Yesware is Enterprise-Ready and Committed to Security

January 28, 2014 | 
News | 
yesware-enterprise-ready-committed-security0 reads
At Yesware, we’re committed to providing our customers with the best possible services. We strive to make our products not just powerful, understandable and usable — but also secure, robust and manageable.
Skyhigh Enterprise-Ready SealThat’s why we’re proud and honored to share today that Skyhigh Networks has awarded us their highest CloudTrust™ rating of Skyhigh Enterprise-Ready. According to Skyhigh, the services selected for this rating must satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. The initial selectees include some of the most trusted business services on the internet — a rather esteemed group.
To earn the trust of demanding enterprise customers, any service must demonstrate a commitment to keeping customer data safe. At Yesware, we make this commitment part of our regular processes: we triage bugs and issues into our agile development rhythm, our code reviews include checks for security flaws, we carefully consider encryption and attack vectors during architectural design, we’re transparent with our customers about how their data is stored and used, and so on.

And we’re constantly looking for new ways to step up our game.

We recently adopted a responsible disclosure policy for security issues. This is quickly becoming a “best practice” for security-minded companies. Basically, it means making a public statement that if someone points out a security issues while following sensible guidelines, then they will be treated with respect and gratitude. It’s sort of a formal way of saying, “hey whitehats, we’re cool if you are.”
Our policy asks that anyone who finds a security issue in our products should please let us know privately, and without exploiting the issue in a way that would cause harm. In return, we respond promptly and courteously, and we thank those who’ve helped us on our acknowledgements page.
Responsible disclosure policies have been appearing all over the web, on many of the biggest sites and most serious of services such as Facebook, Salesforce.com, PayPal, Zendesk, and others. Many of these have acknowledgements pages with long lists of contributors, and there are even multiple services popping up to help companies run their security issue reporting programs.
 
So far, we’ve had more than a dozen people contact us with issues. Some of them were simple mistakes, others were complex bugs with very specific triggers; some were good practices that we didn’t apply widely enough, or emergent browser features we weren’t taking advantage of; a few were false positives. All of them were instructive, as they were found using the same techniques and tools that real attackers, bent on stealing data and causing mayhem, also use. And every one was an issue that we could examine, research and fix with the benefits of time and deliberation — while not scrambling to defend — and with no damage done.
When we passed Salesforce.com’s App Exchange security review some time back, we felt pretty good that we’d built a product that could meet the approval of Salesforce’s very capable security professional. But security isn’t a one-time thing, and it isn’t a checkbox feature. As our customer base grows and our product matures, we will continue to seek out better ways to keep our customers’ data secure. We’ve worked hard to earn your trust, and we plan to keep at it. That kind of ongoing diligence is the only way to really be enterprise-ready.

Start using the power of Yesware today

Reach more leads, book more meetings, and close more deals while doing a lot less work.

Get expert sales tips straight to your inbox and win more deals

You may also like

Introducing Yesware Prescriptive Analytics

Introducing Yesware Prescriptive Analytics

If you’re a sales manager, you probably spend a good chunk of your day swimming in data, hopping from CRM to spreadsheets, and pouring over reports that detail sales rep activity and productivity. Because more data is always a good thing, right? More data means more...

read more
Our Journey to Series C

Our Journey to Series C

Five years ago today, I was the VP of Sales at a venture-backed startup. I hadn’t yet been fired for applying for my CEO’s job. I hadn’t called Cashman to pitch “Software for Salespeople.” I certainly hadn’t made up the word “Yesware” five years ago. Five years ago I...

read more
Meet the New Yesware: Your All-In-One Sales Toolkit

Meet the New Yesware: Your All-In-One Sales Toolkit

In 2010, Yesware started as a simple idea. Salespeople needed better tools to help them succeed. We started with email because it was (and arguably still is) the most important communication channel for B2B sales. But there were bigger plans: “In the long term,...

read more

Get expert sales tips straight to your inbox and win more deals