As the Information Security Program Owner at National Instruments, I spent years contemplating the answer to a question that has been around since the dawn of "the cloud":
Where is my data safest?
Often times, this inner dialogue begins with an assumption that nobody can keep our data safer than we can ourselves. After all, we've done our diligence. We've got our firewalls in place. We purchased an IPS. Our security team has tools to find and remediate vulnerabilities. Clearly, we're locked down like Fort Knox and have never had a data breach, so our data is safest within the confines of our data center. To be perfectly honest, I'm not here to challenge that notion. Risk data is confidential data and it should be protected to the best of your ability. So, if this is you, at SimpleRisk we offer a deployment model which we refer to as "SimpleRisk On-Premise". This deployment starts by deploying our "SimpleRisk Core" product. This is written in PHP with a MySQL database back-end. It can be downloaded for free from our website, and should have you up and running with Governance, Risk Management, and Compliance (GRC) capabilities in minutes. We offer deployments via scripted installation, virtual machine, Docker, and self-install across a variety of Unix, Linux, and Windows operating systems. If you run into any issues getting SimpleRisk up and running, you can always send a ticket into Support and you can add on any of our "SimpleRisk Extras" as plug-and-play modules to extend the functionality of the SimpleRisk Core.
Frequently, however, we find that customers are drawn to SimpleRisk because they were looking for an incredibly easy to use tool for their Enterprise Risk Management (ERM) program that is cost-effective. After all, there are few organizations out there who can claim to have unlimited security resources and we're all looking for ways to get more for less. While data security is definitely still a concern worth addressing, the primary question they ask is:
How do I get the biggest return on my investment?
The honest truth is that it takes an investment of time to support any GRC tool. Some tools will require more time than others, but at the very least you'll want to make sure that you're monitoring the application so it is available when users need it, backing up the data in case a disaster strikes, and upgrading the platform to get the coolest new features and bug fixes. At SimpleRisk, we schedule quarterly releases that are chalked full of functionality that we know our customers will love. Nothing pains me more than seeing a customer running a year old instance of SimpleRisk, unable to take advantage of that functionality, because their organization was bogged down by operational issues and couldn't prioritize an upgrade. I witnessed this first-hand at my organization and it couldn't have been more frustrating.
This is the reason why SimpleRisk offers our "SimpleRisk Hosted" solutions. With this offering, SimpleRisk handles the architecture ensuring high-availability for all of your users. We take daily snapshots of your data so that you are covered in one of those "what if" scenarios. Most importantly, we keep your SimpleRisk instance up-to-date with the latest version of our software so that you always have access to the latest and greatest features. You get to focus your time and efforts on actually managing organizational risk instead of managing a system to manage risk. And the best part is that we've intentionally priced this platform to be comparable to our On-Premise offering. If you're looking for the biggest return on your investment, SimpleRisk Hosted is a no-brainer.
Now, even if the ROI for SimpleRisk Hosted is huge, I wouldn't begin to assume that you would dismiss the security components of the platform. As I said before, risk data is confidential data, and we know the ramifications of a data breach. As such, SimpleRisk has focused on security from day one. We use multiple different methodologies to ensure our code is secure, including routine scanning and testing through a Bug Bounty program. We host in the AWS cloud environment, where they have rigorous controls in place to help us to isolate, protect, and monitor your data. The entire platform has been architected with security in mind, to give you peace of mind in knowing that your data is as safe as it would be if you were hosting it yourself. If you'd like to learn more, Contact Us to get an NDA in place and we'll gladly share our Product Security Documentation with you.
So, which SimpleRisk deployment model is right for you? If you're still unsure, why don't we schedule a call and talk it through. We look forward to speaking with you soon!