BRIGHTCOVE
“ Cybersecurity needs to simply not be the power of no . The whole idea is to always find a way to yes and truly partner ”
KAREN HOLMES , HEAD OF BUSINESS SECURITY , BRIGHTCOVE jurisdictions and technical environments . The company ’ s security framework centres on ISO 27001 certification , an international standard for information security management that enables consistent controls across borders .
Having recently passed its ISO 27001 certification audit , the certification process required demonstrating security controls across all operations , from development to delivery .
“ ISO is the basis of everything we do because we are an international company . If the NIST framework seems to make more sense for a particular customer , we can pull in components of a NIST framework . I ’ ve pulled in COBIT so we can understand the business processes we ’ re tying the security processes to .”
“ For me , it ’ s about creating an equal playing field for security across everything that Brightcove does . Every engineer knows the security rules . By following an international standard like ISO – which is best practice for managing security – everyone knows what they should be doing . The easiest way to secure data is to gather what you need for the purpose you need it , gather nothing else , and delete the data when you ’ re done with it .”
Building a security-first culture Brightcove ’ s approach to security integration reflects a deliberate cultural
aimagazine . com 177