The 4 Critical Delivery Areas for Robust Cybersecurity Practice by CX and Insights Software Providers — Maru Group
By Ged Parton, Chief Executive Officer & Carlos Palacio, Chief Information Officer
Questions of Cybersecurity and Compliance are rarely out of the headlines these days. It is a serious set of issues for Enterprise working with Software vendors. For the vendor appropriate delivery requires a serious commitment in resource, policy and continuous assessment.
To help Enterprise inform thinking on the suitability and credibility of Software vendors we have defined below the four main themes that should be evidenced by CX and Insights Software providers.
Maru makes these issues a priority by a unique proactive approach based on the themes of Govern, Protect, Detect and Respond.
To attest to our credibility on this subject we hold 3 ISO27001 certificates: for Research and Consulting, Sample and Data processing and for our HUB Software Ecosystem respectively. Our Software Ecosystem and Maru as a company is GDPR, CCPA, HIPPA Business Associate compliant.Our Software Ecosystem is WCAG 2.0 AA and ADA compliant.
Software vendors must Govern to identify and manage security risks to protect the confidentiality, integrity and availability of data
The integrity of the data is key for us at Maru and the work we do, as such data can not be altered during transit or at rest and our HUB ecosystem can not be tampered by unauthorized entities.
All access to data is governed by APIs and self-contained applications that are part of the Ecosystem, each application can only access the portions of data that they have the right to see and use.
We would encourage Enterprise to expect Software vendors to demonstrate that they:
- Encrypt information during transit and at rest in the corporate environment as well as in their Software ecosystem.
- Ensure information can only be accessed by those who are authorized to view the data, essentially on a need-to-know basis
- Store information appropriately according to the region requirements and so ensuring full compliance with the most sophisticated needs of geographical data residence
The Maru Software environment delivers in each of these areas and more. Our ecosystem is highly available and fully redundant (active-passive) in multiple zones for each of the geographical regions where services are provided.
The Maru ecosystem has embedded Security and Compliance elements including electronic DPR — Data Processing Register as part of the Ecosystem Management interface.
Our Head of Security and Compliance in conjunction with our Chief Technology Officer and our Chief Information Officer give direct direction and leadership regarding Cybersecurity. Formal reporting cycles exist to create policy and enforce implementation. This governance is led by Maru Global Executive Committee members ensuring governance and visibility through our organization.
Software vendors must have rigorous controls to Protect against ever increasing and changing real world threats and risks
We would encourage Enterprise to expect Software vendors to demonstrate that they have adopted a thoughtful and robust approach to hostile actors.
Maru has a substantial protection strategy in place to focus on risk reduction. We would expect any Software Vendor to follow some of our key protocols. The Maru Software Ecosystem and Corporate Systems:
- Protected by next-generation Firewalls and Web- Firewalls
- Delivered and supported only by heavily vetted trusted partners
- Configured in a way that their attack surface is reduced to the minimum expression
- Use Multi Factor Authentication Technology (MFA) to ensure that digital users are who they say they are by requiring at least two pieces of evidence to prove their identity
The protocols themselves are core, of course organizational staff are an equally foundational part of the Cybersecurity strategy and as such at Maru our team receives a monthly security awareness training as a part of our holistic commitment to security.
Software vendors must have frameworks and approaches to Detect and understand all Cybersecurity events
The real-time analysis of the performance of the security controls in place to protect the Software Ecosystem and the data is essential to stay alert and vigilant.
There is a continuous need to combine security information with security event management to review, assess and act on alerts generated by applications and network hardware.
Maru has made significant investment and continues to make investment to detect hostile activities. We would expect any Software Vendor to have an approach to Detect and understand Cybersecurity events. Ideally this should use frameworks and technology to ensure Cybersecurity events and any anomalous activities are detected, collected, correlated and analyzed real-time using next-generation Security information and event management (SIEM).
Software vendors must be totally prepared to Respond with systematic rigor in the case of an event
In those instances where Cybersecurity is compromised companies need to show robust preparedness through preplanning and documented process.
We would expect any credible Software Vendor to follow the tenets of our Respond approach. In the rare case of an event, Maru has a clearly documented process for responding and recovering from Cybersecurity incidents. These processes include:
- Clear process/guidelines to identify, report (internally and externally) any Cybersecurity incident or event
- Clear process/guidelines to contain, eradicate and recover from any eventual Cybersecurity incident or event
- Robust BCP (Business Continuity Plan) and Disaster Recovery Plan (DRP) fully tested at a minimum once a year
Overall, Maru is a company with a serious commitment to Cybersecurity. We believe that this is an essential part of being a true partner to the Enterprise. After all, every customer and their data is important to our Enterprise clients and to us.
It takes a real focus, dedicated resource and continuous investment in the area of Cybersecurity to be a credible Software vendor. To start a conversation about how a trusted vendor like Maru can help your organization navigate the challenging times ahead contact us today.
Originally published at https://www.marugroup.net on March 23, 2021.