Continuous Defense: ShortPoint’s Program for Proactive Data Security

Security is woven into everything we do at ShortPoint. Literally everything! From the people we hire to the processes we follow and the technology we use, protecting our systems, safeguarding the limited data we collect (license and usage information), and ensuring the security of the ShortPoint platform are our top priorities. That's why we've built what we call Continuous Defense: a comprehensive program that keeps us constantly watching, testing, and improving our security settings around the clock.

Think of the Continuous Defense approach as having a dedicated security team that never sleeps. It's always on the lookout for potential security risks and vulnerabilities before they become real issues. This approach helps us effectively prevent unauthorized access to ShortPoint’s internal systems and maintain strong security standards across our platform

NOTEShortPoint does not access, store, or process customer content or data from your SharePoint environment. All references to “data,” “files,” or “information” in this article refer only to ShortPoint’s own internal corporate data and not customer SharePoint content.

TABLE OF CONTENTS

• Proactive Security: Continuous Detection of Weaknesses
  • Round-the-Clock Vulnerability Scanning
  • Regular Security Testing by Experts
• Structured Remediation
  • Clear Timelines Based on Severity
• Mandatory Monitoring of System Activity
  • What We Track
  • Protecting the Records Themselves
  • Real-Time Monitoring
• Incident Management and Response Plan
  • Quick Reporting and Response
  • Recovery and Learning
• Maintaining Security with Continuous Defense

Proactive Security: Continuous Detection of Weaknesses

Here in ShortPoint, we believe in the saying, "The best defense is to catch problems first; even before they actually become one." That's exactly why we're constantly checking our systems for vulnerabilities using advanced continuous monitoring and security features.

Round-the-Clock Vulnerability Scanning

We run continuous security scans, or what we call "Vulnerability Scans", across all our systems 24/7.  This proactive approach ensures infrastructure security and protects data effectively. It allows us to spot new vulnerabilities or configuration issues as soon as they appear. This means that we see potential threats not weeks or months later, but right where we can prevent them from causing real problems.

We also deploy advanced security agents and tools on our employees' computers and other dedicated software. These tools automatically review our code for vulnerabilities to protect ShortPoint’s internal systems and maintain a secure development process.

Regular Security Testing by Experts

Beyond automated scanning, we bring in real security experts to try to break into our systems (with permission, of course!). This penetration testing is done regularly (or even continuously) by either our certified in-house ShortPoint security professionals or independent third-party specialists who know all the tricks hackers might try.

We also build security features into our development process from day one. Every single code change goes through a mandatory security review by team members trained in secure coding practices. We use advanced protection techniques like code obfuscation to add extra layers of data encryption and security to our software. By tapping into all these, we enhance security and protect sensitive data.

Structured Remediation

NOTEAll references to “data,” “files,” or “information” in this section refer only to ShortPoint’s internal corporate systems and the limited personal data ShortPoint collects (license + usage information). ShortPoint does not store or process any customer SharePoint content.

We don't just identify security risks, we fix them fast. We believe that finding a security issue is only half the battle. What matters most is how quickly and effectively we address it. We consistently develop comprehensive Remediation plans that are strictly followed the moment an issue is identified.

Clear Timelines Based on Severity

When we discover a vulnerability, we immediately categorize it based on how serious it is and follow strict timelines for fixing it. We don't let critical issues sit around. They get immediate attention to maintain data security and protect sensitive files.

Here's how we prioritize:

• Critical issues - these are the most serious threats. It includes vulnerabilities that could impact internal systems, administrative access, or the limited personal data ShortPoint collects (such as license and usage information).
• High-severity issues - these are issues that could significantly compromise the security settings of our platform.
• Moderate and Low issues - these are issues that hold little to no risk.

While vulnerability priority levels guide the urgency of our response, we ensure to address all issues as swiftly as possible.

Mandatory Monitoring of System Activity

If you've installed a security camera in your home before, you probably know that it records everything that happens around your home 24/7. No exceptions!

That's essentially what we do in ShortPoint. We have a Logging and Monitoring Policy that establishes comprehensive requirements for audit logging and monitoring of system activity across all ShortPoint system components.

What We Track

Our systems automatically create detailed records whenever important events occur, including key activities:

• Any attempts to access, change, or delete ShortPoint internal system data
• When people log in or out, and any failed login attempts
• Every action taken by administrators (since they have the most access)
• Changes to system settings, software updates, or security patches
• Any suspicious activity detected by our security tools

Protecting the Records Themselves

These logs are kept accurate using time synchronization based on official atomic time standards, ensuring precise tracking of all events. The logs themselves are protected from tampering through robust security measures and stored securely in backup servers separate from our main systems.

Real-Time Monitoring

We don't just collect logs and call it a day. Our systems actively monitor everything in real time. It immediately alerts us if something critical fails or looks suspicious. This proactive approach to continuous monitoring and enforcing security policies helps us quickly identify and respond to potential security incidents.

Incident Management and Response Plan

Prevention is always the key. But even with the best prevention, things can still go wrong. Good thing, ShortPoint is prepared for it. We have created a formal Incident Response Plan (IRP) to ensure quick and effective action when a breach happens. It involves identifying, containing, investigating, resolving, and communicating information related to the breach. And to ensure its effectiveness, we test the plan every single year.

Quick Reporting and Response

The whole ShortPoint team is trained to safeguard security. Each team member knows that if they see potential security incidents or risks, they are to report them immediately, no exceptions. When we see that our customers might get affected, we update our status page to keep you informed with transparency and timely communication.

Once we confirm that a security incident has occurred, we spring into action following our established incident response plan to contain the problem and stop it from spreading. We're careful to preserve all evidence during this process to enable a thorough investigation and support regulatory compliance requirements.

Recovery and Learning

After we've contained a security incident, we work diligently to recover any affected ShortPoint internal systems or operational data.

But we don't stop there. Once everything is back to normal, we conduct a thorough post-mortem review. We ask ourselves: What was the root cause? How can we improve our security settings? What can we learn from this to prevent future security incidents? This review process is crucial for enhancing our security best practices and reinforcing our continuous monitoring efforts.

If needed, we provide additional training to our team on enforcing security policies. We also incorporate these lessons into our ongoing security risk reviews and compliance obligations. By constantly developing our response plan, our security protocols grow stronger and more resilient.

Maintaining Security with Continuous Defense

At ShortPoint, we don't take security as a one-time project. It is and will always be our ongoing commitment to you. Our Continuous Defense approach means we're always vigilant, always improving, and always putting data protection first. It's how we earn and keep your trust, day after day.

Related articles:

• How ShortPoint Classifies and Encrypts Data
• Security by Design: How ShortPoint Protects Data
• Zero Trust Access: How ShortPoint Keeps Data Safe with Smart Security
• Security in Software Development Life Cycle: How ShortPoint Keeps the Development Lifecycle Safe and Secure
• Organizational Resilience: How ShortPoint Ensures Business Continuity
• Creating a Company Culture for Security: How ShortPoint Builds a Culture of Compliance
• SOC Compliance: How ShortPoint is Committed to Validating its Security Measures
• Privacy by Design: How ShortPoint Complies with the General Data Protection Regulation