Along with our partners and Microsoft, we secure client systems based on commercially-reasonable practices. We focus on that commercially-reasonable standard to ensure there’s a purpose behind the changes we bring. Some of the things we do differently:
- Our clients have written security policies provided by one of our independent partners. These policies cover your actual industry regulations (like HIPAA and NIST) and your specific operations (like PCI for credit card processing). These are policies that everyone can understand, including business leaders, auditors, security experts, and your employees.
- We use a “zero-trust” model of trusted identities and devices to ensure only the right people and computers can access your most important applications, and can access them simply and quickly.
- We employ soft security measures that favor users, rather than hard ones, which often stop businesses from running. Soft security uses context to identify the difference in risky and trusted scenarios, in the background, so businesses can stay in the foreground. This means that even though we require Multi-Factor authentication for all our clients, we make that experience more pleasant by bypassing the active second factor when connecting from a trusted device or location.
- We establish a single-sign on identity and access to keep things simple for your employees.