Security First, Code Second: How Revefi Redefines Enterprise Security from Day One

Enterprise Data
Article
Mar 10, 2024
|
Revefi team

So we tried to get SOC-2 certified before writing a single line of code. Of course it doesn’t make any sense as by definition SOC-2 requires the existence of a software product. However this is a reflection of our thought process - enterprise grade security is core to everything we do from the get go whether it's building the product or establishing the company culture.

At Revefi, security isn't just a priority; it's our foundation. From the inception of our product, we've embedded security into every aspect of our operations to safeguard your data and earn your trust. 

At the helm of Revefi are Sanjay and Shashank, who bring their invaluable experience from co-founding the hugely successful ThoughtSpot, valued at $4.2B. Our team comprises individuals with extensive backgrounds from tech giants like Meta, Google, AWS, and Microsoft, among others. With this wealth of expertise, we intimately grasp and empathize strongly with the intricate enterprise security demands of enterprises. That's why we prioritized initiating our SOC-2 process right away, ensuring that security is ingrained in every aspect of our platform's development. 

Through our diligent efforts, a typical customer’s month-long security clearance process has been streamlined to just a matter of days. Our optimized procedures and rigorous adherence to security protocols ensure swift and efficient clearance, enabling expedited access for our clients.

Foundational Principles

We firmly believe that enterprise security isn't an afterthought—it's a foundational principle that guides every aspect of our operations from day one. By establishing clear guidelines and protocols from the outset, we ensure that security is woven into the very fabric of our product and processes.

Recognizing the multifaceted nature of security, we address various dimensions including infrastructure, coding practices, human factors, and compliance. Leveraging industry-standard practices and consulting with experienced professionals, we meticulously craft a secure infrastructure that stands up to the most stringent security standards.

Establishing a solid foundation enabled us to achieve SOC-2 Type II and HIPAA compliance swiftly.

Be Minimalistic: Start with Least Access Privilege and not the other way by default!

What level of access is justified before a product yields valuable returns? Any product demanding full access for minimal benefits should be at best avoided.

In reality, the common practice in the category is to start with full data-level access. At Revefi, we have reimagined data access, placing enterprise security at the forefront of our innovation. Drawing from our CTO Shashank's tenure at Meta, where he spearheaded the development of a groundbreaking automated data quality framework, we've harnessed the power of metadata to deliver value to data teams while minimizing access to your sensitive information.

Our unique approach operates on a "metadata access" principle, ensuring that we extract only the necessary metadata, query logs, and aggregated statistics from your data source. By default, we never access individual records or personally identifiable information (PII), safeguarding your data against unauthorized access.

Leveraging metadata access alone, Revefi significantly enhances data quality.

Does Revefi incorporate data-level checks? Unequivocally yes! Without a doubt, it's a fundamental requirement. Yet, from the customer's viewpoint, the optimal approach to implementing a data operations system begins with a straightforward query: What's the minimum level of privilege required? What's the incremental benefit of having data-level access?

This method fosters a security-conscious culture within the company. We highly advise beginning with metadata-only access, gradually establishing trust with the system. If and when necessary, additional accesses can and should be granted over time.

Access Controls and Third-Party Tools

To minimize human errors, we've implemented stringent access controls. Our employees undergo rigorous enterprise security training, and access to sensitive infrastructure is restricted based on a need-to-know basis. Multi-factor authentication (MFA) further strengthens our defenses.

Before integrating any third-party tools into our platform, we conduct thorough security assessments. We evaluate encryption protocols, access controls, and compliance certifications to ensure that our toolchain upholds the same security standards as our core product.

Compliance

Compliance isn't just about ticking boxes for us; it's about prioritizing the security and privacy of your data. Achieving SOC-2 Type II and HIPAA compliance underscores our commitment to robust controls and protocols, providing you with peace of mind.

With Revefi's security first approach, another Fortune 1000 customer was able to get all the internal security and compliance reviews completed just within a few weeks and fully onboarded their 20+ BigQuery projects onto the Revefi platform.   

Continuous Improvement of Enterprise Security

While security is paramount from the start, we recognize the importance of continuous improvement. Regular security assessments, vulnerability management, and staying abreast of evolving threats are integral parts of our enterprise security strategy.

Join the Conversation

Have you encountered any security concerns or compliance obstacles in your industry? Share your experiences with us. How do you prioritize enterprise security when evaluating potential software solutions for your business? We value your insights and invite you to join the conversation. Reach out to us at security@revefi.com and let us know how we can better protect your data.

Check how simple and secure data operations monitoring can be – try Revefi for free right now.

Article written by
Revefi team
Table of Contents
Transform your data observability experience with Revefi
Get started for free