We unmistakably understand security is a continuous, diligent process — which also underpins our ethos at LoginRadius.
Our InfoSec team continuously works to ensure a robust security posture by working on various InfoSec compliance frameworks and programs that assure data security and enable continuous trust with our customers.
In the last couple of years, we re-engineered LoginRadius CIAM to deliver a highly-scalable, more robust identity platform for our customers whose growing end-user interactions needed enterprise scalability and reliability to serve seamless experiences, implying that we also need to be aware of a security paradox:
Yesterday’s innovative features and capabilities can leave a trail to tomorrow’s vulnerabilities: this paradox is commonly evident in the security updates and patches received for some of the most popular software packages and OS platforms.
We’re knowledgeable of and diligent about this paradox, needing our InfoSec team to creatively work parallelly to comply with various security frameworks and ensure a comprehensive, robust security posture throughout the organization and for our customers.
Comprehensive Security with ISO 27001, 27017, and 27018
We implement important security standards set by ISO that are highly relevant to us, like ISO 27001, ISO 27017, and ISO 27018, so that we can demonstrate the quality of our security policies, methodologies, and infrastructure.
In 2022, we again completed external audits without shortcomings to ensure our re-engineered platform’s security aligns with industry-wide recognized standards.
SOC2 Type 2 Audit
We have conducted a SOC2 Type 2 external audit to ensure that our security controls have been effective and producing the results we intended without lags.
Penetration Testing
As part of our recurring annual activities, we have successfully performed external penetration testing in multiple phases utilizing manual and automated techniques. This has furthered our efforts to ensure LoginRadius’s security posture is robust and highly defensible.
Bug Bounty Program
We have been actively engaging with the broader security community through our bug bounty program, instilling trust in our customers and stakeholders that we won’t leave any stone unturned when it comes to the security and integrity of our organization.
Further on InfoSec
In addition to some major InfoSec compliances, external audits, and bounty programs, our team has worked closely on various other areas:
- Ongoing Review and Updates: As part of our continuous focus on security, we reviewed and updated policy and process documents for different compliance standards. We ensured that the latest compliance standards were followed and documented, allowing us to stay current and compliant. This effort helped us increase our documentation's accuracy and consistency; accordingly, we can easily identify areas for improvement and take action to mitigate risks.
- Security Awareness: We conducted company-wide InfoSec awareness training programs, tracked and ensured completion by all employees, and improved their understanding of security risks and mitigation measures.
- InfoSec Tools Management: We have evaluated various tools in our inventory and upgraded to necessary tools relevant and effective in the current cybersecurity landscape. This has enabled us to improve the overall security strength, especially for endpoints.
Conclusion
We have taken significant strides in fortifying our security posture in 2022, almost perfectly supporting and complementing our re-engineering of the LoginRadius CIAM platform. Overall, the InfoSec team has diligently ensured that the security controls and methodologies are effective.
At LoginRadius, we remain committed to staying current and compliant with the latest security standards to provide customers with the best possible experience while ensuring their data is secure.
Originally published at LinkedIn
https://bit.ly/3zENVYa
https://bit.ly/3zF1vuH
https://guptadeepak.com/content/images/2023/04/loginradius-security-posture-build.png
https://guptadeepak.weebly.com/deepak-gupta/how-we-fortified-loginradiuss-security-posture
No comments:
Post a Comment