Why Our Customers Choose Workiva and the Cloud: Security

16 October 2018

Finance, accounting, risk and compliance professionals have given us many reasons for choosing Wdesk. We are exploring each of the top 10 reasons why organisations move their reporting and compliance to the cloud in greater depth with this blog series.

Cybersecurity has become a growing priority for organisations, even before historic megabreaches like the Equifax Inc. incident that exposed details of 143 million consumers or the WannaCry ransomware outbreak in 2017.

Workiva has instilled rigorous safeguards to protect your data. That is just one of the many reasons more than 3,000 organisations trust Workiva for their accounting, finance, risk and compliance reporting,

Reason Number 2: Securing your data in the cloud

With any system, whether on-premise or in the cloud, it is important to vet vendors who will be sharing security responsibilities with you.

Cloud platforms hosted on Amazon and Google can leverage security investments and visibility across thousands of clients to identify fraudulent transactions and breaches more easily. These platforms typically implement the latest software versions and patches in the background instead of relying on individuals to instal their own, which has historically been a source of breaches.

Permission settings that allow you to control who can see and edit sensitive data can make it safer to share documents in the cloud than to email attachments for colleagues to download.

Underlying cloud infrastructure represents only the first level of security for your applications and data. In order to understand your cloud security posture, you have to consider the additional safeguards provided by your software as a service (SaaS) provider—and independent evaluations of your vendor's controls.

Control, encryption and authentication

Information security at Workiva includes data encryption and segregation, multifactor authentication and advanced permissions and data authorisation. 

Wdesk and Wdata encrypt your data both in transit and at rest to prevent your data from being compromised, even in the event of a breach. Your encryption key is kept separate from your data for further protection.

Workiva also offers a range of security features, so your organisation can implement controls that match your internal policies and procedures.

Need to control employees' access to data you collect in Wdata or import into Wdesk for final reporting? You can implement Security Assertion Markup Language (SAML), a single sign-on standard for exchanging authentication and authorisation information between, say, a user’s corporate network and Wdesk.

Alternatively, you can use System for Cross-domain Identity Management (SCIM), which integrates with your organisation’s active directory and IP address restrictions when the user is working from a coffee shop, for example, or for smaller organisations that don’t use SAML.

Workiva offers extensive logging through an easy-to-use console. Users also can set standards for passwords, and opt-in to set up two-factor authentication. This extra level of security requires not only a username and password, but also a unique piece of information only the user possesses, such as a token.

Third-party audits of Workiva security

Security is a responsibility Workiva takes seriously.

Workiva is compliant with AICPA’s SOC 1 and 2 (Service Organization Controls) audits, which examine internal controls over both financial reporting and nonfinancial reporting as it relates to security, availability, processing integrity, confidentiality and privacy.

Workiva complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the General Data Protection Regulation (GDPR).

Ongoing penetration and vulnerability testing is part of operations, and an independent third party conducts these tests twice a year.

In addition, Workiva operates under the Federal Risk and Authorization Management Program (FedRAMP). Workiva has achieved FedRAMP authorisation, which signifies an ongoing commitment to meet stringent cybersecurity requirements that will protect the data of government operations, agencies and departments.

Keep your eye on this blog over the next several months as we examine more reasons companies choose Workiva.

If you don't want to wait that long, request a demo today to learn more advantages of Wdesk and how to use Wdata to bring data into Wdesk.