💬 RevOps Discussions

lalexander
HubSpot Employee
HubSpot Employee

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

This week, we have one of the Product Managers on HubSpot’s Security team available to answer your (or your IT team’s) questions on all things security. 

 

Ryan DiPetta’s team helps keep our customers' accounts safe from bad actors. The Security Team builds features like two-factor authentication & single sign-on and implements automated protections to secure HubSpot login.

 

Ryan ( @rad ) is happy to answer questions about how to keep your employee's accounts secure, what kinds of threats we see at HubSpot, and the kinds of threats you might see, too. He’s also excited to hear your general questions about security best practices when it comes to doing business online.

 

ryan.png

8 Replies 8
SkylerSchmanski
Contributor

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

Hi Ryan! Thank you for all you and your team have done to keep HubSpot secure. What new security features should we expect in the near future? Restricting and opening access to granular platform features (e.g. individual lists and select emails) rather than general permissions for lists and emails for different team members would be huge.

0 Upvotes
rad
HubSpot Product Team
HubSpot Product Team

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

Hey Skyler! Good question. Hadar's already touched on the user permissions piece, but my team handles security of our user login system, so I can give you a bit of info about things we're currently exploring.

 

Our big focus lately (as you may've seen from some recent emails & our Adapt marketing content last week!) has been on getting more adoption of two-factor authentication. Right now around the industry there's been a big uptick in fraudulent activity, & we want to make sure to encourage our customers to be as safe as possible. We're working to add better protections to our login system so that we intelligently catch potentially fraudulent login attempts at the door so the bad folks can't get into your HubSpot account, as well. Between this & a big push on 2FA, we're hoping to provide more security options to our customers. That could include things like support for physical security keys for HubSpot login, as well. Enabling required two-factor authentication is the best way to make sure HubSpot accounts stay protected, so we want to make sure that experience is easy & friendly for our users, even if they're not always super technical people; security should be easy to understand & not intimidating!

 

Further into the future, there are some other important improvements we're considering for account security: adding more events to our Security Activity History log, allowing you to set allowed login IP ranges for your HubSpot account, & other things along those lines. We're always keen to hear more feedback about the security features that matter to users, too, so if there are big things you'd love to see us tackle, I'm happy to hear about them & let you know if they're problems we're thinking about.

SkylerSchmanski
Contributor

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

Those are all critical steps, Ryan. I look forward to seeing your progress. Thank you!

0 Upvotes
HadarS
HubSpot Employee
HubSpot Employee

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

@SkylerSchmanski I'll let Ryan jump in on upcoming security features. As it relates to your question about limiting visibility of specific lists and emails beyond overall user permissions, this is already available as part of content partitioning which you can read more about here.

0 Upvotes
SkylerSchmanski
Contributor

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

Thanks, @HadarS! I am now seeing the email feature, but the list feature appears in beta. I'm not seeing it on our portal.

0 Upvotes
HadarS
HubSpot Employee
HubSpot Employee

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

@SkylerSchmanski yes--your CSM will need to submit a request to ungate you for this! Please send them a note and they'll be able to do this. 😉 Happy Friday

SkylerSchmanski
Contributor

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

Will do! Happy weekend.

0 Upvotes
jfields
HubSpot Employee
HubSpot Employee

Ask HubSpot Security Product Manager Ryan DiPetta anything [Now Closed]

@schan @Aaron-WC @lindseygarrett @DanielaFonseca @DSV @SkylerSchmanski 
Tagging in some people with admin and implementation roles here just in case you've had questions about how we secure your data and user access - or just how we think about security here at HubSpot!