An outsourcing company should always be very careful around information security, since most of our projects are not even allowed to be disclosed in our portfolio. This is why, apart from programming, our everyday work involves fighting the potential dangers of information leaks, selecting and appointing reliable project teams, and playing darts.
Three aspects of information security
The legal aspect | Since flash drives and the Internet are indispensable in our work, the danger of information leaks through Skype, email and external media arises. Rigorous technical monitoring requires a lot of time and is unpleasant for employees. This is why legal data protection tools are preferable for custom development or software sales. Requirements on information storage and destruction as well as sanctions for the violation of these requirements should be outlined in an agreement. Each employee is accountable to the company and signs an NDA (non-disclosure agreement), which is standard practice in the world. In addition, we have experience in carrying out secret development, which costs twice as much. Employees have a right to refuse participation in such projects. If a worker doesn't mind taking on greater responsibility, they can sign an additional agreement and in turn will receive a reward which is sometimes as much as the basic pay package. | ||
Technical aspect | At EDISON we have differentiated access to information blocks. For example, if a project consists of a server side and a mobile application, the developer of the latter will have access to the source code of the mobile application only. The same applies to project documentation: a mobile developer is unaware of tasks not connected to the application. Access to all resources (project management system, source code repository) is granted only via encrypted protocols with complex password authentication. There are logs of changes to the project and source code management systems, as well as a VPN access control log and server access log. | ||
Organisational aspect | Every programmer can use only his own workstation, with access granted using a smart card and network access. If a project team needs access to a client's server it is granted only to the lead developer. When a worker receives login credentials to access the client's servers or backend servers, a register is kept of the usernames and passwords provided. In the case of a worker being dismissed, the register is checked and the credentials are altered. |
Access
Access to client's resources. New employees are never assigned as the lead developer or sole developer on a project. During probation, they either work independently on small projects or under the guidance of an experienced team leader.
Access to internal resources. Access to the server room and delegation of administrative functions are conducted in the same way. A new person, even a highly-qualified specialist, can't carry out these functions – at least three years of experience working in the company is required. This is not just a technical issue, but a psychological one (involving an HR manager and CTO) where a decision about the person's reliability is arrived at collectively. Even after this, the delegation of tasks and granting of access level increases takes place gradually. Access to the office is restricted using a control system based on proximity cards.
There is video surveillance in key areas of the office. In most cases it helps to prevent violations rather than being used in the investigation of incidents. It stands to reason that it is better to prevent a problem than to tackle it later.
But, of course, things do happen…
The video is stored in a cloud video service and the collected material cannot be deleted.
Why we don't like open spaces
There's an opinion that working in open spaces increases productivity. Even Mark Zuckerberg records videos in his new office, a huge open space. It is a very convenient view, as you can accommodate a large number of people in a space smaller than would be needed to create individual workspaces. From our perspective, a large hall with a vast number of people working on different tasks, divided by almost cardboard partitions only creates the illusion of personal space, without aiding concentration and in fact leading to irritability. People who work in open spaces even put up notices: “Please don't approach me from behind” or “Please knock”. This tells us a lot. We don't want our developers to be constantly worried that anybody could disturb them at any moment, breaking the concentration that is necessary to work.
The developers who create intellectual property, which is our main product, are our key resource and the driving force of production. That is why workspaces for programmers are organised in such a way that they are not bothered by other employees who, though they are also indispensable to the company, are working on other tasks and can be distracting.
Programming is a creative process which requires immersion and concentration. For instance, you can't program while in the same room as call centre workers. This is why at EDISON we have a strict physical division of those who communicate with customers (support team, sales managers, accounting) and those who code software. There are no office phones in developers' rooms and personal mobile phones are set to silent – this is an important rule for us!
We believe that there should be a maximum of four people in one room. Programmers are for the most part introverts. Few of them require constant communication or wish to share their feelings with others.
This is why groups of three to four are ideal, providing natural communication throughout the working process without people being distracted from their tasks. If there are more than four people in a room, it's hard to concentrate: a lot of movement creates many distracting sounds.
Besides, there is a separate room for socialising where employees can gather and chat over a cup of tea.
Short breaks during the day contribute to a quicker return to efficiency and concentration. The relaxation room is equipped with the essentials: a stocked refrigerator, armchairs and a sofa. We have also installed a small pull-up bar – exercising and stretching can be a good idea when you have a sedentary job. The employee favourite, however, is the dartboard.