Expanding digital footprints due to accelerated digital transformation means that cybersecurity has become mission critical for organizations around the world. Applications that used to be manual and served up from behind the firewall in the data center are now delivered automatically from highly distributed cloud infrastructure or Software as a Service (SaaS) platforms. These expanding threat surfaces are making it easier for malicious actors to take advantage of weak links or security gaps to infiltrate the network, spread laterally in search of high profile targets, and extract valuable information about your organization or users.
Why is Ensuring Digital Credential Security Important?
According to the 2022 CyberEdge Cyberthreat Defense Report, 85% percent of organizations experienced a successful cyberattack within the last 12 months while 40% percent were the victims of six or more attacks – the most ever recorded for this particular survey.
Any digital platform–no matter how far removed from your core technology stack–can serve as the launch point for a serious cyberattack. This is why we take data security and privacy seriously at Credly and adhere to rigorous data integrity processes to ensure every issuing organization feels confident and secure across Credly’s platforms.
So, what exactly should you look for when it comes to a digital credentialing platform and data security? How can you ensure you’re issuing secure credentials? Here’s a checklist of things to consider:
1. Ensure compliance with data security and privacy requirements.
A credentialing platform invested in data security and privacy requirements should regularly perform scans of its codebase to check for vulnerabilitiesAs the leader in digital credentials, Credly understands the power of third-party verified certifications andmaintains a variety of certifications of the Credly platform. Those third-party certifications include an ISO 27001 (Information Security) certification, a Microsoft Supplier Security and Privacy Assurance (SSPA) certification, and a certification to the Asia-Pacific Economic Cooperation (APEC) Privacy Framework. Credly complies with the European Union’s General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA), both of which are designed to give individuals control over their personal data and limit what companies can do with it. Credly regularly monitors data security and privacy laws, regulations, and best-practices across the world to take a “highest-common-denominator” approach that benefits customers and users alike.
Maintaining compliance with all of these, as Credly does at the application level (not simply relying on the data center certifications), is extremely important when protecting the privacy of your badge earners.
2. Conduct regular data integrity checks.
Implementing security throughout the software lifecycle from development to testing to production is a great way to ensure your code is always secure. A credentialing platform invested in data and credential security should regularly perform scans of its codebase to check for vulnerabilities, and should design new products with privacy built-in by design and by default.
This intrinsic approach–rather than simply bolting on security–makes it likely that a vulnerability will not go unchecked long enough for a threat actor to take advantage. Credly clients rest assured knowing that Credy builds data integrity checks into its routine code development and review cycles and regularly engages independent experts to run penetration tests and vulnerability scans of Credly’s code and operating environments. It’s also important to note that Credly is ISO 27001 (Information Security) certified, proving adherence to the highest security standards in the industry.
3. Create a contingency plan.
Sometimes things happen. Whether it’s a natural disaster or a technical incident, a trustworthy and secure credential platform needs a contingency plan. Credly has an incident response plan that gets reviewed and tested regularly, and Credly employees are trained to ensure they can execute it successfully if the event that it’s needed. In fact, Credly is certified to the ISO 22301 (Business Continuity) standard. We do this to give our clients peace of mind knowing their digital credentialing platform is secure, so they can focus on their core business.
4. Forge reliable partnerships.
Data security and ensuring secure credentials are best achieved through strong partnerships. Credly’s physical infrastructure is hosted and managed by Amazon Web Services (AWS), whose data center operations have achieved a wide variety of security certifications and serve as the backbone for security-sensitive organizations. You can read more about the security program on their AWS' cloud-security portal.
By partnering with Credly, you’ll automatically benefit from the security of AWS and the most flexible and secure cloud computing environment available today.
Putting It All Together: Choosing a Secure Credentialing Platform