Can CISOs Trust Their Applications? TrustCloud Wants to Replace the Questionnaire

Where assessing whether production applications can be trusted is still a manual questionnaire, it may be time to automate.

For many CISOs, analyzing trust in enterprise production applications is still a manual process: questionnaires surveying the teams running the apps; chasing their return; collating them and then analyzing the content. The purpose is not to count vulnerabilities and threats, but to assess whether the company can trust the production applications it operates. It is important for the CISO and is demanded by the board.

It is tedious and time-consuming. At best, it can be done quarterly, but very often it is an annual task. The result is a point in time subjective judgment that does not reflect how the modern business changes from day to day. Where an enterprise might have operated a few hundred applications a decade ago, it now has thousands of applications in production and will have more tomorrow. Data gathering by manual questionnaires simply does not scale.

Image Credit: TrustCloud

“For years, CISOs have been forced to bring leadership point-in-time snapshots and call them a risk picture.,” comments Tejas Ranade, co-founder and CPO at TrustCloud. “They know it’s incomplete. Their boards know it’s incomplete, but the industry has had no better solution.”