Back in the day, if a vendor had installed a firewall, his customers felt secure. Things were simpler then. But, over time, as organizations collected and maintained more and more consumer data, including personal and financial data, that data became a highly tempting target for hackers and fraudsters. Additionally, companies began to leverage the consumer data they collected in ways not envisioned by the individuals providing it, resulting in unsolicited and unwelcome promotions and offers. Today, data usage hypergrowth (legal and illegal) has created serious challenges for the organizations securing that data.
Every transaction we conduct creates data, from email exchanges with family or friends, to purchases at the grocery store, to transferring money between online bank accounts, to making a post on social media, and on and on. Businesses, individuals, and regulatory entities are increasingly demanding clarity and transparency about how data is used and protected by vendors entrusted with that data.
Today, protecting data with a single firewall is simply not enough. Organizations that want to secure their data at the level expected and demanded by consumers and businesses can select and implement multiple technologies and security controls like encryption (in-transit and at rest), Data Loss Prevention (DLP) software and processes, authentication and access controls, end-point protection, and many others.
But is technology enough? Based on my experience, technology is not enough. You must also invest in the human factor. Why? Successful hackers and fraudsters are very good at using social engineering to make their interactions seem reasonable and real, even when the person sending an email or controlling malicious code on a website isn’t who they pretend to be.
As the Head of Cyber Security and Governance, Risk, and Compliance (GRC) at ControlUp, I believe that protecting our customer’s data begins with keeping it secured with best-in-class technology. To that end, we designed ControlUp with multiple layers of protection, including monitoring, encryption, and application-level controls that are distributed across a scalable, secured infrastructure.
As important as our technical approach is our employee’s commitment to security. Every employee at ControlUp is committed to the confidentiality, integrity, availability, privacy, and protection of our customer’s data and to delivering service continuity. We all understand that information security is crucial for our customers’ business operations — and our own success. These principles govern us and the way we conduct business. We reinforce our commitment with ongoing employee education to keep security top-of-mind with every member of the ControlUp team.
I know that while there’s no bulletproof solution to cloud data and service protection, every ControlUp employee strives to exceed customer expectations to ensure that ControlUp’s services are secure, reliable and trusted.
That’s why we’re releasing our new SOC 3 report today. The report can be freely distributed to the public for general use and is based on the American Institute of Certified Public Accountants’ standard criteria for security, availability, processing integrity, confidentiality, and privacy.
For more information about ControlUp’s security controls and protections, please visit ControlUp’s Security Page.