← Back to resources

Providing Security by Design - The Element Security Program

July 27, 2021

According to one recent study*, a massive 78% of companies say that they lack confidence in their company's current cybersecurity posture. While this revelation has prompted at least 91% to increase their defense budgets in 2021, it still points to a harrowing trend that is only poised to get worse before it gets better.

Equally concerning is the fact that, according to the Ponemon Institute's annual Cost of a Data Breach Report, the average total cost of a  breach hit $3.86 million in 2020. Much of this can be attributed to the ongoing COVID-19 pandemic, which saw a massive spike in cyber crime of all types. With the massive spike in ransomware in 2021, including the Colonial Pipeline attack, it’s easy to see why organizations take cybersecurity so seriously.

At Element, we understand that customers have a need to have full access to their data, 24/7.

Our Information Security Management System (ISMS for short) was developed through our implementation of the ISO 27001 standard. It's designed to not only secure the information that an enterprise depends on daily, but also increase its resilience to fend off cyber attacks, reduce the costs associated with information security and more.

The Element Security Program: Governance, Risk, Compliance and Beyond

The team at Element prides itself on doing more than "just" security. We're constantly examining cybersecurity best practices and capitalizing on opportunities to do things better.

This is especially evident in terms of governance. SOC2, PCI-DSS and similar standards bodies offer sets of policies and procedures that must be followed. They are guidelines that provide the bare minimum of protection - nothing more, nothing less. ISO 27001, on the other hand, is a way of operating that improves our security posture on an ongoing basis, as well as the policies and procedures designed to safeguard your enterprise’s lifeblood - its data

Our ISMS, based on ISO 27001, helps us adapt as new threats emerge. We take a proactive approach to cybersecurity, which allows us to stay one step ahead of the bad actors who cause harm.

It's also important to note that this is a true company-wide effort in every sense of the term. It's not a stance that is relegated to the engineering department. It includes executive oversight, regular review cadences, and key performance indicators (KPIs) that we track on an ongoing basis.

All of this is done so that our security program continues to grow and evolve as market needs change. If all of this sounds like an enormous amount of effort, that's because it is. But while it may not be the easiest option for a security program, the continuous improvement we have realized since implementing the program shows that it's more than worth it.

Sophisticated Controls for Better Cybersecurity

At Element, we have a comprehensive set of controls in place to help safeguard the critical data that individuals are creating, storing and sharing on a daily basis.

Every member of our team goes through rigorous background checks to make sure they're able to meet the demands of safeguarding your information. They also go through extensive training to ensure they're up-to-date on all the latest cybersecurity trends, tips and best practices, and we have Access Control Validation throughout all points of our facility to make sure that the only people who have physical access to a particular area are those who need it to do their jobs.

With regards to our internal IT infrastructure, we deploy automated endpoint protection that brings with it the following capabilities:

The Element Security Program also employs DLP, or data loss prevention services. These are a collection of tools that perform both content inspection and a contextual analysis of all the data being sent via channels like email, text-based messaging and more. This allows us to monitor information that is in use, at rest and even in motion - preventing data exfiltration in real-time. This, in and of itself, goes a long way towards making sure that customers’ confidential information isn't being shared with people who shouldn't have it.

Additionally, we provide automated phishing testing and training for employees - something that is truly essential in the modern era. According to one recent study, about 74% of organizations in the United States say that they've experienced a successful phishing attack. This is a massive 14% increase year-over-year. Phishing attacks are becoming common and they can be devastating if left unchecked.

Thankfully, the Element Security Program routinely exceeds industry benchmarks - both for user awareness and for the detection of phishing attempts across the board.

Protecting the Cloud, Protecting Your Business

The cloud networking security at Element is state of the art, we use network isolated cloud resources that themselves are shielded by an SSO integrated VPN (Virtual Private Network). Not only does this encompass all internal services, but also our development tools, our products and more.

We also offer features like:

In terms of logging, monitoring and alerting capabilities, we deploy CloudTrail with Amazon Web Services and Azure Monitor in MSFT to increase visibility as much as possible. All logs are forwarded to our logging system for centralized storage and analysis, which itself is the key to uncovering trends and patterns that may otherwise go undiscovered.

In regard to data, we follow all durability best practices and offer encryption both in-transit and at rest. In addition to the data loss prevention (DLP) services outlined above, we provide sophisticated disaster recovery solutions to help get your operations back up and running should a data breach occur. Even as the attack continues, we can replicate your data at a secure site so that you don't lose productivity.

Application Security

Finally, with regards to Element Unify, we perform a static analysis of all code—complete with vendor-managed policies and rules. This allows us to discover, triage, and patch any vulnerabilities before they become security threats.

In addition to static analysis, we also conduct penetration testing to continue to mitigate vulnerabilities that may one day impact our clients. These tests are run against our live systems, targeting both Element Unify and the underlying infrastructure.

We leverage NeuVector for our Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), both of which allow us to compare network packets against a comprehensive database of known signatures for cyber attacks, and discovers unusual communication patterns between the workloads that make up Element Unify. This allows us to flag any suspicious packets immediately, preventing them from harming the rest of the network, and restrict unusual traffic which could be indicative of an attack. This adaptive monitoring with reinforcement learning allows us to block unusual traffic immediately, and alert the security team to respond appropriately.

We also offer several additional levels of security in some of our packages. Single-Tenant hosting options are available, as well as SSO integration to your cloud identity provider (Azure Active Directory, Okta, OneLogin, etc), and finally we offer Private Link on both AWS and Azure to provide a completely private experience for Unify data, transporting all traffic between the customer’s network and Element Unify over the cloud vendor backbone network and not the public internet.

Ultimately, the team at Element wants customers to rest easy knowing that we're doing everything we can to keep their valuable data safe, and that is one standard we will not compromise.

To find out more about the major benefits of The Element Security Program, or to discuss any other questions you may have, please - contact Element today.


------

* Read the study here