User access reviews, pen tests, compliance audits, security reviews…the amount of work that security and compliance teams have to manage on a regular basis is shocking. Yet, there are actually very few sources of information on just how much time security and compliance professionals spend on different tasks. Until now.
Aptible recently surveyed over 100 GRC professionals to learn what their top challenges are, and what capabilities they look for in a GRC tool. Check out a quick summary in this blog post, and link to the full report.
In this post, we want to demystify createSlice by building our own stripped down version of it for new engineers to use as a reference guide when learning redux.
If you have a product and customers, then you also have members of your team who need access to critical systems in order for your company to function. Safeguarding credentials that can access these systems via mechanisms like 2FA, U2F, and key rotation is necessary but not sufficient. You must also monitor for key security events and review each to ensure your protections are working as intended.
Here at Aptible, we’ve solved the problem of monitoring and requesting approval for security events via a lightweight Slack integration we built called Powertrip. With Powertrip, we are able to send Slack notifications to relevant team members about key security events within minutes of the event happening.
Steven Nguyen, Director of GRC at Segment, on the sea change brewing in the compliance industry around security sales enablement and automation tooling.
Compliance professionals are struggling to manage compliance and enable sales to close deals. Pioneers like Steven Nguyen, Director of GRC at customer data platform Segment, are coming up with creative solutions to ease and expedite compliance requests. Nguyen is pioneering a new way of thinking about GRC—and how compliance must adapt and automate to meet the demands of internal stakeholders and customer needs.
We recently rolled out updated HTTP security headers for Comply. Following best practices with HTTP security headers can be a quick way to add an additional layer of security to a website, so we wanted to share our work here in hopes that others might find it helpful.
UX Engineers at Aptible play an important role in the product development process by blending UX knowledge with technical skills to fill the gap between design and engineering.
Existential checks are when we have to detect whether or not a variable has a value - that is, checking to see if a variable exists. If the value is `null`, `undefined` or otherwise falsy, then it fails the check. This usually takes the form of an if-statement.
Comply now supports the HITRUST framework, making it easier for healthcare companies to gain certification of their data security practices and build customer trust through compliance. We have also partnered with NCC Group to create our controls making assessments through them faster and more affordable.
Automated evidence collection removes the need to do tedious evidence collection while Dashboards provides data and insights to help you focus on the most critical needs in your program. These features are intended to help compliance teams continuously monitor their programs, eliminate menial work, and focus their efforts on what’s truly important so they can do more with less.
Let’s say you’ve created a SaaS application that lets customers keep track of their vendors. Things are going well and you’re adding many customers. One day, a curious customer starts messing around with the IDs in URLs and stumbles across a vendor they shouldn’t have access to. This is Very Bad™, especially if your customers are relying on your application to store sensitive information!