Ensuring Customer Trust: The Role of Security in Integration
In this episode of “Integration. Redesigned.,” our host, Chief Marketing Officer Cait Porte, meets with Travis Morrow, Head of Security at Digibee, to discuss the critical topic of data security. The conversation covers the top priorities for security departments and their alignment with customer trust, lessons learned, the importance of hiring a well-rounded security team, and the significance of secure tools and capabilities for application integration, especially when accommodating legacy integrations. Overall, the episode provides insights into the intersection of security and integration in today’s digital landscape, highlighting Digibee’s commitment to our customers.
Digibee completes SOC 2® Type 1 Certification
Digibee announces completing SOC 2 Type 1 certification, demonstrating its commitment to the highest standards of data security and managing customer data.
Our Platform
Learn more about our platform and get an overview of how we provide security at every level with flexibility to accommodate every customer’s unique security needs.
Security White Paper
Digibee’s platform provides a safe and security environment with security protocols that are well-defined, documented, and that meet or exceed industry best practices.
Full transcript
CAIT PORTE
Hello, and welcome back to Integration. Redesigned. I’m your host, Cait Port, and today I am joined by Digibee’s Head of Security, Travis. Welcome, Travis.
TRAVIS MORROW
Thank you, Cait. Happy to be here.
CAIT PORTE
Very happy to have you. I’m sure it will not be the last time you’re on.
Security, hot topic every time of year, all the time, whether you’re at home, whether you’re at work, traveling around, security, data, privacy, top of mind for consumers, top of mind for businesses. We hear about all kinds of breaches. I think the latest one had to do with Xfinity or Comcast customers exposing all kinds of data and information. So, I’m certainly looking forward to learning a little bit more about security and how that gets processed. Of course, I know the insider scoop because Travis and I work together every day.
But Travis, from your perspective, what are the top priorities for a head of security?
TRAVIS MORROW
Thanks, Cait. So yeah, it’s a pretty wide range, but specifically here at Digibee, I really base all my priorities off of customer trust. Working at Amazon, that was a big piece and a big takeaway there. And so what are things that provide confidence in our product? And so, you know, my top priorities are really everything that is gonna enable our customers to be secure. So, some of the really great initiatives we have coming down in ’24 is gonna be like our ZTNA story, right? Where we can allow individual workloads to have only access to very specific resources. And it allows for a really great authorization authentication model.
We’re looking to bring your own key. So, that’s a hot item where customers want to maintain sovereignty of their keys and so that if they move elsewhere or they have other workloads, they’re able to maintain and ensure for their compliance that their keys never left premise.
As well as identity. So that’s a major topic here. It enables everyone’s identity life cycle, their management of users, meets their compliance initiatives. And so we just released self-service for SSO. And there’s a bunch of new work that we’re looking to do in 2024 around able to manage those identities, utilizing a SCIM integration so that groups and users can auto be provisioned and removed so that, you know, it just helps the individual customer’s lifecycle there and their security compliance story.
Some of the areas that I am, you know, I’m very concerned about as well and things that we’re going to dive into in 2024 is going to be supply chain security. So source validation, runtime reviews, as well as even safeguards and restrictions on what can be launched if it’s not been reviewed, secured, and signed. As well as Digibee’s very own internal Zero Trust journey, where we are making sure that from the endpoint all the way to attestation to users that everything is at the highest level before allowing authorization or access to any systems in our premise. So, those are some of the top priorities I have for 2024.
CAIT PORTE
I love that you’re framing this in terms of our priorities are dictated by customer requirements or asks, right? Of course, it’s never a, “hey, build me this so that I’ll buy your platform or renew it” or whatever, there’s always a negotiation. But I love that we’re taking the lens of the customer and saying, “okay, what’s important to you? What will make it easier? How can we help accelerate your business? And how can we help simplify the process by which integration happens?” And that’s a really important piece.
We were talking about our value pillars and security came up as one of the things were said, hey, is keeping this secure one of the top things that we think about? And Peter’s response, who’s our co-founder and CTO said, “security is at the helm of everything we do,” right? We’re thinking about that every step along the way. And I think that that really speaks to some of the things that you’re thinking about. So, I love that answer.
TRAVIS MORROW
Awesome. Thank you.
CAIT PORTE
You’ve got this amazing background. You referenced Amazon. I know you’ve worked at several other big names. I love to ask this question, but what are some of the hard lessons that you learned that you’re making sure to avoid not only in this role, but in future roles as well?
TRAVIS MORROW
Like you mentioned, I do have a range of experience over the years. And so one of the things that I’ve seen time and time again is burning resources on improbable issues. And so very simply, that is tackling the wrong thing. So things that either aren’t important to our customers and/or are not likely to happen. So if we spend lots of resources and time worrying about what if the US sank, right? I mean, that’s not a really good use of our time. We’re better off looking at more like attack vectors and where are we commonly seeing attacks, where are peers seeing attacks, and how do we make sure that we aren’t vulnerable?
Similarly, also hiring in the wrong locations. So, for instance, you know, the typical cartoon character that has the giant arms, but the little stick legs. I’ve seen this over and over and over again in a lot of different organizations where maybe you have a leader that really dislikes certain disciplines of security. And so, for whatever reason, they don’t hire in those areas. And so, what inevitably happens is that’s where you start having problems. And so, like if you didn’t hire in defense, then as soon as you have an incident, you know, you have a massive problem because you haven’t invested and haven’t put that time in and built those leg muscles up, for instance. So making sure that we have a well-rounded program and that we’re hiring in all the areas to ensure that, you know, we are moving forward in a healthy and structured way based on our risk tolerances and our customer needs.
CAIT PORTE
Huge one, right? Having the right team. I just came off of a meeting earlier today where you have a newer team member over on the product marketing side and having a really strong resource in any role makes a huge difference not only for the leadership because it gives you sort of that peace of mind of someone owning it, but also because you can then allow yourself to focus on the things that are really important in your role. And I think it’s a really good call-out that says, look, you’ve got to take that ego out of it and say, where do we need to hire for the best interest of the business? So I really like that example.
Integration. Let’s take it more specifically to the work that we’re doing. Application integration, we’re dealing with all kinds of sensitive data. When we think about security within integration, what does that mean to you? And what about security and the future of Digibee? I mean, obviously we talked about the priorities, but when you think about the things that are top of mind within integration, what does that mean to you?
TRAVIS MORROW
And so, like I mentioned, some of the FY24 priorities definitely will play into that specifically around integration. But to me, security and integration means providing the tools, the guardrails and capabilities so customers can have a default secure development practice, lifecycle, and deployment.
However, we also have to allow for legacy integrations. And sometimes, as we all know, those may not be able to meet those security standards. And so allowing customers to, by default, have the strongest, say, TLS ciphers or the best, you know, like the strongest AES levels of encryption that we can provide, but also understanding and allowing them to utilize older protocols so that they are able to do their integrations.
Now, that also means that, you know, on our side, when they’ve built these integrations, we make sure that they have a secure platform to run it on. And so all that goes on behind the scenes, we take care of that. And so making sure that there is confidence in our infrastructure, our uptime, our ability to handle incidents, and denial of service attacks even, because these customer workloads are business critical. So that’s all kind of wrapped up in what does security mean for integration.
CAIT PORTE
And it’s so important because again, while Digibee can of course handle these B2B application to application integrations, we’re very much focused on those complex business-critical, mission-critical use cases. And you have to be thinking about that along the way.
So what I love that you’ve brought to the organization is that we’re thinking about integration from the, excuse me, security, from the very start of the process, as opposed to an afterthought like, “oh yeah, we should have this.” And I think that that becomes sort of that ethos where it’s a part of what we do and how we do it.
TRAVIS MORROW
Right. Absolutely.
CAIT PORTE
Well, Travis, thank you so much for joining us today.
TRAVIS MORROW
Thank you, Cait.
CAIT PORTE
And for those at home listening, or wherever you are, take a look at the link in this episode, you can you can get a little bit more on Travis’s bio. Thank you for joining. And that’s it for this episode of Integration. Redesigned.