How to get started and maintain a powerful ZTNA architecture
These days, every company has to deal with compliance — and most of those companies might treat compliance as something of a headache. It’s true that the work comes with a lot of constantly shifting complications, but at its heart, compliance is really about integrity. Building trust with your team, your community, and your consumers is the core of compliance, and never more so than when your product is predicated entirely on cybersecurity. Complicated though it might seem, when you have a passion for building trust, it’s easy to have a passion for compliance.
That’s certainly true of Gary McCloud, the Head of HR and Compliance at OpenVPN, Inc. He knows exactly what it’s like to face a wide range of compliance challenges; OpenVPN’s team, after all, is largely remote and spans literal continents. “We have to be especially vigilant as we operate in the US, and also have support teams expanding globally,” says McCloud, explaining that different regions all have differing laws on what it takes to be ‘compliant.’
“Since compliance is not a one-time process, today’s business environment involves dealing with local, state, and federal laws that are changing all the time. The fact that we are a geographically dispersed organization means we must stay abreast of US law, International law, and foreign laws in various parts of the world in which we operate. This makes the compliance landscape pretty dynamic and challenging.”
So how does he handle managing compliance across such a wide range of locations and laws? Well, says McCloud, it’s often about finding the highest common denominator. “Multi-jurisdiction organizations such as OpenVPN often develop uniform processes that comply with the most stringent state regulations—which in our case is most likely California Law. This ensures we will be able to adhere to regulations regardless of the state.”
It gets even more extreme in European countries. In 2018, the European Union announced an unprecedented standard of protection around individual EU citizen information. It’s called Europe’s General Data Protection Regulation (GDPR), and represents the toughest requirements to date. “The regulation applies to any company handling EU citizen’s personal information, whether or not the business has a physical location in the EU,” says McCloud. “Companies around the world, including OpenVPN, have updated privacy policies and procedures to become compliant.”
But it’s not just the difference across geography that presents a challenge in maintaining compliance — the constant changes as time passes means constant new challenges for McCloud and his team. “The tech industry is always in flux with new technology advancements, different business models and new players. With this comes new compliance, regulations, laws — and of course, more competition.”
But the importance of compliance doesn’t end with liability, says McCloud. It also makes a powerful impact on customer relations, especially when your product is based entirely on cybersecurity. “Our compliance with laws, regulations, and software audits helps minimize the incidence of security vulnerabilities and external cyberattacks, which has a direct connection to trust and integrity,” explains McCloud. “We want our customers and prospective customers to know that we as individuals have a clear strategy and mindset in the protection and retention of internet privacy rights and freedoms. We want every customer to know that as individuals, we care about what our company does and how it affects peoples’ lives.”
A good VPN is, after all, based on trust. Businesses and individual consumers alike need to know that when they trust OpenVPN with their data, that data will be safe. According to McCloud, that’s what compliance is all about. “We make sure our software is security compliant and doesn’t leave personal data exposed to internal vulnerabilities or external break-ins. We hold ourselves to a higher level of accountability to not only our customers, but to federal regulations, and the ever-expanding privacy laws that protect consumer data and privacy.”
Maintaining that trust, however, isn’t just about the tech. It’s also about building a team that cares about the work — and each other. “I really enjoy working with our culturally diverse OpenVPN team,” McCloud adds enthusiastically. “They work hard and play hard!”
That connection makes for more than just good morale. When trust is a core component of the product you provide, it has to be an essential element of your team as well. “We are currently working in expanding our employee portal services and constantly looking for ways to improve our total benefits package,” says McCloud. “Our goal is to be competitive in the workplace and provide an environment where our team members can thrive and feel great about what they’re doing.”
Interpersonally, McCloud says his OpenVPN team makes support a priority, and that affects every aspect of their work — an absolute essential for compliance. “I really appreciate the fact that we really care about each other and get truly excited about individual successes and wins,” he explains. “That is what separates a good team from a bad one: when people don’t compete, they collaborate and care.”