Building and maintaining customer trust is a key objective for any cloud service provider, or any business for that matter. It’s especially important for a business that holds customer data to craft a compelling message about their security, and in this day and age, privacy as well. Similar to most SaaS providers, we deliver that message via our personnel (like our sales team), via documentation (like audit reports and whitepapers), or via certification images on our website (like the ISO 27001 certification logo).
We wanted to take this a step further and provide more transparency to our customers on what we do around security and privacy. To that end, we developed the OneLogin Compliance Initiatives section of our website. This section not only details what we do as part of our security and privacy programs, but also explains why we do it, how often, where to get more information, and in short, as a OneLogin customer, why you should care about compliance initiative XYZ. In a sense, we hope the information is specific to what OneLogin is doing, but it also provides agnostic information that you can leverage to have meaningful conversations with your other service providers about security and privacy matters that are important to you.
This is by no means a static set of pages sitting on our website; that would reflect a stagnant security and privacy program, which is not what we strive for. We have been very aggressive about furthering our security and privacy efforts for the last two years. And building this out follows our other initiatives for 2015. These efforts included:
-Additional app vulnerability scanning as part of our post deploy process
We are definitely not the first to do this, but we are proud to be one of the few in this space to have done so. We are also looking forward to relaunching our new uptime page that will help bring more transparency to how we report on availability. Stay tuned for that launch and for updates to the OneLogin Compliance Initiatives section throughout 2016.