One doesn't need to be a security practitioner or an avid technologist to be aware of the cyber security war raging globally. The news we all consume is now peppered with nation-state initiated cyber attacks, vital utility providers operationally impacted by ransomware, and attacks on vendors leading to compromises in hundreds of large security conscious organizations. Be it protecting our organisation's information security or that of your own personal life; we are all very much in a race to keep ahead of cyber criminals.
Having said that, there is no finish line where we are done protecting our organization’s information assets. Threats change on a daily basis, new vulnerabilities exposed, and the need to be aware ever present in our lives. Procurement organizations are also now prioritizing this as a requirement for new software or SaaS solutions they consider, and rightfully so.
Keelvar underwent our first information security audit as a young company in 2014. We were very proud of the technical and organization controls we had in place; allowing us to provide our strategic sourcing solution in a secure manner to a growing enterprise customer base. A strategy we used from day one is to bring in vendors that make us stronger as an organization. Amazon AWS not only provided a best-in-class infrastructure as a service (IaaS), but also offered infrastructure security compliance in ISO 27001 as well as a clearly defined shared security model to leverage.
We continued our security journey over the years, bringing on additional vendors and partners who we assessed would make Keelvar stronger as an organisation. Independent external penetration testers now supplement our internal testing to ensure our application APIs are secure. The Knowbe4 platform now supports our internal security training and awareness programme for employees. Risks surrounding our primary AWS data centre becoming unavailable and impacting our application availability have been mitigated by supporting a secondary failover data centre.
Earlier this year, Keelvar attained ISO 27001:2013 certification with A-LIGN acting as independent auditors. This solidifies Keelvar's commitment to continual information security improvement. Our team made achieving this important certification a high priority as we continue to expand our global reach and serve a growing list of enterprise-level customers and their suppliers through our sourcing platform.
Keelvar's appointment of a Chief Information Security Officer (CISO) this year ensures security is at the centre of leadership discussions and that important security initiatives have proper funding and resources for successful implementation.
What is next for Keelvar?
Data protection is an increasingly complete landscape with many jurisdictions across the world bringing in their own regulations, much inspired by the GDPR. Keelvar is working towards achieving ISO/IEC 27701:2019 for privacy security and management in 2022.
For Keelvar, information security is a journey where we move forward on with determination and resolve, ensuring we are as best prepared as possible for the next risk. There is no finish line to stop at, only a disciplined journey we undertake to ensure we are a vendor that makes our customers stronger by providing (secure) sourcing optimization and automation solutions.