for their stability and reliable operation. We spoke with GRiT CIO David Snášel about how security is managed in the company and why it is part of the design and operation of services.

What do you think would change if security was not an integral part of our solutions?

For solutions that support key business processes, security has a direct impact on the customer's operations. Our systems work with data, which companies use today as one of their most valuable resources - often referred to as the oil of the 21st century. If this data is part of a company's daily processes, its security naturally becomes a key condition for reliable operation.

What was considered sufficient security years ago is often no longer sufficient today. As technology evolves, so do attack methods.

In addition to DDoS -type overload attacks, ransomware attacks or new models such as ransomware-as-a-service or phishing-as-a-service are emerging. These allow relatively sophisticated attacks to be carried out even by people without deep technical knowledge.

If security were not an integral part of the design of our solutions, we could very quickly become the weak link in our customers' supply chain. And that would mean a risk not only for us, but especially for their business and their data.

How is security managed at GRiT?

Security is a long-term managed area for us. We have dedicated roles dedicated to it, and we also allocate a budget each year to address current threats.

Standards and certifications also play an important role. We have had ISO 27001 certification for ten years. Originally, it was focused only on the ORiON EDI electronic data interchange solution, but we gradually expanded it to all of the company's services.

This means that all of our web applications today work with security mechanisms that are appropriate for current threats.

This approach also includes regular audits and penetration tests . These simulate real-world attacks and help uncover potential weaknesses in systems. Each such test brings new insights and leads to further improvements.

How specifically does security enter into the development of our products?

We address security already in the design phase.

When developing new features, we work with the principle of secure by design . This means that security is not added after the fact, but is part of the solution concept itself.

Security architects and security managers are involved in the development, who participate in the design of new modules and functions. Thanks to this, security standards are reflected in the product architecture itself.

What are the things that customers usually don't see?

Security is not just about technology. For example, it is important that the company's top management is actively involved in security issues. Management participates in audits, monitors results and supports security initiatives within the organization. In addition, we also try to develop security awareness among employees.

The approach of the entire company is gradually changing - people are starting to perceive safety as a natural part of their work.

If you had to explain the main point of security in GRiT in one thought, how would you describe it?

Security is all about building resilience. There is no such thing as 100% security. The idea is to monitor current threats, respond to them, involve people in the company in security, and gradually increase the level of protection.

This allows us to create products that are safe while remaining a reliable part of our customers' supply chain .

Are you dealing with invoice approval?

30 minutes, no obligation. We will show you how iNVOiCE FLOW fits into your ERP.

You might also like

Mandatory e-invoicing in Slovakia from January 1, 2027: what is a digital postman?

How will receiving and sending e-invoices work in Slovakia? Learn about the role of the digital postman | GRiT

Why doesn't headquarters see costs on time? Late invoices from branches distort closings and decision-making

Invoices from branches can distort costs and cash flow planning. Find out how to unify their circulation | GRiT

Is your retail business growing? Then you may also have a growing problem that you don't see yet.

EDI creates a unified communication infrastructure for suppliers. Gain control over data and grow your business | GRiT