When I joined Guru several years ago, I was looking for a challenge after the military and after several years spent in government and industry security compliance. Although Guru was but a “modest” startup at the time, I recognized that the company had a great responsibility in the form of protecting the key data that users entrust to the system. Sure, every app asks for its users to surrender some kind of data, but with Guru the breadth of content is widespread. It can be as simple a meeting summary or as critical as a corporate trade secret. Guru is positioned to process it all, and that’s important work for the security function.
There are two basic tenets we at Guru uphold that help maintain trust and contribute to data protection:
A Living Family of Security Controls Fueled by a Formal Risk Assessment
Without sounding too much like a compliance “nerd,” we pay attention to best practices and industry norms, and make sure our documented controls meet or exceed mandates. We keep the framework alive by routinely validating every element with real compliance artifacts that show actions are being completed. On top of that, we look at these controls annually through the lens of a risk assessment to make sure any emerging threats or vulnerabilities are addressed as needed.
An Emphasis on End to End Protection
Things like encryption and proper network configuration can go a long way in securing an application and any outside connections it needs to talk to, and Guru has done a good job in locking down its digital terrain. It’s when vulnerabilities appear that bad actors can strike, and Guru minimizes these opportunities by scanning software containers upon creation and reviewing our code for vulnerable third party dependencies. Moreover, we apply a number of housekeeping activities to include updating our firewall with known bad IPs and retiring old networking components (like stale subdomains). We invite penetration testers twice annually to “break” our security and tell us how we can become better.
In all, Guru represents a refreshing advancement in the idea of “knowledge management,” but with that comes a welcome challenge to keep all that knowledge safe, secure, and serving our customers.
When I joined Guru several years ago, I was looking for a challenge after the military and after several years spent in government and industry security compliance. Although Guru was but a “modest” startup at the time, I recognized that the company had a great responsibility in the form of protecting the key data that users entrust to the system. Sure, every app asks for its users to surrender some kind of data, but with Guru the breadth of content is widespread. It can be as simple a meeting summary or as critical as a corporate trade secret. Guru is positioned to process it all, and that’s important work for the security function.
There are two basic tenets we at Guru uphold that help maintain trust and contribute to data protection:
A Living Family of Security Controls Fueled by a Formal Risk Assessment
Without sounding too much like a compliance “nerd,” we pay attention to best practices and industry norms, and make sure our documented controls meet or exceed mandates. We keep the framework alive by routinely validating every element with real compliance artifacts that show actions are being completed. On top of that, we look at these controls annually through the lens of a risk assessment to make sure any emerging threats or vulnerabilities are addressed as needed.
An Emphasis on End to End Protection
Things like encryption and proper network configuration can go a long way in securing an application and any outside connections it needs to talk to, and Guru has done a good job in locking down its digital terrain. It’s when vulnerabilities appear that bad actors can strike, and Guru minimizes these opportunities by scanning software containers upon creation and reviewing our code for vulnerable third party dependencies. Moreover, we apply a number of housekeeping activities to include updating our firewall with known bad IPs and retiring old networking components (like stale subdomains). We invite penetration testers twice annually to “break” our security and tell us how we can become better.
In all, Guru represents a refreshing advancement in the idea of “knowledge management,” but with that comes a welcome challenge to keep all that knowledge safe, secure, and serving our customers.
Experience the power of the Guru platform firsthand – take our interactive product tour