18.3 C
Friday, May 24, 2024

Striking the Balance in a Complex World

Must read

Khushbu Raval
Khushbu Raval
Khushbu is a Senior Correspondent and a content strategist with a special foray into DataTech and MarTech. She has been a keen researcher in the tech domain and is responsible for strategizing the social media scripts to optimize the collateral creation process.

Delve into Stravito’s multi-layered strategy for secure user access and insider threat mitigation within their complex ecosystem. See how Marcus Södervall, Head of Security, prioritizes the least privilege, SSO, and more.

In today’s ever-evolving digital landscape, organizations face constant security threats. Striking a balance between robust security, responsible data practices, and user-friendly access is a delicate dance. Join us as we chat with Marcus Södervall, Head of Security at Stravito, to delve into their unique approach to security that leverages automation, prioritizes data privacy, and safeguards a complex user ecosystem.

This interview will explore:

  • Stravito employs a powerful combination of automation and human expertise for swift security responses.
  • How they balance data privacy regulations (GDPR, CCPA) with gaining valuable business insights.
  • Their multi-layered strategy for secure user access and mitigating insider threats.
  • Their proactive approach to vulnerability management and risk mitigation.
  • The major cybersecurity concerns they address and how they stay ahead of the curve.

Excerpts from the interview; 

How does Stravito combine automation and human expertise for fast, effective security responses using the tools and technologies it employs?

Stravito leverages a powerful combination of automation and human expertise to ensure swift and effective security responses. We use an advanced cloud-based platform that continuously monitors our infrastructure and platform using pre-defined security rules and anomaly detection. This platform automatically flags potential security threats for human analysis by our experienced security team. We take immediate action to contain and mitigate the risk upon confirmation of a valid threat. This combined approach allows us to respond quickly and decisively to security incidents while minimizing the potential impact.

How does Stravito balance data privacy (GDPR, CCPA) with business insights?

Stravito prioritizes responsible data use and adheres to GDPR and CCPA regulations by:

  • Minimizing Data Collection: Limiting personal data utilization across our platform, ensuring it’s only used for crucial purposes and in designated areas.
  • Robust Security: Implementing encryption for both data transit and storage.
  • Granular Access Controls: Restricting data access to authorized personnel with legitimate business needs. We also log and regularly audit access to maintain up-to-date permissions.
  • Vetted Service Providers: Conduct due diligence on partners and establish contractual data processing and transfer safeguards.

These measures demonstrate our commitment to responsible data practices and enable us to gain valuable business insights while respecting user privacy.

How does Stravito ensure secure user access in its complex ecosystem? What strategies mitigate insider threats?

Stravito prioritizes a secure user access environment within its complex ecosystem through a multi-layered approach:

Access controls:

  • Least Privilege: Users only have the access permissions necessary for their roles, mitigating unnecessary vulnerabilities.
  • Single Sign-On (SSO) or Multi-Factor Authentication (MFA): Streamlined access with additional security layers where SSO isn’t feasible.
  • Segregation of Duties: Privileges are dispersed across personnel, minimizing the impact of potential insider threats.

Monitoring and awareness:

  • Regular access reviews and audits: Proactively identifying and mitigating potential access risks.
  • Security training and education: Ongoing employee awareness campaigns maintain vigilance against threats.

This comprehensive approach helps Stravito ensure secure user access and mitigate insider threats within its complex ecosystem.

How does Stravito manage penetration testing, vulnerability management, and prioritization for effective risk mitigation?

Stravito prioritizes effective risk mitigation through a three-pronged approach:

Continuous Security Testing:

  • Penetration Testing: We conduct regular penetration tests by a dedicated security team of experts, proactively identifying and resolving potential vulnerabilities before they can be exploited.
  • Bug Bounty Program: We engage ethical hackers through a private bug bounty program, offering rewards for discovering and reporting vulnerabilities, further strengthening our security posture.

Proactive Development Practices:

  • DevSecOps Integration: Our development teams employ secure development practices and are trained in incident response, fostering a collaborative security culture.
  • 24/7 Monitoring: Dedicated DevSecOps teams remain on call 24/7 to swiftly address any identified bugs, incidents, or vulnerabilities, minimizing potential impact.

This combined approach ensures comprehensive security assessment, rapid response, and continuous improvement, effectively mitigating risks across our products and services.

What major cybersecurity threats concern Stravito in the evolving digital landscape, and how is your team proactively addressing them?

Major Cybersecurity Threats for Stravito:

In the evolving digital landscape, Stravito prioritizes safeguarding against several key threats:

  • AI-powered attacks: We acknowledge the growing concern of AI-enhanced malicious actors. This includes AI-driven code development, more impactful exploits, and automated, targeted social engineering through deepfakes.
  • Social engineering: We recognize the evolving nature of social engineering, particularly the potential for AI-powered personalization and automation. These advancements highlight the importance of employee awareness and vigilance.

Stravito’s Proactive Approach:

We continuously adapt our information security strategies to address these threats, focusing on two key areas:

  • Best practices implementation: We actively monitor and adopt the latest industry best practices across all security domains.
  • Employee awareness training: We prioritize comprehensive security awareness training programs to equip employees with the knowledge and tools to identify and mitigate potential threats.

Which area of risk assessment interests you most (technical, data, etc.)? Can you share an example related to that specific area?

The area of risk assessment that interests me most is data security, particularly ensuring proper employee access control and data governance. We take a holistic approach, evaluating risks across employees, technology infrastructure, and customer data interactions.

Risk assessments help us prioritize initiatives and utilize resources effectively. For example, we recently identified a challenge in manually tracking employee access to various software-as-a-service (SaaS) applications. This posed a data security risk due to potential unauthorized access after employee departures. 

Implementing a tool that automatically tracks SaaS usage and facilitates access removal reduced data security risks by 20%, improved audit compliance, and minimized potential data breaches. This example demonstrates how prioritizing data security helps us make informed decisions that benefit our company and customers.

More articles

Latest news