Clearwater Analytics is an innovative SaaS solution and a leading enterprise software provider to the world’s largest and most sophisticated institutional investors. For those reasons, creating a culture of security (and the tools to support it) is a top priority for our IT organization and across the entire company.
We have previously written about the security benefits of multi-factor authentication – you can read that article here: 5 Reasons to Implement Multi-Factor Authentication.
While many companies are struggling to shore up their security programs in this rapidly changing landscape, Clearwater has put tremendous effort into building a strong security foundation to protect our customers and employees. We focus heavily on training our people, fostering open communication, setting clear expectations, and preparing for the future.
People: Our Most Important Asset
Clearwater’s world-class investment accounting application would be nothing without our people. We value each member of the Clearwater team, from our employees to current clients and future clients. People are our most important asset, and our security culture is one where everyone plays a crucial role. Not only are we leaders in the SaaS and security community, we also aim to create a culture where everyone is heard and has the tools to do their job successfully and safely.
It is a widely known fact that the biggest security threat to any organization is the human element, and by investing time and resources into our people, we not only create a positive work environment but also a secure one. Despite the trials of the past year, we continue to move forward with a people-centered security approach resulting in incredible outcomes.
Open Communication
From the time of hire to time of departure, we provide each Clearwater employee guidance through detailed policies and standards, ongoing security awareness training, and an open-door Information Security department to guide them through their day-to-day operations.
We all use technology every day, in both our professional and personal lives, but we understand that security can be a tricky topic – it may not always be clear what is needed to secure responsibility the tools and data you are working with. Teams at Clearwater work to communicate and define roles for increased clarity around responsibilities while keeping security at the forefront. Studies across industries have made it clear that there is a widespread gap between information security and operations. This gap tends to come from focusing on security as a separate entity instead of seeing this as part of the greater whole that involves everyday operations and duties.
We work collectively with divisions across the company to better understand processes, drill down into the challenges they face, and learn how we can create a secure environment without harming the overall product and services these teams provide. At Clearwater, our Information Security team is welcomed into conversations in all facets ranging from operations to human resources to facilities. Trust and respect are the cornerstones of our relationships.
Clear Expectations
An important aspect of establishing standards and best practices for any company while creating a security culture is to remember that security is more than a checkbox: it requires involvement from end-to-end. Here are a few of the things we have been doing to instill a security-centric culture for our employees and clients:
- Interaction from day one with “in person” security training with all new hires
- Education through interactive security campaigns
- Rewarding participation and secure decisions
- Promoting continuous involvement and communication beyond campaigns and training
- Providing open sources of communication with our Information Security department via a variety of communication platforms (project management software, instant messaging, email, etc.)
- Implementing technical controls to reduce the burden on individual workflows
- Ensuring we have a secure environment through participation in ongoing security awareness training and campaigns
- Examining individual knowledge gaps through assessments and closing those gaps with engaging trainings
- Acknowledging security is everyone’s responsibility
Evolving for the Future
As we continue to lead in the investment accounting and financial reporting space, we continue to grow our internal team to lead security in parallel. We continue to see significant growth across the company through the tactics mentioned plus many more. Technology and security will continue to change, and our teams are dedicated to changing with it, creating a more secure future for Clearwater Analytics and beyond.