Welcome to the first issue of the Globys Customer Newsletter.
We are excited to share product updates, company news, adoption best practices, and recent blog articles. Have an idea of something you would like to see in future newsletters? Send your suggestions to [email protected].
2018 Security Review
At Globys, we provide secure digital invoicing and payment solutions for some of the largest communications companies in the world. Since our business relies on data, we take the responsibility of security and privacy very seriously. Data security and privacy have a common goal to protect sensitive information, but they have very different approaches for achieving the results.
Data security focuses on protecting information from theft and breaches. Think back to the Target credit card hack a few years back; this is a classic example of a security fail. Sure, Target survived, but it was an expensive and embarrassing incident.
Privacy governs how data is being collected, shared and used. The recent Facebook and Cambridge Analytica fiasco underscores the necessity of strong policies around data privacy governance and the enforcement of them. In turn, companies are responding by aligning policies to match recent regulatory changes.
Understanding the importance of both security and privacy, Globys continually evaluates our current and future investments. Below are a few of our most recently launched, high-level security initiatives:
Ongoing Code Scans & Vulnerability Testing
Solution Architecture and Engineering groups design security into our products from the start. They also ensure security and compliance standards are successfully built into new products.
Increased Security Staffing
Additional staff has been added to Globys’ Security Operations Team, including a new Senior Security Engineer, who brings 20+ years of security program management and infrastructure deployment. This team continues to own 24×7 monitoring, which includes Incident Response and proactive Cyber Threat hunting.
In March 2018, we completed the validation of our compliance with every PCI DSS v3.2 requirement for Service Providers. Globys 3 has passed the following security scans: OWASP Top 10, CWE/SANS Top 25, CERT Secure Coding Standard. Note that a copy of the Veracode report is available upon request.
We are also developing new policies around the European General Data Protection Regulation (GDPR), and continue to evaluate the short and long-term impacts for Globys and our clients.
Globys has a cross-functional risk assessment and management team that analyzes vulnerabilities across the company that may impact deliverability and/or service to our clients. They identify areas of risk, rate the impact and likelihood of these risks, and assessing the existing and alternative mitigations against that risk.