Wrike has announced improvements to its security stance and offering for enterprise customers. The work management software company has achieved ISO/IEC 27001:2013 certification from the British Standards Institution. It has also upgraded its collaborative work management (CWM) platform with several new features. One of these, Write Lock is available as an add on product.
The growing attraction of ISO 27001
Information security management is top of mind for many organisations. The enforcement of GDPR has helped to focus minds. Companies need to provide their board with assurances that their cyber risk is under control. Third party cyber risk is also becoming increasingly important. Companies now realise that the most vulnerable point of entry is often in part of its supply chain.
Vendors such as Wrike and Prophix have woken up to this. They are now looking to give assurances to customers that their systems are secure. One of the common ways to do this is to look at the certifications available and pick one that demonstrates their security stance. One of the most recognised global standards is ISO 27001. Both of Wrike’s data centres in San Jose and Amsterdam adhere to 27001. It has now widened its coverage of the standard.
It is not entirely clear from the press release what the certification covers at Wrike. However the Wrike press release states that it demonstrates that Wrike has: “an end-to-end security framework and a risk-based approach to manage information security.” In achieving the certification it will have established: “a systematic, risk-management-based approach to people, processes, and IT systems in order to protect sensitive company information. “
Wrike Lock is a new add-on feature that enables customers to control access to encryption keys. It provides an added level of surety to customers that only they are able to view the data that Wrike hosts. Wrike Lock include four main features:
- Customer-managed encryption keys: Customers gain a “master” encryption key for all their Wrike data which only customers hold.
- Key encryption: Not only is the Wrike data encrypted but the keys to data are also encrypted.
- Audit and governance controls: Customers are able to control whether Wrike data is decrypted though master key management. The master key enables decryption of keys to individual keys for Wrike account data and Wrike attachedments.
- External encryption key storage: The master key can be stored in Amazon web services secure Key Management Service.
While the press release states that this is an add-on feature there is no indication either in the press release or on the website around the cost.
This new feature is one that industry analyst , Wayne Kurtzman, IDC Research Director for Social, Communities and Collaboration believes should help Wrike. He commented: “Collaborative work management is how businesses are responding to a more tech-savvy workforce that expects the flexible benefits of collaborating and managing all kinds of work – not just formal projects.
“Often starting in small teams, enterprise-wide deployments offer significant benefits to company productivity, but often require complex security and governance requirements. Wrike Lock, as well as the company’s other enterprise-grade security features and certifications, make Wrike an attractive and viable option for enterprise customers.”
New features added
Wrike has also strengthened the general security of its CWM patform. It has announced six new features:
- CASB integration support allows customers to use the CASB offering of their choice to enforce enterprise security policies on their Wrike data. It enables them to easily spot unusual user activity and better protect data stored in the cloud.
- Customized Access Roles ensure privacy and content integrity. It enables customers to create roles with unique permission sets to satisfy varied access and sharing requirements.
- Access Reports enable customers to quickly and easily see which users have access to Folders or Projects. It also shows which Tasks have attachments for which non-Wrike guest users have been invited to review.
- Selective sharing ensures Folders and Projects do not follow the default of inheriting sharing settings from parent Folders or Projects. This gives greater access control over specific Subfolders and Subprojects.
- A new sharing interface makes it easier and more intuitive for users to modify sharing settings. This enables and encourages users to take greater control of access to work in Wrike.
- The new antivirus feature scan files for viruses prior to being uploaded to Wrike. This will enhance the security of users’ devices by mitigating the risk of uploading or downloading infected files from Wrike. This feature will be available in 2H 2019.
Wrike is taking security seriously
Write appears to have a mature approach to security. It aims to address physical, network, application level, and organisational security to deliver what it believes is an Enterprise Grade Security wrapper. It is compliant with EU – U.S. Privacy Shield and Swiss – U.S. Privacy Shield. It also has a data centre located in the EU. The question is whether it will also need to provide a data centre in the UK soon, due to Brexit and also Germany which has a specific data sovereignty controls.
Wrike Founder and CEO Andrew Filev commented: “Security is a top concern for enterprise companies, and rightly so, but SMBs often fail to examine new apps and tools with the same level of scrutiny – and they do so at their own peril. In today’s digital world, the moment you believe you are secure is the moment you open yourself to an attack or breach, regardless of your company’s size.
“The ISO certification, Wrike Lock, and all of our new and upcoming security features demonstrate our commitment to making Wrike the most secure CWM platform on the market and we will continue to invest in the security of our services to exceed industry standards.”
Enterprise Times: What does this mean
Wrike is already used in more than 18,000 organisations. However, it now needs to demonstrate that it can deliver the enterprise level features that the enterprise wants and expects. Security is fast becoming a critical risk issue in business. The increasing number of breaches recorded demonstrate that companies need to ensure that all systems used across an organisation meet a certain security level.
Wrike has demonstrated with the certification and the new features that it is stepping up its security stance to meet the new requirements. Others in the work management space have also achieved certification, for example Monday.com . More vendors across the SaaS landscape will need to deliver similar certifications. For some this will not be easy.