COVID-19 and climate change are two examples of crises that affect everybody, and make everybody talk about disaster management and the need for strong systems to avoid the worst. Unfortunately it's human nature to forget the bad times as soon as they are over, and turn back into the proverbial grasshopper who spends the good times enjoying himself and makes fun of the ants' preparations for winter.
Likewise, it's easy to talk about the need for resilient, reliable systems and strategies when disaster is staring you in the face, but as JFK once said, "The time to fix the roof is when the sun is shining," which is where U'need'security comes in.
The (ISC)2 Code of Ethics: Our core values couldn't be expressed better than they are in one of the canons of this code by which we are bound:
"Protect society, the common good, necessary public trust and confidence, and the infrastructure."
Thinking long term
We look for ongoing cooperation during which we strive to earn and keep our clients' trust, while thinking about the future and not sacrificing long-term value for quick results.
We aim to educate our clients and empower them to take the right decisions for their business. We will respectfully challenge decisions with which we disagree, even if it is uncomfortable for us to do so. Once a course of action has been determined we will commit wholeheartedly to making it happen.
"Keep it simple"
Experience has taught us the value of well-constructed, standards-based, simple solutions. Complexity enlarges the attack surface, and increases maintenance costs.
Finding ways to simplify our approach and use standards wherever possible reduces the maintenance costs of the production environments, on which we normally work, over the many years of their life.
Being creative and open to change (sapere aude)
We don't do something just because "that's what we've always done". We actively adopt new ideas from anywhere and everywhere if they fit with the solution that is needed. We dare, and indeed expect to innovate and invent where necessary, to ensure continual improvement.
Using (the Highest) Standards
Standards are used as a metric of success and professionalism. Low standards help nobody but lazy or incompetent people who are afraid to set the bar too high.
Our experience tells us that standards benefit our work, and as a result we are continually raising the standards that we work to, enabling us to deliver high quality, products, services and processes.
Computers were invented to serve us. We use and re-use automation wherever appropriate to configure and administer services and implement security profiles.
Automation-driven analysis and threat management is our core business.
If these values feel familiar, it is because they are very much inspired by the
AWS Leadership Principles
This reflects the fact that many aspects of the way in which AWS implements security are outstanding. With only a few exceptions, it reflects best practice - hats off!