Learning to Love Your Security Audit

Learning to Love Your Security Audit

Blog Article Published: 09/16/2014

By Mike Pav, VP of Engineering, Spanning yoda_largeMost folks treat a security or compliance audit like a visit from the storm troopers: a big uncomfortable disruption to your daily life (if a visit from the Empire can indeed be considered “uncomfortable”). But it does not need to feel that way. At Spanning, we started out with a “do the right thing” (thanks Spike Lee) mentality built into our DNA, and it has made all the difference in terms of how we view our security audit efforts. While security, privacy, reliability and availability are non-functional requirements, making them a part of your everyday conversations is critical for sailing through audits. I’ve learned to love our audits for two main reasons:
  1. Since we prepare for them in advance - before we even know they’re coming - we constantly have the opportunity to make our business better.
  2. The audit process will either help us find ways to improve even further or we’ll get a stamp of approval that validates all the hard work we’ve done to be compliant.
You can use your audit process to help you become stronger and operate with less friction, but it takes real effort, practice, and planning. There are some things we started doing right from the start, even before we decided to move down the path of having our software-as-a-service products audited for SSAE16, and I’d recommend them to anyone who gets that pit in their stomach at the thought of an audit. I’ll discuss these steps in-depth at my talk in San Jose, California this Friday at the IAPP Privacy Academy and CSA Congress. If you’re planning to attend the event, be sure and come by the Little Big Stage on Friday at 11:30 am and listen to my  “How I Learned to Love My Audit: Lessons in SaaS Data Protection” presentation to learn the processes necessary to “audit-proof” your business; maybe the next time the storm troopers show up, you’ll feel like Yoda. If you’re not yet registered, there is still time to receive discounted registration pricing. Save $200 off non-member pricing by using Promo Code: 20CSA14. And, be sure to stop by the Spanning booth (#201) and see our audit-friendly cloud-to-cloud backup solution for Google Apps and Salesforce.

Share this content on your favorite social network today!