Your Collaborative Work Management Security Checklist

2018 will go down in history as the year some of the world’s most notable companies experienced huge data breaches. Even social networking tech giant Facebook made countless headlines as it dealt with a slew of major security attacks that affected more than 100 million users.

The average data security incident cost U.S. firms $7.91 million, and there’s something priceless at stake — customer trust. With the first breach of 2019 occurring less than 24 hours into the new year, this threat isn’t going away, and security should be a top concern when considering new tools for your tech stack.

One tool you need to take another security look at? Your work management platform. Sure, you could keep your work in Excel or try to hide from the cloud, but over 250,000 organizations have adopted a work management solution, and you need one to stay competitive. These tools improve collaboration, increase productivity, enhance visibility, and — if you get the right one — provide security. All of these are critical for business growth.

Here's a checklist of the major security requirements to help you evaluate which collaborative work management solution is right for you:

Your work management security checklist defined

Security where your data is physically stored

Is the work management tool provided by a global business? Where do they physically hold their data? Different states and countries have very specific data-security compliances laws. One state’s security laws might not align with your needs. Ask where the company stores its data, and make sure the security standards at the storage facility are up to date.

For example, our data center in the U.S. is compliant with SSAE 16 Type II and ISO 27001 standards, and our European data center is compliant with ISO 27001 and ISAE 3402 standards (equivalent to SSAE 16). All server and network components are constantly monitored by Wrike staff and our colocation providers.

A creepy, masked cyber hacker staring at multiple screens while typing vigorously (like on TV) isn’t your only threat. Ask about the physical protection of the storage facilities like 24/7 manned security, power backup systems, physical access controls, smoke and fire alarms, and digital surveillance systems.

Disaster recovery plans and certifications

Is the vendor’s plan in case of a disaster scalable and secure? Wrike's disaster recovery infrastructure resides in Google Cloud Platform for both U.S. and E.U. regions, offering great scalability and security with SSAE16 / ISAE 3402 Type II, ISO 27001.

An ISO 27001 certification means that the vendor has implemented industry best practices in security-incident management and physical security. It shows that the vendor has systemized controls to limit any damage to your organization in the case of an attack. This increased security reliability means you can be confident in sharing sensitive data.

You also want to make sure that data is both backed up and available on redundant and geographically dispersed servers. Ask how frequently a full backup is performed and if it’s stored in an encrypted environment that is physically separated from the primary servers.

Your Collaborative Work Management Security Checklist 2

Continuous reliability

Uptime is a computer industry term for the time during which a computer is operational, meaning that no malfunction occurred. A tool is only useful if it can be used. High uptime means a company is stable, secure, and experienced. Ask what the vendor’s uptime is to determine their security reliability.

As an example, over years of continuous service, Wrike has consistently met or exceeded a 99.9% uptime, ensuring customers can access their tasks and projects when needed without interruption.

Network and system security

What procedures are used to prevent, detect, and promptly remediate the impact of malicious traffic and network attacks? Do you have a contingency plan if these attacks happen? Are there regular updates and patch management? Understand how frequently the vendor performs internal network security audits so they can easily spot and fix dangers. When it comes to data security, a quick response is the key between danger and disaster.

User authentication programs

What are the protection and password policies? Even if your team is well trained and using passwords more powerful than “Password123,” email and password combinations are a huge hacking danger. Look for tools that will help your employees secure their data. For example, Wrike supports multiple methods of federated authentication, including Google Open ID, Azure, Office 365, ADFS, SSO, and SAML2 to conveniently and securely gain access to a Wrike account leveraging corporate credentials.

Bonus! Is the vendor’s platform available on mobile? It's essential that user authentication programs serve an increasingly dispersed workforce, and can be compatible with remote working software. Understand which security functionalities are inherited and what additional security features are provided, like certificate pinning, checking against rooted/jailbroken devices, and application-level protections using a PIN code or fingerprint.

Customer support policies

Ripping your hair out over login and platform issues is a huge security risk. Your hair could fall on the ground and that DNA can be used to log in. Joking!

However, you want to make sure the vendor has strict policies on how to verify your identity and help you access your account. Knowing how their team can access your data if needed helps you keep it secure. They should have policies that allow you to dictate when and how they see your data. Ask vendors to share their policies around escalation, management, knowledge sharing, risk management, and day-to-day operations.

Who in the vendor's organization has access to the data center? There should be strict policies in place. For example, at Wrike, access requires establishing a VPN channel, multi-factor authentication, a one-time password, and a personal certificate. As a best practice, we also have policies in place to limit access to customer data to employees with a job-related need. When teams are trained and have strict policies, you dramatically reduce data security risk.

Data privacy and encryption

What type of data security certifications and compliances does the vendor have? Do they align with your business requirements? What third party is doing their security assessments?

Understanding what technology is protecting your information helps you ensure that your data is secure beyond measure. Even if someone was able to gain access to your data, they can’t read it directly if it’s encrypted. Thus, an extra layer of much-needed protection.

Stay nimble and secure with Wrike

In our recent study of 1,000+ professional services leaders, 75% said that data security was a big concern for clients, and 60% reported that those concerns kept them from being agile or building strong relationships.

It may not sound intuitive, but security is at the heart of collaboration. Whether your business is B2B or B2C, teams need a safe space to communicate, innovate, and work, so they can stay on top of projects and maximize creativity.

As you review vendors for work management platforms, consider that cost and make security a top priority. A tech stack that prioritizes security does more than just save you money by avoiding costly breaches. When your team has a safe space to get creative, innovate, and collaborate, you differentiate yourself from the competition and empower your business to stay at the forefront of your industry.

Security where your data is physically stored
Disaster recovery plans and certifications
Continuous reliability
Network and system security
User authentication
Customer support policies
Data privacy and encryption

Along with being the leading collaborative work management platform, Wrike continues to be a pioneer in security. We‘re dedicated to making Wrike the most secure and reliable collaborative work management platform on the market. We’re always adding new tools and features to help teams stay nimble but secure. Wrike Lock, for example, lets you own and manage the keys to your encrypted Wrike data, giving you increased control even over data in the cloud.

Our advanced security features help your teams focus on what really matters. Want to learn more about how Wrike helps you stay secure as you grow your business? Start your free trial today.

Collaboration 5 min read

What Is ISO/IEC 27001 in Information Security?

You might’ve assumed that ISO 27001 was a granular piece of IT jargon, but there’s more to it: ISO standards are the unsung heroes that help simplify a complex and oftentimes incompatible world.

Project Management 7 min read

Raising the Security Bar in Collaborative Work Management

Hardly a day goes by that we don’t hear about a new security breach. 2018 saw a total of 1,244 reported data breaches in the U.S., according to a recent report by nonprofit Identity Theft Resource Center and security and privacy services firm CyberScout. While this number was down from 2017’s all-time high of more than 1,600 breaches, the number of compromised records exposing sensitive, personally identifiable information (PII) skyrocketed by 126%. This doesn’t even include the 1.26 billion non-sensitive records that were also exposed. As more data is created and business increasingly plays out in the online digital space, data breaches will only get more severe. Balancing security and flexibility in the cloud In an effort to maintain control and avoid these data disasters, some enterprises are still often reluctant to adopt third-party cloud applications, opting for on-premises solutions instead. As a result, they’re missing out on rapid, innovative cloud solutions to challenges like scalability, software updates, mobile connectivity, etc. In an age of mobile devices, remote workers, always-on customers, and lightning-speed innovation, cloud software is no longer optional if you want to remain competitive — even for the most conservative enterprises and industries. And while fast-paced, adaptable SMBs usually have far less stringent security requirements compared to enterprises, companies of all sizes should be equally concerned with today’s heightened security risks. The good news is that security and flexibility don’t have to be at odds with one another. Once companies accept that maintaining security is a constant and ever-evolving practice, they can take the steps necessary to protect their data, guard against the risks of today, and anticipate the threats of tomorrow. This point of view is why Wrike has always been at the forefront of collaborative work management security. Data protection has continued to be a core priority for us as we continue to grow our enterprise customer base and expand into new markets and industry verticals. Securing the collaborative work management space More than 250,000 organizations have adopted a collaborative work management solution. And while many vendors’ focus has been on solving problems like low productivity, poor collaboration, and broken workflows, addressing security needs that are unique to the enterprise — like considering how data is managed at scale — should also be a primary goal. Wrike refuses to merely meet the industry-standard minimum requirements for security in the enterprise. Security has always been one of our core pillars, and we’ve continuously pushed ourselves to solve more than just collaboration or work management challenges. Bare minimums won’t fly in the enterprise, nor are they good enough for being the digital workplace that companies trust with their invaluable data. We understand the best collaborative work management solutions solve for convenience and transparency in addition to control and security. Our customers want to be transparent and collaborative, while also being protected, whether that is from external or internal threats, accidental or malicious. That’s why we strive to keep this dichotomy in mind when developing new features or products for the Wrike platform, including the features I’m excited to announce today. Introducing Wrike’s new enterprise-grade security features The Wrike security strategy includes a comprehensive approach across five categories: physical, network, system, application, and people. Our latest platform security features include: Wrike Lock is an add-on feature that allows customers to own and manage the keys to their encrypted Wrike data, giving them data access control and audit capabilities even though their data is in the cloud. CASB integration support allows customers to use the CASB offering of their choice to enforce enterprise security policies on their Wrike data, enabling them to easily spot unusual user activity and better protect data stored in the cloud. Customized Access Roles better ensure privacy and content integrity by enabling customers to create roles with unique permission sets in order to satisfy varied access and sharing requirements. Access Reports enable customers to quickly and easily see which users have access to folders, projects, and tasks, as well as any tasks with attachments that external guest users have been invited to review. Selective sharing allows customers to make it so that folders and projects do not follow the default of inheriting sharing settings from parent folders or projects, giving greater access control over specific subfolders and subprojects. The new sharing interface makes it easier and more intuitive for users to modify sharing settings, better enabling and encouraging them to take greater control of access to work in Wrike. The new antivirus feature will scan files for viruses prior to being uploaded to Wrike, which will enhance the security of users’ devices by mitigating the risk of uploading or downloading infected files from Wrike. This feature will be available in 2H 2019. Wrike has also just completed the ISO 27001:2013 certification from BSI (British Standards Institution). The ISO/IEC 27001:2013 certification demonstrates that Wrike has a complete end-to-end security framework and a risk-based approach to managing information security, and illustrates Wrike’s commitment to a mature and robust security strategy. ISO/IEC 27001 is the most highly regarded and only internationally recognized standard for the establishment and certification of an information security management system (ISMS). It provides a set of requirements for an ISMS, establishing a systematic, risk-management-based approach to people, processes, and IT systems in order to protect sensitive company information. Raising the bar In today’s digital world, the moment you believe you’re secure is the moment you open yourself to an attack or breach. This is true regardless of your company’s size. Wrike’s ISO certification, Wrike Lock add-on, and all of our new and upcoming security features demonstrate our commitment to making Wrike the most secure collaborative work management platform on the market. As security threats evolve and the stakes get higher with every breach, Wrike will continue to invest in the security of our services and push the industry standard for collaborative work management. To learn more about Wrike’s Security practices, please visit our security page. And for more information about today’s announcement, read our press release.

Leadership 10 min read

Think Security Breaches Are the Biggest Threat to Your Company? Think Again.

Security breaches aren't the only threat to the enterprise. There’s another, more subtle danger that may have an equal impact and longer-lasting consequences.

For Teams

Use cases

Apps & Integrations

Explore Wrike

Learn and connect

Become Wrike Pro

Your Collaborative Work Management Security Checklist

Your work management security checklist defined

Security where your data is physically stored