Walking through my grandparents’ house when I was young, I was fascinated by the antique keyholes in all the doors. The key was a complex shape that reflected the latest in lock design when it was built, but as my big brother taught me, a few minutes with a carefully bent paperclip was all it took to sneak into my grandfather’s office to gain access to his poorly defended candy dish.
Security threats are constantly evolving, as are the tools available to attackers. Defenses which were once considered state-of-the-art are now quickly bypassed. Yesterday’s assumptions can no longer protect your data against today’s threats.
Protecting Your Business: Critical Questions to Ask of SaaS Providers
When selecting a SaaS provider for your critical business processes, it’s essential to carefully consider their approach to security.
Does it rely on traditional controls, or does the service constantly monitor for the latest threats and vulnerabilities?
Is the service independently assessed to assure that their controls are effective against modern exploits?
Do they follow a Secure Software Development Lifecycle (SDLC)?
Secure Development Lifecycle: One Click Deeper
You wouldn’t board an airplane that had never flown before, why would you trust a SaaS platform which hadn’t been thoroughly tested?
An SDLC is a process for planning, creating, testing, and deploying changes to the service in a carefully managed, controlled way. This is critical to ensuring that new features and capabilities aren’t introducing bugs or weakening the service’s security controls.
At Smartsheet, we monitor industry sources for any newly developed threats including vulnerabilities, vendor disclosed flaws, and emerging attack vectors. All of these undergo risk analysis and remediation efforts are prioritized based on the outcome of this risk analysis.
Our systems are architected on Security Enhanced Linux in Enforcing mode to tightly constrain actions within our production environment to block intrusion and malware before it can gain a foothold. Smartsheet also adheres to a rigorous Secure Development Lifecycle (SDLC) which ensures code changes must undergo a security review and receive management approval prior to deployment to Production. All changes are documented and approved prior to the change being implemented. This process ensures new features can be deployed in a controlled way that doesn’t put customer data at risk.
We’re also independently penetration tested and SOC2 Type II assessed annually to ensure that our practices are properly deployed and effective. We focus on safeguarding the confidentiality, integrity and availability of your data so that you can focus on growing your business and have one less thing to worry about.