When Nick Biasevich, Director of Technical Sales Enablement at Kyriba, is in a sales call with large, Fortune 1000 organizations, there is always one thing that gets the IT and security folks in the room very excited: the ability to do their own penetration testing on Kyriba’s leading SaaS platform.
“They love that,” Biasevich said. “It’s hugely appealing from a security perspective, and we are glad to offer it.”
With the launch of new paid premium security services, Kyriba now enables clients to do their own authenticated and unauthenticated penetration testing, or “pen-testing,” which is essentially a simulated attack on a computer system or platform, to help evaluate its security.
There is probably no better test of platform security than an authenticated pen-test, in which the software provider, such as Kyriba, opens up its SaaS-based treasury
and finance application for a client to take their best whacks in attempting to uncover security flaws. This compares to an unauthenticated pen-test, which is conducted outside of the platform.
Kyriba has always provided prospects and clients with attestation letters from ongoing pen- tests conducted via McAfee. But now, it is one of the first treasury and finance vendors – if not the only vendor – to offer clients the ability to do their own pen-testing.
“We do it because we know we are secure, and aren’t worried about third-party testers finding any type of security flaw,” Biasevich said. “We know this is important to clients from a compliance and regulatory standpoint, and Kyriba considers this level of testing a minimum point of entry into the financial technology sector. It should be without question on every organization’s checklist as they evaluate vendors in this space.”
So why would a company want to do their own pen-testing?
“Companies should want to do this because it gives them the best visibility into how we operate a secure platform,” he said. “While we do our own testing with McAfee and provide an attestation letter, some customers want to own the testing with their vendor so they can guarantee it is done right and they get a full report, which is not provided in the attestation letter.”
In addition to authenticated pen-testing, Kyriba also offers operational audits and other key security capabilities that can be purchased at an additional cost. For more information, fill out our contact us form
or request a demo