As companies continue to deploy software that helps them manage their work and increase productivity, so too do they need to manage their security.
To better understand the role that security plays during digital transformation processes, TechRadar Pro spoke with Andrew Filev, founder and CEO of the collaborative work management platform Wrike.
How significant a concern is security during digital transformation processes?
Digital transformation certainly raises the stakes when it comes to security, and as a matter of principle, security should be a top concern for every company. If you’re online, paperless, or connected, then you and your business are at risk of a cybersecurity breach or attack.
Hardly a day goes by that we don’t hear about one security breach or another. Last year saw a total of 1,244 reported data breaches in the US, according to a recent report by the nonprofit Identity Theft Resource Center. While this number was down from 2017’s all-time high of more than 1,600 breaches, the number of compromised records exposing sensitive, personally identifiable information (PII) went up by 126 percent. This doesn’t even include the 1.26 billion non-sensitive records that were also exposed.
This trend, as unfortunate as it is, is unlikely to go away anytime soon, especially as more and more of our lives are played out in the online digital space. Security must be an early consideration for every purchase; both in our personal and professional lives - and that includes IT security practitioners who are making decisions that will impact the security of their company, and potentially their customer’s, data.
We need to transition from being horrified or surprised by every security breach and accept it as the new norm. Once we understand that, we must then accept that there is no such thing as 100 percent secure. We can only work to better protect our data; as well as our customers’ data and reduce the impact and severity of potential breaches if they happen to our company or us.
We need to understand that nothing is truly impenetrable because the moment you believe you are “secure” is the moment you open yourself up to an attack or breach. Security is an ongoing practice and journey. It is the pursuit of security - not by only mitigating the risks of today but anticipating the threats of tomorrow - that prepares us for dealing with the unexpected.
What challenges are enterprises currently facing when it comes to deploying cloud-based enterprise technology?
More than 250,000 organisations have adopted a collaborative work management (CWM) solution by our estimates. Most of these deployments have been in SMBs or with specific teams or departments within enterprise companies, but enterprise-wide deployments are rare for cloud CWMs. Enterprise-wide deployments are the final frontier for cloud CWMs, but enterprise adoption is largely contingent upon security.
Many enterprise companies haven’t been able to get into the cloud software game because their security needs aren’t being met. As a result, enterprises are missing out on all the cloud has to offer: fast, innovative cloud solutions to challenges like scalability, software updates, mobile connectivity, etc.
All too often their hands are tied because they need an on-prem solution that they can control and manage. In an age of mobile devices, remote workers, always-on customers, and lightning-speed innovation, cloud software is no longer optional if you want to remain competitive — even for the most traditional of enterprises and industries.
Why are you addressing security in the collaborative work management space now?
Security has always been a key objective at Wrike, and it continues to be a core priority for the company as we expand into new markets. We have given equal attention to solving work management problems while addressing the security needs of our customers. From local SMB’s up to and including fortune leading enterprise customers.
Security is quickly becoming the competitive differentiator for those in the CWM space, especially those looking to appeal to the global enterprise customer. Concurrently it’s also crucial for those who want to future proof their offerings for SMBs. It won’t be long before the enterprise security requirements of today find their way into SMBs.
Wrike refuses to merely meet the industry standard minimum requirements for security in the enterprise. We’ve understood this from day one, which is why security has always been one of our core pillars, and we’ve continuously pushed ourselves to solve more than just collaboration or work management challenges, but the ever-evolving security challenges for SaaS vendors as well.
Bare minimums won’t fly in the enterprise and SMBs shouldn’t be settling for less either. They need to take cues from enterprises when it comes to something as precious as data.
How does this differentiate Wrike from its competitors?
The Wrike security strategy includes a comprehensive approach across five categories: physical, network, system, application, and people. We are committed to making Wrike the most secure CWM on the market, which is why we rolled out the next wave of new security features on March 14, including a few that enable our customers to be open and collaborative, while also being secure.
Our new customized access roles, access reports, and selective sharing features allow companies to combine open collaboration with access and edit control to prevent data from being incorrectly modified, intentionally or otherwise.
One new feature that I am particularly excited about is Wrike Lock, which essentially allows customer management of encryption keys for all cloud-stored content. We are the only CWM to offer something like this. Wrike Lock makes a cloud CWM a viable option for many enterprise companies for the first time because they are able to own and manage the keys to their encrypted data. Wrike Lock now makes it possible for our customers to control access to their data just as they are able to do with traditional on-prem solutions.
We also announced cloud access security broker (CASB) integration support, which will allow customers to use the CASB offering of their choice to enforce enterprise security policies on their Wrike data. This enables them to quickly spot unusual user activity and better protect data stored in the cloud.
I am also proud to share that Wrike recently completed ISO 27001:2013 certification from the British Standards Institution for all its business processes and the whole of the Wrike application. Wrike’s ISO/IEC 27001:2013 certification demonstrates that Wrike has a complete end-to-end security framework and a risk-based approach to managing information security and further illustrates Wrike’s commitment to a mature and robust security strategy. This certification is the globally recognized standard for the establishment and certification of an information security management system (ISMS).
What security features should companies now expect when deploying enterprise software?
First and foremost, Single Sign-On (SSO), along with effective encryption options, should be a part of every deployment. SSO integration allows for the near real-time management, audit, and reporting on user management from a centrally managed location while allowing all duties to be handled by internal staff. Along the same lines, effectively deployed encryption tools will enable a company’s security organisation to centrally manage and control visibility into company data stored across various systems. With the ability to control user access to internal resources while controlling access to data, these two security features are very effective in reducing potential security threats.
Second, the ability to selectively share and unshare content at a very granular level is essential in organisations that are more dynamic and fast-paced. You don’t want your outside contractor to see too much, but you also want them to get enough to be productive. You want this happening in an environment that puts your business user first - otherwise, they’ll slip into shadow IT territory and sooner or later will use less secure ways to share data. You also need the ability to audit content access periodically, as well as on an ad hoc basis. This allows you to tie loose ends, as well as to deploy targeted user education to reinforce IT policies and guidelines.
Finally, the pace of digital transformation makes it impossible for IT to control every aspect of data and sharing. This makes it increasingly mission-critical that your whole organisation becomes an ally in the security journey, which brings me to a critical point: As a buyer of IT technologies ourselves - with a comprehensive security review process, of course - we’ve seen more than a few vendors that had the features and capabilities we needed, but didn’t place enough focus on security so we weren’t able to move forward with the deployment. Make sure your enterprise software partner is as passionate about security as you are - if not more so.
Andrew Filev is founder and CEO of Wrike.
- The best antivirus of 2019