StreamSets' Data Security and Compliance

Speaker: Victor Nee, Director of Compliance and InfoSec

Victor Nee: When it comes to our customers, StreamSets' commitment to data security is a top priority. From the get-go, we ensure that we follow secure by design principles to make our products as secure as possible. We implement industry standard encryption and access controls to protect data both in transit and at rest. And in addition, we empower our customers to have full control over their data. After all, it's our customers' data, not ours. We also take a proactive approach to identify and mitigate emerging threats. We regularly review our controls, incidents response plans, make sure to train our staff and run penetration tests to validate their effectiveness. Our actions demonstrate a commitment to security, availability, and confidentiality. We welcome conversations with our customers and partners about how we can work together to navigate today's complex security landscape and to strengthen security protections further.

Victor Nee: Obtaining our new round of compliance certifications underscores several key things about our commitment to data security. First, we've consciously made the decision as a company to invest time and resources into meeting rigorous standards by achieving certifications like ISO 27001 and SOC 2, it demonstrates our adherence to policies and controls agreed upon by security experts. And second, don't just take my word for it. We promote transparency by making these audit reports available. Certifications require independent audits that examine our security posture and by sharing these with you, we offer our customers the opportunity to review our security claims. Third, by going through compliance audits regularly, it demonstrates that we're staying on top of an evolving landscape. You know, these compliance frameworks can change over time and regular audits ensure that we remain current. And lastly, it shows we're willing to continuously examine our own systems. The process of ongoing certification pushes us to review our own controls, identify gaps, enhance our protections, and validate our security foundations. No organization is going to be perfect but healthy ones will undergo regular audits to keep proactively making meaningful improvements

Victor Nee: You know, this is actually an interesting point. As you may have heard, the SEC now requires public companies to disclose material cybersecurity risks and incidents. Although StreamSets presently is not subject to these yet, our ongoing compliance certifications do directly support these new SEC reporting requirements. And plus many of our customers are already subject to these SEC regulations. And given the current state of cybersecurity, their focus on their external vendors and their supply chain risk is just as important to pay attention to as their internal security posture. So our annual, SOC 2 and ISO 27001 audits directly support truthful, accurate, and timely cybersecurity disclosures.

Victor Nee: Our customers should feel assured that their data and privacy remain a top priority for us each day. While compliance activities largely happen behind the scenes, the outcomes do directly benefit the customer experience. Here's a simple example. So we run penetration tests and the auditing of our security controls help us find and resolve software vulnerabilities before an outsider might discover them and exploit them. As a result, our customers enjoy software that is higher quality and more secure. thanks to these fixes. Now running pest is just one control. Each of our compliance controls, which number in the hundreds, when they're operating effectively, provides that little bit of extra assurance. So when you combine all of these controls together, it facilitates a trustworthy service that customers can rely on day to day. Of course, should an incident occur our compliance framework also drives disciplined response and notification. We'll investigate thoroughly, analyze the root cause, and resolve the issue and all along the way, keep customers informed in a transparent way. So our customers will never read an audit report. Compliance delivers accountability that hopefully our customers can sense from their consistently secure, smooth and transparent interactions with us.