At ClearOPS, we are constantly training new and existing employees on the latest in data privacy and cybersecurity best practices. We maintain a written information security policy that includes incident response and disaster recovery.
ClearOPS has adopted the principle of least privilege so that only those employees or agents with a need to know have access.
ClearOPS utilizes current best practices on password creation and management. We encrypt data in transit using TLS and all customer data stored in tables is encrypted through our hosting provider.
We use a cloud service provider to host our application and customer data. We adopt the principles of security by design and utilize security features offered by our datacenter.
ClearOPS has adopted a policy of third party and vendor minimization. We use our own tools for vendor due diligence and monitoring. We have also adopted a classification based system, rating vendors according to the data they process and intensifying our own security reviews based on the classification assigned.
The obvious tenets of security remain as important as ever, such as least privilege, layered security, verification controls and comprehensive policies for staff and customers, but we have to start realizing that less is sometimes more. Less applications, less code, less service providers ultimately means less exposure to data breaches, and simpler systems to manage. Just throwing more products and more lines of code at a problem is a path to insecurity.