- Kingland Platform
We attribute our success to many key items:
• Developing a software platform that accelerates our ability to meet our client’s needs
• Employing some of the most talented and skilled professionals
• Partnering for the long run with leading clients in their industries, who expect excellence from us
• Delivering client-specific solutions in a timely manner
We pride ourselves in being a process oriented culture – one of the few firms that possess the CMMI Level 5 designation. This process culture is undergirded by a strong information assurance environment. We understand that we may have the best software, but if it is not secure, our clients will not have the confidence to trust their business processes and sensitive data to our solutions. For this reason, we view security as an asset. We understand that yesterday’s approaches to security are inadequate, and therefore we continue to invest more each year to create a set of processes, controls, and technologies that provide multiple layers of defenses against the existing and emerging threats that both we and our clients require.
Each year, we test our practices and controls against standards, audited by third parties. As an example, we subject ourselves to the AICPA SSAE 16 SOC 2 Type 2 process. Our third party auditors interview our staff and review evidence that our controls are designed effectively and operate effectively. As evidenced by an unqualified report, our auditors agree that we meet this industry standard.
However, we don’t stop with receiving a report. Instead, we focus on excellence in security by looking at where our risks are and working to reduce those risks. By examining risk, we develop a security roadmap that receives funding and support from our corporate officers and board of directors. See a few of the areas of ongoing security investment, below.
Areas of Ongoing Security Investment
According to figures provided by Microsoft, multi-factor authentication (MFA) can block over 99.9% of account compromise attacks. Starting in 2018, we set forth a policy to do MFA on applications, networks, machines, and our facilities. We have implemented MFA to all key information and systems, and we continue to invest in new and improved MFA technologies across the enterprise.
During a recent meeting with our security auditors, they kept asking us, “Do you encrypt this? Do you encrypt that?” One of our senior architects summed it up, “We are adopting an encrypt everything approach. Everything at rest. Everything in transit. Everything.” We take encryption seriously. Our view is that the proper approach is “encryption by default.”
When architecting our platform, we spent considerable time ensuring that the architecture was “secure by design.” We have implemented methods to contain the “blast radius” of attacks through our micro-services architecture, by incorporating new technologies and methods to reduce the probability of successful and long-lasting attacks.
Historically, software teams would scan for vulnerabilities immediately before deployment. The challenge with this approach is that security is always something that does not receive enough attention. We have taken a different approach. We scan our code daily, which allows us to address vulnerabilities without delay.
Over the past year we have refreshed our network with the latest available technologies and re-designed our network using a zero-trust approach. The hardware and software we have deployed allow us to control access based on the user, their job role, the device they are using, how they are connected, and their physical location.
While we have held the United States Department of Commerce Privacy Shield (and previously Safe Harbor) designation since its inception as a program, we have further increased our scrutiny of data privacy practices in light of GDPR. Our view is it is impossible to have privacy without security. We invested in having a third party – TrustArc – do an independent, third party assessment of our Privacy Shield environment, and we have met their exacting standards related to data security and data privacy under applicable regulations.
The above areas are the tip of the iceberg of what Kingland is doing to protect our client’s data and processing integrity. We continually assess our risk posture and threat environment to determine where to invest for time and money in order to protect our clients. We will stay vigilant, laying the foundation for many years of meeting and exceeding our client’s expectations.