Arkose Labs recently added its name to the list of companies taking the Secure by Design Pledge with the Cybersecurity and Infrastructure Security Agency (CISA). The voluntary pledge focuses on enterprise software products and services, with a mission to complement and build on existing software security best practices. Seven goals form the pledge. Among them are:
- measurably increasing the use of multi-factor authentication (MFA)
- demonstrating progress towards reducing default passwords
- increasing the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products
And, in the spirit of radical transparency, CISA is encouraging participating businesses to publicly document their approach. At the time of writing, 162 companies have joined the pledge.
Long-standing Compliance with Secure by Design Standards
We fully support the CISA initiative to promote this industry-wide effort. In fact, Arkose Labs has already complied with the pledge requirements for years. As a company working with enterprise clients, including two of the top three global banks, we’ve developed our processes to meet the exacting standards of leading financial institutions and global brands. We adhere to CISA secure-by-design and secure-by-default principles by prioritizing security from the ground up, with a strong engineering pedigree in designing safe products.
Take Arkose Bot Manager, for example. The platform is developed with integrated security best practices, ensuring resilience while also being continually enhanced on an ongoing basis. It was built with end-user privacy in mind, collecting minimal data. The data that is collected is protected with a broad range of security controls such as encryption, access controls, secure SDLC, vulnerability management, audit logging and analysis. Arkose Labs retains data in alignment with our customer contracts, and our privacy and retention policies are reviewed and updated on at least an annual basis. Plus, we’re audited by accredited third-party audit firms per internationally recognized standards such as SOC 1 Type II, SOC 2 Type II, ISO 27001, ISO 27002, ISO 27018, and ISO 27701.
Rigorous Security Design Reviews and Testing
What this all means in practice is that our commitment to security is proactive and ongoing. We continuously monitor emerging threats and update our platform accordingly, leveraging our threat research unit ACTIR’s threat intelligence and external information feeds. Through regular third-party audits by accredited firms and a transparent approach, we ensure our security measures are robust and effective.
We want our customers to see us as a trusted partner, rather than simply a platform provider. That’s why we actively engage with our customers to refine and enhance our solutions, ensuring our offering exceeds current and future security expectations. We are dedicated to owning the security outcomes of our customers' purchases, as a reliable ally in the digital security landscape. And in today’s digital threat landscape, we believe this is more important than ever before.
To meet these strict standards, we implement a rigorous multi-department security design review and sign-off, with multiple manual reviews to ensure the most robust security approach is selected. On a quarterly basis, we perform penetration tests, and we also run real-time dynamic and static application security testing. Plus, our fully documented processes are sharable under NDA. It’s all part of our mission to put security first, and be a business that our customers can trust with full confidence. To that end, we’ve gone a step further and offer a full warranty program and transparent SLAs.
The Role of Cybersecurity Professionals in the CISA Pledge
At Arkose Labs, we believe it’s essential for global technology leaders to collaborate in driving significant progress and accountability on critical security issues. Our commitment to maintaining a security-first development environment is unwavering. For us, taking the Secure by Design pledge is just one more way to demonstrate this. As we continue on our path of leadership and advancements in this area, we’re excited to work closely with CISA to ensure that end users can trust the safety, reliability and integrity of the technology they use.
If you’re in the cybersecurity field, consider taking the pledge too. And if you would like more information about Arkose Bot Manager, book a demo with us.