|
|
|
|
|
|
by wepple
723 days ago
|
|
|
> but a vendor who only does one thing, specifically a high-trust thing like this? They’re not in the business of being trustworthy or secure, it’s just another software shop trying to grow product. > which would tend to bring in specialists to make sure this kind of remediation is done right? Ideally, sure. In reality an insurance company has many thousands of customers, they can’t possibly do any real assurance beyond basic compliance. Managing access and credentials is a hard problem for well staffed security teams, let alone a single compliance auditor. |
|
|