How to reconcile speed and cybersecurity in the startup world?
We move quickly and offer new things to accomplish our mission. How can we reassure our clients' CIOs, who remain legitimately attentive to a small structure like ours?
At Ask for the Moon, we apply three simple principles.
A clear risk profile
We defined a clear risk profile: that of the leak of our customers' data. These should be protected above all else with us. What about a theft of our source code? Compared to what Framatom, Airbus, SNCF tell us... that would not be so serious.
Reasonable cyber practices
On the other hand, we adopt the most reasonable cyber practices, but which slow down daily work the least. For example, locking your screen when you leave it, having an up-to-date OS, connecting to SSO tools, sending phishing test emails, etc. Through such simple practices, we are convinced to reduce cyber risks to an acceptable level.
Open exchanges on our practices
Finally, we are convinced that it is essential for everyone to report any discrepancies they notice in their work, whether of their own doing or not. To this end, we apply an open communication policy inspired by the world of aeronautics and its renowned “BEA”. The unintentional wrongdoer will be forgiven if they adopt a transparent approach, so that we can all learn from our experiences.
ISO27001 as a strategic lever
We have worked hard to become better: from the inventory of our service providers to the precise management of our infrastructure. Today we are proud to announce that Ask for the Moon has obtained its ISO27001 certification.
The ISO/IEC 27001 standard provides organizations of all sizes, regardless of industry, with guidelines for establishing, implementing, maintaining, and continuously improving an information security management system.
Compliance with ISO/IEC 27001 means that an organization or company has implemented a system to manage the risks associated with the security of its data or the data it processes, and that this system is in accordance with the best practices and principles set out in this International Standard (stream).
The certificate is available at This link.
This stage is just the beginning: we see cybersecurity not as a constraint, but as a strategic lever that sets us apart from the competition and strengthens the trust of our customers in the long term.
