top | item 20839867

(no title)

gfragin | 6 years ago

thanks miker64 our experience has actually not been that - and once security teams have had a chance to review there has been terrific acceptance. we are only interacting with information that is already on a cloud platform and our protections, policies and structure look to build on that security not subvert it. the common fear is that we would aggregate information and sell to third parties and that is dealt with in our privacy policies https://loophq.com/privacypolicy

discuss

yfiapo|6 years ago

I'm sure that will be the case for certain companies. For companies who routinely deal with PII, PCI, or other regulated data the security teams are likely to be much more worried about the potential for sensitive data to be inadvertently shared outside of the company. Even if it is communiques about only business sensitive matters (e.g., iPhone 12 XXL release) that is not something very security conscious companies will be happy having in the hands of a third-party without an appropriate security review.

Having run a security program at such a company, at the minimum I would expect a SOC 2 or ISO 27001 audit of your company before I would allow my company to utilize your services as it is tightly integrated to our internal communication platforms.

This isn't to say you need that now but you should understand there are segments of the potential customer base that will not work with you without being able to pass that level of scrutiny.

gfragin|6 years ago

absolutely right. that is already on our radar given the types of customers we are currently talking to. we are also seeing increased scrutiny from the API providers who are insisting on their own security audits to allow API access.