Every company has data of value they are obligated to protect. Internal information about data and security policies is relevant to security professionals like myself, but also to customer-facing teams who often have to be able to answer critical security questions on the fly. Guru can help risk and compliance managers spin up a security program as part of their company’s knowledge base without a lot of heavy lifting or complexity, while empowering customer-facing teams to have fluid and valuable conversations that drive revenue and delight customers.
Managing knowledge confidently not only empowers revenue teams, it also creates a single source of truth across the entire enterprise. Departments such as HR, marketing, and even security compliance can benefit from knowledge management, both in terms of the information they have to offer to other teams, and in streamlining their own internal processes.
There are countless industry control frameworks in use today, but a security program need not be complicated; in fact, when it comes to expressing security controls to customers, internal employees, and auditors, simpler is better. The Guru system of knowledge creation and organization is the perfect solution for risk and data security professionals for three basic reasons: simplicity, ease of implementation, and cost.
Security made simple
First, consider simplicity. Once management has adopted a core set of industry controls (these could be distilled from authoritative sources such as NIST, SANS, ISO, etc.), they come to serve as the organization’s basic policy framework. For example, the Guru compliance program rests on nine basic data security policies – captured in non-editable cards authored by management – covering familiar security areas such as asset configuration, disaster recovery, and user account management. These policies each give rise to detailed controls and procedures, all of which are captured, organized, and made accessible in Guru.
Storing this information in Guru is an easy way to make complicated compliance documents digestible and useful for all employees. It also adapts to new mandates with generally minimal effort. For example, when GDPR rolled through in May, the regulation’s mandates could be easily folded into the existing controls to codify new practices.
And the compliance program is not all about technical jargon and controls. At Guru, the GDPR rollout also provided our security team with the opportunity to publish additional cards to guide support and success teams in answering customers with urgent GDPR questions. That freed us from receiving shoulder taps and repeat Slack questions. Customers expect quick answers to their questions no matter who they ask; organizing and extending access to information empowers all customer-facing team members to answer those queries confidently.
Implementation is easy
As for ease of implementation, the Guru knowledge management system is easily navigable, allowing for quick content updates and evidence attachments. Once the basic controls and supporting procedures are in place, they can be assigned to owners, who are held accountable and reminded through Guru to update their cards on a set cadence. The verification engine assures card users that sensitive information will remain up-to-date; no hunting for the latest version required. A built-in version history lets the security manager see the “who” and “how” of any changes to a given control, and compliance artifacts (such as screen caps) can be attached to cards for easy retrieval.
Don't spend on needless features
Finally, Guru is far more cost-effective and inclusive than feature-heavy applications specifically designed for security compliance. Large enterprise governance offerings from companies such as RSA and IBM, while useful in the hands of programmers and dedicated compliance teams, are often either underused or so fully-integrated they become difficult to maintain. Licenses can be expensive, and a deep bench of subject matter experts is needed to keep the system current. Unlike complex security-specific solutions, Guru spans all departments so no one is “locked out” of security; everyone is made a neutral partner and participant in the compliance framework.
Building a cross-functional knowledge network with Guru
All companies have data of value they must protect, whether for their customers, regulators, or auditors. Guru is the perfect utility to bring a security program to life by making governance simple, easy to implement, and accessible.
Guru is also ideal for making important information like security policies part of any organization’s larger knowledge network. When vital company resources are siloed by department instead of made accessible to all users, you open your organization up to risk. Risk of uncertain reps sharing information with customers that is outdated or just plain wrong. And when it’s security and compliance on the line, that’s a risk no company can afford to take. Guru gives subject matter experts an avenue to share their knowledge efficiently, and empowers customer-facing reps to quickly and confidently answer any user question, regardless of which department owns the information.
Feel free to reach out to me, Guru’s risk and compliance manager, for insights on how Guru can serve as the backdrop for your security program and add to the collective knowledge of your entire organization.