With a desire and passion to make a difference and inspire change, Daphne Reed began her EHS career with Cority in 2022 after spending 8 years at a video messaging software company. As Cority’s Senior Director of Security, Daphne is responsible for keeping up with cybersecurity industry trends and strategies, as well as aiding Cority customers in ensuring their data is safe and secure.
In this edition of Voices of Cority, Daphne and Cority’s Senior Product Marketing Manager, Stuart Cook, discuss the ins and outs of data security and the necessary features to consider when buying EHS software.
EHS Data Security Challenges and Tips for Buying Software
Stuart Cook (SC): Can you explain some of your day-to-day responsibilities and overarching strategic goals?
Daphne Reed (DR): Day-to-day, there are a lot of customer calls where I’m answering very difficult questions. Trust is extremely important within data security and it’s my responsibility to answer customer questions and reassure them that we can keep their data secure. Without that trust, fear creeps in – and there is a lot of fear, uncertainty, and doubt within data security already.
Strategically, understanding what the geopolitical landscape looks like in terms of regulations and governance is crucial. For example, certain geographic regions may have a very specific set of regulatory requirements. It’s my responsibility to evaluate those regulatory requirements and decide if and how we should accommodate them within our software. If a regulation is going to heavily impact our customer base, we need to ensure those regulatory certificates and audits are in place, so we are prepared and equipped with what customers may require.
SC: Can you share some landmark changes in the past few years within data security that have impacted software development?
DR: Ransomware is a big one, as well as crypto coins and other decentralized finance. The reason being that Bitcoin and other crypto coins have opened the door for organized crime to easily receive payments. This allows hackers to break into companies and steal data in a more organized, targeted, and sophisticated way than ever before.
Data being hacked and stolen is a very common fear and to ease that fear, we provide comfort and assurance by explaining how a customer’s data is encrypted, and only certain people have access to it. We also leverage our audits to show proof of our certifications and the infrastructure we have in place to ensure these types of things do not happen.
SC: What is a misconception about data security?
DR: One thing that comes to mind is the ability to guess someone’s password – that is no longer a huge concern these days. Guessing someone’s password based on their personal interests or what you know about them is no longer the biggest threat to security. It’s actually when people use the same password for multiple logins. Someone can have a complicated 32-character password that’s completely random but, if that password is compromised and they have used it for several logins, that’s the real danger. It’s not what your password is, it’s how many times you’ve reused that password.
SC: Describe one of the biggest challenges when it comes to data security and compliance?
DR: As I mentioned before about compliance initiatives and understanding the geopolitical landscape – it’s becoming increasingly common for different regions and industries to require their own bespoke audits before doing business with them.
For example, there’s a German automotive industry certification called TISAX, an Australian government certification called IRAP, there’s GDPR, FedRAMP, and so on. It’s a huge challenge to keep up with every regulation and audit, not to mention each certification costs money. It’s difficult for the information security industry to keep up with all of these certifications, and it can become very expensive to maintain. Therefore, we have to be extremely strategic about what certifications we want and need, so our customers are happy and feel secure.
SC: What is the biggest thing businesses should look for when buying software, as it pertains to data security?
DR: I think it’s very easy for companies to flaunt their audits and certifications but, it’s important to look for a company that’s going to take it seriously and be there, day or night, to fix problems or address concerns when they arise. Audits and certifications look great on paper and check that initial box but, how do they respond to your concerns? How do they ease your fears and discomforts? There’s a human element at play as well and, at the end of the day, those pieces of paper are nowhere near as impactful as being empathetic and understanding.
At Cority, we take it very seriously and we share the same concerns as our customers. It’s very important to have all the necessary certifications, but it’s even more important that our customers know they can trust us, and we are all humans on this side, working towards a shared goal.
EHS Data Security & Cority
Verdantix, a globally respected independent research and advisory firm, has consistently recognized Cority as a leader in EHS software in multiple categories, including Application & Data Center Security. Data security and privacy are critical components of any software selection process, and Cority makes it easy for businesses to trust that their data is secure. Thanks to Cority subject matter experts, like Daphne and her team, Cority is the first, and currently the only, EHS software provider to achieve FedRAMP Authorized status – which is only one of many data security certifications held by Cority.
