ShiftControl Reaffirms Security Commitment with CISA Secure by Design Pledge

What is the Secure by Design Pledge?

The Secure by Design pledge is an initiative spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA). It is a call to action for software companies to prioritize security from the ground up—integrating robust security measures during the design phase, continually monitoring for vulnerabilities, and making proactive improvements. The pledge outlines key principles such as reducing vulnerabilities, eliminating weak points like default passwords, and ensuring that software products are resilient to cyber threats.

For us at ShiftControl, it’s a natural fit that aligns with our core belief: security should be built into the foundation of every product, not added as an afterthought. By signing this pledge, we reaffirm our dedication to creating software that protects users and promotes business productivity, particularly for small and medium-sized companies.

Why ShiftControl Took the Pledge

Security has been part of our DNA for a long time. Both Dan (my co-founder) and I carried strong security principles from our time at ExpressVPN, but for Dan, this dedication stretches even further back to the very beginning of his career. He’s spent years focusing on building secure systems, and this commitment to security has always been central to how we design and build ShiftControl.

We believe security is a basic right, especially for small businesses that are too often left underserved by complex, costly solutions. It’s a natural extension of our mission to help small businesses manage their SaaS tools securely and efficiently.

We chose to join this pledge because it aligns with our core values of transparency, responsibility, and continuous improvement. It also reflects our identity as a company focused on security and productivity. By committing to Secure by Design, we strengthen our role as a trusted partner to businesses, while continuing to embrace a proactive and collaborative approach to cybersecurity that’s already at the heart of how we operate.

Our Commitment to Secure Development Practices

We’ve always prioritized the security of our platform. As part of the Secure by Design pledge, we’ve taken steps to further integrate security into our product development process. Here are some of the key initiatives we’ve implemented as part of this pledge:

1. Security as a Foundational Element

From the moment we begin designing a feature or product, security is at the forefront of our thinking. Our product development processes now include security assessments and the adoption of best practices during each stage—design, development, and deployment.

We’ve already made security a core element of our platform, and the pledge simply formalizes some the principles we have adopted. This includes assessing potential vulnerabilities early and making sure that our software is designed to withstand threats from day one.

2. Continuous Improvement and Innovation

Cybersecurity is a constantly evolving field, with new threats emerging every day. Our commitment to the Secure by Design pledge means we’re constantly improving our platform. We update our systems based on the latest industry standards, and continuously develop new features that bolster security without adding complexity for users.

By staying up to date on the latest cybersecurity trends and threats, we ensure that ShiftControl remains a secure, future-proof solution for businesses of all sizes.

3. Collaboration and Transparency

Security isn’t just a one-company effort—it’s a collective responsibility. That’s why we actively collaborate with industry peers and government agencies to stay informed about emerging threats and to share best practices. Transparency is equally important to us. As part of the pledge, we provide regular updates to our customers on security measures, new features, and potential risks that we’ve mitigated.

We believe that by openly sharing information and fostering collaboration, we can help create a safer ecosystem for all. We encourage our customers to participate in this effort by reporting any potential security issues they encounter, allowing us to quickly address them.

4. Reducing Complexity for Small Businesses

Small businesses often lack the dedicated resources to manage complex security systems, which is why we’re laser-focused on making security simple and accessible. By signing this pledge, we’re reaffirming our mission to make security a natural part of SaaS management, without adding unnecessary barriers.

Our commitment means that the security burden isn’t placed solely on our customers’ shoulders. We’ve taken responsibility for ensuring that security is built into every layer of our platform so that small businesses can focus on growing their operations while we handle the protection.

5. Embracing Accountability and Trust

Accountability is at the heart of our security strategy. We believe in being transparent with our customers and holding ourselves to the highest standards. As part of this pledge, we are committed to providing security reports, timely updates, and transparent communication regarding how we handle vulnerabilities and safeguard our customers’ data.

By fostering a culture of trust and accountability, we not only meet our customers’ expectations but also set a higher industry standard for security in SaaS management.

A Call to Others

We encourage other software companies, especially those serving startups and small businesses, to consider joining the Secure by Design pledge. When we all prioritize security, we create a safer ecosystem for everyone.

At ShiftControl, security has always been in our DNA, and joining the Secure by Design pledge is a testament to that. This pledge allows us to publicly commit to a higher standard of security and transparency while providing even greater protection for our customers. We’re excited to continue our journey towards making security simple, seamless, and accessible for all.