Start-ups committed to becoming something special begin building their new business as they mean to go on, particularly in the potentially business velocity-killing areas of security and compliance. For start-ups in highly regulated industries like healthcare and finance, the requirement to have the right technical and organizational controls in place is nothing less than existential.
End of summer 2020: Bearer takes the decision to pivot. We have been building an API monitoring & debugging solution for engineering and DevOps teams. We have a stable product and dozens of users onboard. Even so, after months of iterations product adoption is still low and our positioning with all-in-one monitoring solutions is disadvantageous. Product-Market-Fit (PMF) is definitely not in the line of sight.
Bearer has partnered with Trace to help companies leverage the best of services and software and build a connected compliance program. Bearer is innovating data risk assessments to build intelligence and stack visibility at scale, while the Trace team brings decades of client-led professional services experience in privacy and data security. Together, the two companies bring the best blend of human and tech capabilities to shape the future of compliance.
Our product has been through many changes over the years. Both from a market standpoint, but also technically. Over the last year we’ve simplified our architecture and moved away from a traditional Javascript single page application (SPA) and gone back to our Rails roots. Here’s the story of why we chose Hotwire, what it’s allowed us to do, and where we hope to see it in the future.
The engineering organization of companies building modern cloud applications can get incredibly complex. Security teams are caught between the explosive growth of engineering teams and the fragmentation of software architecture. As a result, it can be a challenge to get a clear, complete and up-to-date view of engineering components. Bringing clarity about the software architecture is the first step to enable you to assess and remediate data security risks properly.
Keeping a team aligned isn’t easy. Not every meeting can possibly include every single team member, and updating a multitude of Notion pages with all the details regarding every discussion is an entire project in itself. The data that informs decisions is shared to separate groups of people, many of which don’t necessarily work closely together.
While there may still be the occasional team that handles everything themselves, most software products are made up of a variety of services from different vendors. From data storage to customer management, third party data processors are a nearly unavoidable part of any organization.
The GDPR recently marked its three-year anniversary, but one aspect of compliance for many companies is much older. Standard contractual clauses (SCCs), the mechanisms that most international organizations used to legally transfer data between the European Economic Area (EEA) and third party countries—like the US—are over a decade old. For organizations moving data in and out of the EEA, the last few years have been complicated.
When it comes to GDPR compliance, contracts are some of the most powerful tools you have to show to regulators. They allow you to receive legal guarantees from your service providers and third parties that protect you from liability in the event of a breach in compliance. You aren’t off the hook for everything, but at the very least you won’t be liable for negligence.
When Apple released their privacy nutrition labels, it was seen as a key turning point in platform-level privacy. Even so, while Apple holds control of mobile device profits and industry mind share, they do not account for the majority of mobile devices globally—especially in developing countries. The iPhone is expensive, and therefor any of its privacy protections become a benefit only to those that can afford their devices.
