Tredence: Raising the bar on customer data security with AI-powered rebate management platform

As cybercrimes continue to make headlines, hackers are accessing and selling customer data files in record numbers. At Tredence, we take customer data security very seriously. Here are some of the many steps we take to ensure data loss protection and retain customers’ trust.

We’ve all seen the headlines about the consequences and cost of cyber security breaches. The global average cost per data breach amounted to US$4.35 million in 2022, rising from US$4.24 million in the previous year.

But protecting customer data—precisely, personal information— amounts to more than the cost incurred due to the breach – it impacts the brand’s credibility with stakeholders, affects revenue and erodes customer trust. A report found that more Americans are worried about data security than they are about losing their primary source of income. This makes data security a business imperative for organizations, irrespective of size and scale of operations.

As a responsible organization offering rebate management software that deals with data and analytics, we recognize the importance of ensuring data security. At Tredence, we ensure adherence to all applicable data loss protection regulations, established data management guidelines and privacy policies. In addition, we ensure appropriate organizational and technical measures in our rebate management system to protect your data against unlawful or unauthorized processing and/or against alteration, accidental loss, disclosure or access, or unlawful destruction of or damage.

We also continually monitor the legislative landscape to identify changes and determine the information our customers might need to confirm data loss protection.

Single sign-on (SSO)

Implemented as the de facto sign-in mechanism, SSO negates the need for our rebate management system customers to maintain different credentials for different environments. This helps strengthen our password management practices.

Multi-factor authentication (MFA)

This additional security layer protects us from incidents such as credential compromise.

Virtual Private Network (VPN)

The usage of a VPN encrypts traffic between your machine and the remote source being accessed, ensuring a private, secure connection between Tredence Rebate management system users and client infrastructure.

Encryption (at-rest & in-transit)

Best-in-class encryption solutions protect your data at rest and in transit. We also use opportunistic TLS to encrypt all inbound and outbound emails.

Multi-layered email anti-virus and anti-spam filtering

These advanced technologies improve our email security by detecting and preventing threats.

Endpoint Detection and Response (EDR)

A couple of notches above the traditional anti-virus protection system, EDR capabilities provide data loss protection by adopting a prevention-first approach and using AI-enabled multi-layer inspection.

As a first step, we enforce data classification, fundamental to almost every security practice in Tredence. From emails to business-critical documents, employees working on rebate management software are required to classify them before sharing or saving them. In addition, employees can choose to add access restrictions, such as read or edit rights, on documents.

To prevent accidental data leaks from the corporate system to a seemingly non-corporate environment, we have also deployed Windows Information Protection (WIP). It uses encryption to protect business-sensitive content and disallows content to be copy/pasted into other documents.

We have a clearly defined third-party risk management (TPRM) approach as we work with several third-party organizations. Our TPRM program focuses on due diligence during and after the onboarding of third-party vendors, enabling us to identify, monitor and assess the risk, thus increasing our data loss protection rate. It is mandatory for all third-party organizations engaging with us to sign a data protection agreement (DPA) with industry-specific terms and conditions.

We also run a full-fledged Security Operations Center (SOC) that monitors security alerts and addresses relevant mitigations in our rebate management system. We use several open-source and commercial-level Cyber Threat Intelligence (CTI) resources, researching and understanding industry-specific threats and implementing appropriate measures to mitigate the risk of advanced cyber threats.

The backbone of our customer data security strategy is the Vulnerability Management Program, which detects and mitigates all detected vulnerabilities in the environment on an ongoing basis. This comprehensive program includes a continuous internal Vulnerability Assessment and Penetration Testing (VAPT) and annual, independent VAPT exercises to address vulnerabilities. We also conduct an annual ‘Red Teaming’ exercise on scoped systems and applications to get visibility into exploitable vulnerabilities.

We are a global organization offering rebate management software and dealing with clients across industries with varying degrees of Privacy regulatory exposure. So, having robust security and privacy culture is pivotal to maintaining a secure environment.

Initiatives such as mandatory information security and privacy workshops for new joiners, refresher training for all employees, and frequent mailers on the basics of information security go a long way in improving organization-wide compliance.

The following security certifications and attentions testify to our promise of ensuring a safe environment for our rebate management system customers:

Information Security Management System (ISMS) ISO 27001:2013 certification

It allows us to implement controls to protect ourselves and our clients from unwarranted security issues.

SOC2: Type 2 attestation

We have completed the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria for internal controls relevant to security, availability, processing integrity, and confidentiality. This attestation demonstrates that we have implemented these controls in a manner that protects our customers’ data and systems.

There are countless ways cybercriminals can infiltrate our business, and there are as many tools and strategies to combat them. However, human involvement in handling data in rebate management systems continue to be the most significant and uncontrollable factors. Our employees often operate remotely from client-managed environments. In such cases, we ensure adherence to the following practices in addition to the standard baseline controls:

VPN connectivity

Access to the external (client) environment is restricted through Tredence or Client VPN to prevent unauthorized machines from accessing the infrastructure. This means only authorized personnel can access customer data.

Copy/paste, print screen disabled

Disabling data sharing commands like copy-paste and print screen helps safeguard data against malicious and accidental data leaks.

Restricted internet access

Restricting internet access, especially for client infrastructure users, reduces the possibility of data leakage vectors.

Prevent cross-domain emailing

Tredence employees using client-provided credentials are restricted to using emails only within the client environment.

Earning your trust is the foundation of our business. We know you trust us to protect your most sensitive asset: your data. With Tredence, you have the power to manage the privacy of your data, control how it is being used, who can access it, and how it is encrypted.

These are guaranteed terms and conditions that we contract with all our rebate management software customers, even as we continue to raise the bar on data loss protection with features that give you better control of your data.

Schedule a demo with our experts to understand on how we secure your data.