|
|
|
|
|
|
by Kalium
1525 days ago
|
|
|
Long story short, you don't. No competent security organization taking their responsibilities seriously is going to issue a blanket approval of something as broad as Zapier. What you can do is get an enterprise relationship in place, deploy tight endpoint monitoring and management, careful management of permissions at every level, and then make the review processes relatively fast. Not marketing-wants-to-build-a-whole-new-thing-with-lots-of-PII-tomorrow fast, but fast. Having strong systems for generating realistic test data and systems will make this prototyping much easier, though from experience Marketing will tend to dismiss such things. Marketing's needs and goals are real and important and valid and blah blah blah blah. Mostly their institutional incentives are to barrel ahead as fast as possible with any and every tools available. A security organization's remit is to make sure that this isn't reckless and liability-inducing, which often means dialing back the speed from breakneck to manageable and maybe even doing some token amount of planning around what you hope to achieve. |
|
|
As a side note, I've worked with 60+ startups. One thing that kills start-ups whenever it happens is giving too much power too early to the "default to no" departments of a company - security, legal, brand.