For CIOs and security professionals, security can be an often overlooked consideration in collaboration solutions. For those of us at Bluescape, that’s certainly not the case. We understand that the Bluescape solution must be “organically secure” – meaning that Bluescape is naturally secure from an overall holistic perspective, from the time the new versions are developed to when Bluescape is rolled out, and implemented for a given customer’s environment.
End-to-end security of the Bluescape product is foundational to our long-term success and it defines our position of strength in this evolving unified communications and collaboration (UCC) world. Our belief of “security first” can be seen and heard in everything we do. Here are a few examples:
A Culture of Security Awareness
Bluescape prides itself on implementing a security awareness training program across the enterprise at a level seen in Fortune 100 companies. This not only includes annual security awareness training for all employees and a continually improving software security lifecycle, but advanced and customized application developer security training, governed by the newly formed, Bluescape Security Center (BSC). The BSC exists so any Bluescape employee can submit a security incident, report a suspicious email, follow best practices to send a secure email, and receive advanced social engineering training.
For each Bluescape release, we conduct extensive testing to validate that the integrity of customer data across organizations is maintained and isolated. Our continual security testing verifies that customer data remains safe, while our enhanced security platform ensures that our tenants each have their own set of dedicated databases. Nothing keeps Bluescapers up at night more than the thought of customer data that is not fully protected.
Bluescape’s architecture captures all systems and applications logs with a log aggregation framework in order to better diagnose problems and monitor overall management to include data aggregation and tracking. To protect our customers, care is taken to NOT log nor view customer data, but to focus only on diagnostic information. We also limit the number of highly-trained DevOps personnel that have “a need to know” access to operational systems and logs. Any unauthorized access attempts are tracked and logged by our security framework, and investigated immediately.
While some companies may try to “hide the ball” with regards to vulnerability management, Bluescape encourages continual inspection of our internal vulnerability management program via our transparent security model. This model encourages customers and potential customers to ask questions, provide input, and even run their own penetration tests against our lower environments with proper coordination. In the end, this approach provides full transparency which strengthens the trust and bond between Bluescape and our customers.
The new workplace around us is changing and experiencing a “seismic shift around organizational collaboration.” Emerging new tools and applications are changing the way people aspire to work and Bluescape is one of those transformative technologies. Our SaaS solution solves the challenges around team collaboration and people’s access to shared content by offering a visual digital workspace (open platform) that integrates content, UCC tools and applications.
In the end, security is one of the most important factors when it comes to implementing any collaboration tool. For those of us at Bluescape, security is ingrained across our company, mindsets, and products. Whether it’s our continual improvements around Bluescape employee security education and awareness, software security, or with our special relationships with our customers, Bluescape is committed to keeping our company, as well as our customers’ people and their data safe.
By Mark Willis, CISO, Bluescape