Respect for our customers, and the end users they seek to understand, has always been central to Segment’s values. We recognize that protecting privacy requires a holistic security program. We want you to have confidence in the way we practice security at Segment, and we want to earn your trust as the infrastructure for your customer data. That is why we built and continue to invest in holistic security and trust programs to protect your customer data.
We have an ISO 27001-based security program, which means we are continuously evaluating, refining, and augmenting our security offerings. We are able to do this by running multiple security programs at once, each with its own team, each focused on maturing a different area of security.
We use Amazon Web Services for our datacenter, which means our customers benefit from AWS’s comprehensive security practices and compliance certifications. We also recognize that AWS can’t do everything for us, and protecting our customers’ data requires a great internal security program as well.
Any experienced security practitioner can tell you that technology and processes are just two key components of an effective security program. People are the third component. At Segment, security is everyone’s responsibility.
I chose to come work at Segment because of the strong executive and board commitment to building, and then growing a world-class security program. Having this kind of support makes a big difference in our daily work as well as our long-term success.
Segment’s leaders ensure we have the resources and headcount to provide the kind of security our customers deserve. The Security Organization is also boosted by consistent buy-in from every level of the company.
Ultimately, we have fostered a genuine interest in security throughout the company, and have created security champions on different teams to help us move the programs forward.
When we roll out security programs at Segment, we focus on enabling our people. We take time to demonstrate why security practices are important and how they intersect with their jobs. Sometimes, it’s about keeping people safe through good physical security. Sometimes, it’s about teaching our engineers how to think like an attacker, so they develop better code and take ownership of the security of their application or service.
When I think about what our security teams are doing in the near future, we are creating systems and processes that are both easy and secure by default. We want to create an environment where doing something the wrong way is a lot of extra work and time, not even worth the effort. This is how the overall security community can make security viable and sustainable into the future.
For more information about our security and privacy practices, see our Security page. The team is growing, and if you’re considering joining, I encourage you to have a look at our careers page to see whether there’s a possible fit. Let’s chat.
Coleen Coolidge CISO