Building Trust with SOC 2 Type II: A Talk with Vianova's Tech Leader

Dive into an exclusive interview with Frédéric Robinet, the Chief Technology Officer and co-founder at Vianova, the driving force behind Vianova's technology landscape. In this conversation, we focus on the vital aspects of security and trust that define Vianova's commitment to excellence. As the company recently achieved SOC 2 Type II compliance, we explore the meticulous strategies used to strengthen our systems and build confidence among our clients. 

Frédéric Robinet shares insights into Vianova's proactive approach to cybersecurity and technology innovation. Join us as we explore the guiding principles behind Vianova's dedication to ensuring trust and security in today's digital landscape.

‍

‍

1. Can you tell us about your journey at Vianova and your background before joining the company?

Celebrating my 4th anniversary in March, it has been an amazing journey so far. I take pride in leading the technical team through the utilization of agile methodologies, achieving ambitious goals, defining the product roadmap, and ensuring the scalability of our systems and platform architecture.

Before joining Vianova, I had the privilege of working at Renault-Nissan in the connected services sector. There, I gained valuable insights into the mobility space and the challenges of connecting physical assets to the cloud while developing end-user added value.

‍

Collaborating with skilled security professionals from both hardware and software domains provided me with valuable insights into the critical importance of security in contemporary software platforms.

‍

Key decisions were made to reinforce our security stance, which can be outlined as follows and elaborated upon in detail:

• Integrating security into the software development lifecycle from its earliest stages, adopting a "shift left" approach.
• Maximizing the utilization of public cloud resources and managed services to leverage the robust security frameworks offered by our partners.
• Educating and testing employee security awareness through training initiatives.
• Validating our strategies through external security audits and achieving SOC 2 compliance.

‍

‍

2. Tell us about your team at Vianova and how they contribute to the company's success.

My team comprises a mix of junior and senior profiles, emphasizing a good balance of nationalities and cultural differences. Engaged in all aspects of Software Development and Life Cycle, from product discovery to release and maintenance, our team collaboration is crucial for success.

‍

Currently, our team is actively involved in various projects aligned with Vianova's goals in trust and security. These initiatives encompass both technological advancements and process improvements to fortify our security framework.

‍

To see our team and current open roles, visit: https://www.welcometothejungle.com/en/companies/vianova  

‍

‍

3. Can you summarize the past year's progress in strengthening trust and security at Vianova in one sentence?

In the past year, we made significant progress in strengthening our commitment to trust and security, reaching notable milestones like obtaining SOC 2 Type II compliance certification, conducting employee training, and making disruptive technological advancements.

‍

We had to elevate standards across various domains to achieve compliance with SOC2 Type II. The controls we implemented span the entirety of the employee journey, commencing from day one with secure access protocols, laptops equipped with malware scanners, and the enforcement of robust passwords with dual-factor authentication across all areas. 

‍

Additionally, we conducted a thorough review of all internal software vendors' security measures and commitments. This was crucial to ensure that the entire software lifecycle and tooling adhered to the highest security standards. This proactive approach not only enhances our security posture but also enables us to identify potential risks and determine whether to accept or mitigate them effectively.

‍

‍

4. How does Vianova prioritize security and trust, and how are these values integrated into the company's culture and operations?

Our data strategy focuses on leveraging a wide range of mobility datasets to shape safer, greener, and more efficient urban environments. 

Educating employees and partners about data security and privacy best practices is critical. Specific onboarding guidelines and monthly training sessions on various cybersecurity threats, along with random phishing campaigns, enhance awareness and preparedness against potential security breaches.

‍

‍

5. What measures does Vianova take to ensure the security of customer and partner data?

Ensuring the security of customer and partner data is a paramount concern at Vianova, underscoring the correlation between security and trust. As a third-party platform entrusted with managing data originating from physical devices to insights utilized by public space managers and decision-makers, our responsibility parallels that of the jewelry industry. Just as raw materials are meticulously crafted into highly valuable stones, from data extraction to presentation, we prioritize integrity and security.

‍

A foundational decision was made to leverage public cloud infrastructure to host our data and resources, recognizing its superior security measures compared to what we could provide internally. Our beliefs are centered on:

• Embracing the public cloud as the future of hosting.
• Entrusting professionals to manage our infrastructure rather than developing and maintaining it in-house.
• Recognizing the paramount importance of security, with public cloud infrastructure offering a higher security grade than any on-premise alternative.

‍

Another crucial step was integrating security and privacy into our design process, initiating these considerations early in the conception phase. We adhere to the OWASP Top 10 recommendations to ensure our daily workflows adhere to state-of-the-art security practices and recommendations.

‍

To learn more about our data, visit: https://www.vianova.io/products/data-marketplace 

‍

‍

6. How does SOC 2 Type II compliance reinforce the trustworthiness of Vianova's systems, and what steps were taken to achieve this milestone?

Undertaking the SOC 2 Type II security audit standard proved to be a significant milestone for us. Widely recognized as one of the most comprehensive security standards globally, we deliberately chose SOC 2 due to its thorough coverage, which is particularly relevant for a Software as a Service (SaaS) company like ours. Despite the considerable complexity and challenges associated with meeting over 90 stringent tests within a condensed six-month timeframe, the endeavor proved immensely valuable.

‍

Navigating through the intricate requirements posed a formidable challenge, especially for a company of our size. However, the process not only validated the strength of our existing software security practices but also compelled us to fortify our policies and controls across the board. From enhancing employee laptop security protocols to conducting tabletop exercises, SOC 2 provided a comprehensive framework that left no stone unturned.

‍

Ultimately, the rigorous SOC 2 Type II audit was a testament to our commitment to security excellence and customer trust. It served as a catalyst for continuous improvement, empowering us to bolster our defenses, refine our practices, and solidify our position as a trusted provider of secure SaaS solutions.

‍

‍

7. Looking forward, what exciting developments can we expect from Vianova in the upcoming year?

We are actively exploring how integrating emerging technologies such as artificial intelligence (AI) and machine learning (ML) can enhance our capacity to make relevant recommendations for public space improvements, aligning with our commitment to continuous improvement and user trust.

‍

In the upcoming year, Vianova aims to enhance security measures, streamline the ingestion of Terabytes of data monthly from multiple providers, understand associated risks, and seize opportunities to maintain user trust and data safety.

‍

‍To discover more about our dedication to trust and security, please visit our dedicated page: https://trust.vianova.io/