The data security of Quintet24
Extremely high security standards at Quintet24
Data security knows many names in the age of digitization. Logically, because the topic is an absolutely central topic. The Quintet24 team takes the needs of users with regard to data security on the platform very seriously. But what do the measures actually look like? We spoke to Mr. Alex Zimmermann (A.Z.), Quintet24’s data protection officer.
Interviewer: Hello Mr. Zimmermann, thank you for your time. We would like to talk to you about the data security of the Quintet24. The platform depends on data, of course. Can you tell us what data is processed in Quintet24?
A.Z.: That’s not so easy to answer right away. Data is always multi-layered and rarely one-dimensional. The question is, of course, where do you start and where do you stop? I’ll just try to give you a rough outline. Logically, the data of the users who register is processed – i.e. name, e-mail address, etc.. But the customer data, i.e. the data of the stores, also plays a major role. This starts with the delivery addresses, through the telephone number to the fax number if available. Articles must also be integrated. And articles are of course nothing more than data, for example prices, sizes, colors, etc. In some cases, manufacturers also send us EAN codes in order to be able to clearly identify an article. And all this data is of course also usually provided in a language-dependent manner.
Interviewer: And how much data are we talking about? Can you give us a house number or a comparison?
A.Z.: Here I have the same problem as before, but I’ll do my best (smiles). We currently have around 25,000 registered users at branch level. Of course, the number varies from month to month, but fortunately it is always increasing. All brands together have invited around 480,000 retailers with over 1,000,000 delivery addresses. Of course, it has to be said that many dealers are counted twice, depending on whether manufacturer A has invited them after manufacturer B has already done so a few months ago. Furthermore, we currently have about 280,000 articles in the system with over 10,000,000 data records regarding the price structures. I could go on forever, but most of the other data is linked to the data just mentioned. If you count every tuple (editor’s note: tuple = one row in a table), you’ll probably come up with a three-digit million figure.
Interviewer: Wow, that’s quite a lot. However, this raises a central question: Many people are justifiably concerned about the security of their data on the Internet. What does Quintet24 do to protect the data?
A.Z.: Yes, most people underestimate what data has to be traded in the background. You wouldn’t even guess that at first glance at the surface of the platform.
The protection of this data is of course very important to us. On the one hand, of course, for legal reasons, but on the other hand also against the background that we, as a software company, see ourselves exposed to an unacceptable loss in the case of a data leak. In this respect, data security is an absolute prerequisite for the survival of our company and is therefore in our very own best interest. That is why we rely on the most up-to-date standards available.
In concrete terms, this means that we store all data in the cloud servers. Data loss due to local hardware damage or hacker attacks can therefore be ruled out. The cloud servers themselves are located in Frankfurt, Germany. We’ve chosen a German location because the security standards in Germany are among the best in the world – so the servers are also secured in the best possible way. Additionally, backups are made every hour, so nothing can get lost. The servers themselves are also constantly updated – always on the pulse of time.
A very important factor for data security is the 2-factor authentication. That’s why we decided to provide this functionality to all users in Quintet24 from the end of September. If this function is activated, the password is no longer sufficient for the login. In addition, you will receive an automatically generated one-time password, for example by mail. This makes it almost impossible for foreign users to “hijack” the user’s account.
Now I have already addressed the next topic: The 2-factor authentication will be activated at the end of September. The activation will be part of the next update of Quintet24. For this roll-out, we have a sophisticated process: We test this update very intensively, but not in Quintet24 itself, but in a copy of the platform, to which only our company and selected users have access. This testing phase usually lasts several months. This way we can identify and implement optimizations in time.
In addition, our house including all products, including Quintet24, is checked within the framework of system audits. This inspection is carried out by the TüV.
Of course, there are many other security aspects, but they would go beyond the scope of this article.
Interviewer: Finally, one more question: What contribution can users themselves make to ensure the security of their data? Do you have any recommendations?
A.Z.: Users themselves can actually do a few things to protect their data as good as possible. I recommend activating the 2-factor authentication mentioned above. And in addition, the passwords for logging in should be as complex as possible. That means at least 10 characters, including special characters, numbers, upper and lower case letters. Even though this is nothing new, of course, but passwords like hello1234 are not secure. In addition, you should always keep your own computer/laptop/tablet/mobile phone as up-to-date as possible, i.e. carry out system updates – even if they traditionally always come when you don’t have time at the moment (laughs).
Thank you for the interview! That was very revealing.