Walled Garden: a restricted range of information to which subscribers to a particular service are limited, as defined by Oxford Languages.
Security professionals subscribe to the principle that information is on a need-to-know basis. For many years, organizations have used this particular strategy around communicating security. Many controls implemented by security professionals are based on the principle of least privilege, so it was easy to carry this thing forward at every level. It’s not inherently wrong to shield critical information about a security program. Organizations should be careful not to arm bad actors with information that can be used to infiltrate their information systems and applications. However, in today’s climate of escalating cyberattacks, we should question whether or not shielding all security information is an effective strategy.
Every week, Trustpage publishes a newsletter called The Risk Report. After months of publication, there has yet to be a shortage of breaches to report on. In fact, we report on a fraction of the security incidents in a given week. Considering the increasing trend of security incidents, it's doubtful that there will be a shortage of news any time soon. Especially, if organizations don't change their behavior, we should be asking ourselves, "Is there a better way?"
Threats are increasing at an alarming rate. In 2021, the Cybersecurity & Infrastructure Security Agency (CISA) published some staggering statistics on cybercrime last year in their bulletin for Cyber Security Awareness Month:
Based on these statistics, we can make the argument that the current approach isn’t working—we need to do better. If these statistics aren't a wake-up call, consider that we have yet to realize the future impact of cyber attacks in warfare. The War in Ukraine is affirming that future conflicts will be fought on the digital and physical battlefield. A recent article from the Harvard Business Review explores the future of cyber warfare and its impact. The threat of cyber warfare is much greater than data leaks—knocking out electricity and restricting access to money will have devastating effects, it could put the world in a state of chaos.
You may be thinking that your organization is “safe” because you aren't managing critical infrastructure and systems, but remember, you could be part of a supply chain attack that leads to the breach of critical infrastructure. In 2013, Target was compromised because an employee at a refrigeration contractor fell victim to a phishing email. The fallout was an $18.5 million settlement for Target and the theft of over 40 million credit and debit records. This incident happened almost ten years ago, yet since then, things have only gotten worse.
This is evidence that the Walled Garden approach isn't working. This message isn't an indictment as much as it is a call to action—change the way we’re tackling the problem. Technology is evolving at such a rapid pace that we can no longer rely on old-world thinking. We have to shift our thinking by tearing down these walls built around security and being more transparent. In the years since the GDPR went into effect in 2018, consumers have been awakened in terms of the rights they possess concerning who handles their data and how it's handled. The B2B market has been sluggish, at best, to do the same.
As an organization, you also have the right to know how your third-party vendors and partners are handling your data. Your organization's reputation can be easily damaged by a vendor's weak security program, or even worse, cause your organization to shut its doors. In simple terms, this is the risk you are evaluating when deciding to purchase a third-party’s software products and services. With the steaks this high, it seems like a no-brainer that you should have the right to access knowledge about your vendor's security posture.
So today, Trustpage is launching a new product designed to help you find & compare security policies for thousands of companies. Trustpage believes the software industry should start tearing down the walled gardens of security and using transparency to usher in a new age of sharing security information with customers and partners.
In one seamless tool, users can now...
For far too long, users have had to go through a gauntlet of account executives, support channels, and paywalls (Enterprise-tier only) to get the information they need. Surfacing the security policies of the tools that powers our every day is one of the most powerful ways we can create a shift in the way the world views InfoSec.
In an ever-advancing world, Trustpage is convinced the walled garden approach is ineffective, so we're doing something about it. Transparency is key to curbing the rise of cyberattacks. We believe the winners in the marketplace will be organizations that don't shy away from conversations about trust and security—leading with trust will be the strongest competitive advantage any organization can have.
Are you ready to join Trustpage in this new era of transparency in trust and security? Start exploring today.