Security - How We Protect Your Data | News

_{Andrew Knock,}
_{Chief Technology Officer}

‍

My colleague, Ian Gillot (Titan’s CIO), wrote an article for our DRIVEN newsletter in January discussing the automotive hot topic of cybersecurity, and he gave an extremely useful guide on how to best protect your business from outside threats (see Ian’s article HERE).

But what about internally at Titan? We’re a software company that powers business transactions, so what are we doing to counter the risk? What measures do we have in place as a platform (and a business) to provide those safeguards as an integral part of our service?

Safeguarding data is obviously one of our core responsibilities. And, whilst Ian rightly pointed out in his article, “Making it [data] impervious to attacks is something that even mega-corporations such as banking institutions and the military have been unable to achieve.“, there are plenty of actions we can take to build security into the system and its usage.

I’ll explain how we deal with three of the main topics below. I won’t go too deep into the technical aspects but if you’d like to know more, you’re welcome to get in touch for a further discussion.

ARCHITECTURE

Let’s start with our platform architecture, ie the framework on which our software lives. As a modern company (established in 2005) we are fortunate to suffer less from a significant issue common to older software businesses – aged legacy systems.

Technology gets old fast and the longer a software product has been around, the more likely it is to have been built on a framework unsuited to modern requirements and with potential security concerns.

The Titan DMS security benefits from the foundational technology on which it is built (see below). Hosting on Amazon AWS and building with the Microsoft suite means we benefit from the latest in secure and flexible enterprise software and can be sure these suppliers will continue to develop their products and security to tackle new threats as they become known.

Building on a solid base is the starting point for system security.

Further to the architecture, our Dealer Management System also benefits from being built with a layered architecture, from the data layer through to the presentation layer.

Top line, this offers “Separation of Concerns (SoC)”, meaning layers of our software are independent, allowing for the substitution of software in a segmented manner should that be necessary for best practice. i.e., we can replace the tyres when they’re worn, we don’t need a whole new car.

This separation allows progression flexibility, meaning we can upgrade our system to meet the changing needs of the market more easily and it also makes the opportunity for security breaches significantly more challenging.

TECHNOLOGY

Technology is at the heart of what we do. It’s a huge and complex aspect of our products and our business (and a neverending journey of development) but two key elements that are worth highlighting for the robust protection they provide are:

IP Whitelisting – Access control to our systems is maintained through a strict IP address approval whitelist. This means only authorised devices can communicate with our network.
Data Encryption – We employ robust encryption algorithms to ensure that stored information remains confidential in transit. The data is encrypted and transmitted by HTTPS, protecting sensitive data from unauthorised access or interception over networks.

Across networks, the combination of IP whitelisting and HTTPS provides enterprise-level security against unauthorised data access. These two elements alone provide a significant security benefit to your data.

PRACTICE

The third element of our security protections that I’ll cover, and one of the biggest contributing issues to data breaches in business, is the behaviours and practices of the people using the software in both the front and the back end.

Three actions we employ to mitigate that risk are:

Separation Of Duties – Our IT staff adheres to the principle of duty segregation. By distributing responsibilities across different team members, we prevent any single person from having unchecked control over critical processes. This minimises the risk of errors, fraud, and compliance violations and increases peer responsibility. This principle can be successfully applied by the end user as well, particularly where finance is involved.
Cybersecurity Training – We regularly train team members in cybersecurity best practices. Separation of duties combined with regular training ensures a second and third layer of checks and balances in the stage before data access.
Password Policy – A regular password change policy is a core component of onboarding and training. Titan DMS enables strong password rules and regular user prompts to update passwords, ensuring outdated credentials don’t compromise security. This, in itself, could be a valuable standard practice for every business.

I know these seem like simple steps but they are achievable and you would be amazed at how effective they can be in protecting your systems, data, and business from cyber attacks.

There are, of course, a significant number of other contributing factors to the security of the Titan DMS system but I did promise to keep it manageable and digestible!

We’re more than happy to dig deeper into any part of our security in one-to-ones but, by sharing the above, I hope to have given you an overview of the structural benefits and simple steps we take to secure your vital business data.

Don’t hesitate to reach out if you’d like more information.

Best Regards

Andrew

_Bio:_{Andrew has a blue-chip background in finance and software from both a development and management perspective. Years spent with the Treasury, Macquarie Bank, and QSuper in particular have given him a huge amount of experience on the topic of software security.}

_‍