I am introducing Questetra every day with such sales talk. In addition to demonstrations, I am talking also about information about the cloud service industry, the BPM industry, and the recent RPA industry. In the talk, I am often asked a question as to the following.
Various organizations raise various alerts regarding “risks of information leakage“, for example,
・As was the case in 2006, Loss/ Misplacement, Theft, and Operational Error accounted for the bulk of incidents. However, it should be noted that Administration Error, attributed as the cause of 8.3% of incidents during 2006, jumped to 20.4% for 2007, reaching nearly the same ratio as Loss/ Misplacement.
Survey Report of Information Security Incident 2007
There are articles where the sensational subjects are covered as mentioned above,
Introducing a Security Governance Framework for Cloud Computing
and also there are some articles with very detailed information. It is difficult to understand which points should be grasped, over “the risks of information leakage“. While organizing the points, I would like to talk about assessments in the risks of information leakage in the introduction of Questetra.
◆ Organization of Points
I suppose that there could be various aspects of “ the risks of information leakage“, I give a short summary below.
In general, we believe that there will be both “operational system of the customers (companies that use Questetra)” and “trust for Questetra“- I organized the points in each box of the figure above. As much as possible, we Questetra want to provide information to customers so that they can have “trust for Questetra“.
◆ Information related to the trust for Questetra
◆◆ Declaration of Safety on the Website
Questetra publicly provides information on the security of services on the website so that you can check it before you use its service as much as possible. We hope you can regard that as the sort of awareness of the company.
Questetra now has not received the third party conformity assessment (2) for ISMS: the Information Security Management System (1).
(1) ISMS: Information Security Management System (2) ISMS Certification standard JIS Q 27001: 2014 (ISO / IEC 27001: 2013)
However, the information on “Confidentiality“, “Integrity“, “Availability“,and “Service availability Records” is disclosed on the website of Questetra.
Our SaaS business is built on our Customers’ Trust. At Questetra, we believe it is important not to distribute or inappropriately use data that belongs to you.Questetra SaaS Security
The mission of Questetra Inc. (hereinafter referred to as the “Questetra”) is “Innovating the world’s business through software”.
◆◆ Use of Questetra
Questetra Service has been used by about 200 companies. We have published some example articles where the companies use the service.
Various companies have been using Questetra after considering whether it suits their security policy.
◆◆ Security Checks of Questetra
The company create a security checklist based on their security policy and request an answer to Questetra. We will answer exactly, however, there are parts that cannot be answered. For example, we have got the following requests.
・ Disclosure of the manufacturer or product name of the mass access detection device
・Disclosure of the attack detection interval and the upper limit of response when mass access is detected
To each request, we response “undisclosed”, due to any concerns about the reduction of service robustness by disclosing the information.The answer to the questions will be “undisclosed”, but we will sincerely answer them including the reasons why they are undisclosed.
◆◆ The Tendency of the Use of Cloud Services
Questetra is capable of system collaboration with various cloud services via API. We are watching the tendencies of cloud services while creating examples of collaborations.
* It is not only for REST API
*You can find more connections with REST API because it has general-purpose connectors
Staff Blog: Examples of Collaborations with Other Systems and BPM Workflow (June, 2019)
Moreover, we use multiple cloud services ourselves within Questetra in various ways such as groupware, customer service, support system, accounting software, development management tool and customer management system.
The knowledge which we have gained in these activities are reflected in our Questetra Service. In other words, our service is roughly accorded to the service contents (tendencies) of general cloud services.
◆◆ Management System of Questetra
You can visit our website for the company information.
We are managing the company so that you can be aware of our proper management.
In addition, if you want to publicly check Questetra’s company information”, you can get Questetra’s “Certificate of Registered Matters”.
*In Japan, The Legal Affairs Bureau serves the following services regarding certificates of registered matters.
- Anyone can acquire them anytime
- The fee is 600 yen for the acquisition of the certificates when visiting the Legal Affairs Bureau. Via online, receipt at the Legal Affairs Bureau: 480 yen, Mail: 500 yen
As mentioned above, there are various aspects of information leakage risk. From our customers, we get the following consultations.
- A request for filling in the security check sheet other companies have created (Hundreds of check items!)
- A request of the permission of a direct visit to the development of Questetra, our operation facilities and conduct of the audits
- A request of auditing not only all Questetra logs but source codes and concepts of settings if they are necessary
We occasionally receive these consultations. There are both that can be answered (the security check sheet) and that can’t be done (we can not show the development /operation site from the aspect of security); we will seriously answer them. We as a Japanese SaaS vendor would like to make efforts every day so that the customers can use our service without any worries. If you have any questions or would like to hear more details, please feel free to contact us.