3 Ways to Assess Process Security
In today’s post, I’ll help you understand what process security features you should consider to help you choose an underlying platform for your business.
20 May 2014
It’s safe to assume that almost every company knows it should keep security top of mind. Many businesses turn to enterprise-grade file sharing and collaboration solutions to help mitigate the risks associated with information sharing, while increasing productivity and efficiency within their organization.
When choosing a secure solution for your business, you’ll need to consider many factors. To feel absolutely confident in your solution’s underlying platform – the essential foundation of secure content sharing – you’ll need to take a three-step approach and assess application security, infrastructure security and process security.
Last week, we shared a few requirements for effective infrastructure security, where you learned what type of capabilities your platform must include, such as 256-bit AES (Rijndael algorithm) encryption, business continuity capabilities, personnel security, certifications, third party validations and audits.
In today’s post, I’ll help you better understand what process security features to consider so you can be well on your way to choosing the right platform for your business.
When assessing process security, the first step is to look for a solution with change control. Change control helps to increase infrastructure stability while preventing the introduction of new vulnerabilities during a product release. You’ll want to know what change management processes your vendor follows, such as ITIL or similar IT best practices. Make sure to ask how product releases are obtained by or distributed to end users as well as to what extent product releases are backward compatible.
Enterprise Scale Implementation and Operational Processes
Enterprise scale implementation and operational processes capabilities help ensure system availability, reliability, stability and integrity while helping to decrease the risks of business disruption. Ask your vendor if it can comply with your quality management practices and processes.
Restricted Access to Vendor Personnel
If you want less eyes on your sensitive information, consider looking for a provider who can restrict access to vendor personnel. Know in advance who would have access to your data, and find out if an audit log is maintained (either self-service or on demand) so you’ll know at all times who is seeing your information.
I hope by now you've gained a better understanding of what requirements you should look for in an underlying platform. Next week we’ll cover everything you need to know about integration. Stay tuned to our blog!