We should all protect what has been entrusted to us; that includes the powerful functionality and data accessible in your Gainsight NXT organization. This article outlines the top 3 best practices Gainsight recommends you take to secure your Gainsight NXT org.
Securing your Gainsight NXT org is a shared responsibility. Gainsight takes certain actions as outlined in our independently-audited SOC2 Type II report, and other steps require your action. Gainsight recommends beginning with the 3 best practices outlined in this article.
Step #1: Enforce Multi Factor Authentication
Gainsight recommends you implement Multi Factor Authentication (MFA) to secure your NXT org. Enforcing MFA is the most critical step for thwarting attackers from gaining access to your org.
MFA is an approach to logging in which requires users provide something from at least two of the following categories:
Something the user knows, such as a password or PIN
Something the user has, such as a mobile phone
Something biologically unique about the user, such as a fingerprint or facial geometry
To implement MFA:
Ensure that your company provides a Security Assertion Markup Language (SAML) Identity Provider (IdP) or can integrate with Google Workspace.
Choose an authentication provider (SAML IdP or Google Workspace), and ensure it mandates MFA for all Gainsight NXT users.
Configure your selected authentication provider in your NXT org by referring to the Gainsight Authentication article.
Step #2: Do Not Share Unnecessary Sensitive Data
To harness the power of the Gainsight NXT platform, customers trust Gainsight with their data. Given the power of the platform, it makes sense to consolidate data in Gainsight’s Customer Data Platform and leverage tools like Horizon Analytics. However, Gainsight recommends not sharing unnecessary sensitive data. For example, don’t send Gainsight Social Security Numbers, Protected Health Information, or credit card numbers if you don’t need to. Limiting distribution of sensitive data reduces the risk of its compromise.
To Not Share Unnecessary Sensitive Data:
Use these pointers to help you review your data.
Review the data from each of your data feeds.
Focus on sensitive data.
If a particular field is sensitive, like Protected Health Information or Social Security Number, ask yourself, “Do I really need this in Gainsight to get the full power out of Gainsight?” If not, don’t send it to Gainsight. Just because the feed may include the field by default doesn’t mean it should be sent to Gainsight.
Step #3: Restrict Permissions
All Gainsight users need the permissions to fully accomplish their jobs, making customers successful. However, they don’t need more permissions than necessary. Over-permissioned accounts are dangerous for two reasons.
If an over-permissioned account is compromised, the attacker can do more harm with it.
An over-permissioned user can do more harm, either accidentally or maliciously.
How to Restrict Permissions:
The following articles help you define and assign permissions to user groups and manage the license type assigned to your users.
Gainsight considers these the top 3 steps to securing a Gainsight NXT org. Completing them will help you make your customers successful while thwarting attackers.