Cloudneeti launches continuous SOC 2 compliance assurance for customer’s workloads on Microsoft Azure and Amazon Web Services

Cloudneeti provides continuous cloud security and compliance assurance for cloud workloads on Microsoft Azure and Amazon Web Services (AWS) addressing the customer's part of the shared responsibility for SOC 2 attestation.

What is SOC2 Compliance?

Developed by the American Institute of CPAs (AICPA), System and Organization Controls 2 (SOC 2) is a 3rd party attestation by a certified auditor. SOC 2 concentrates on the protection and privacy of data sent to service organizations – preventing misuse of the whether intentionally or inadvertently. It defines criteria for managing customer data based on five Trust Services Criteria (TSC):

  • Security. Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
  • Availability. Information and systems are available for operation and use to meet the entity’s objectives.
  • Processing integrity. System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
  • Confidentiality. Information designated as confidential is protected to meet the entity’s objectives.
  • Privacy. Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.

SOC 2 reports are unique to each organization. In line with specific business practices, each company designs its own controls to comply with TSC.

There are the two types of SOC 2 certifications:

  • Type I reports on the service organization’s system and the design of its controls, relating to one or all of the five TSC.
  • Type II includes the same reports as Type 1, but also assesses that the implemented controls have been tested for operational effectiveness over a period of time.

Who is SOC 2 for?

SOC 2 is not a regulation or a law, but a compliance requirement that every technology company must meet. And as every business is increasingly a technology company, the spread of SOC2 is much broader than a specific industry certification like PCI DSS.

Typically, every SaaS provider, most Enterprises, Independent Software Vendor (ISV) and generally every business that uses cloud computing to store and process client data should be SOC 2 certified.

How does Cloudneeti help?

Cloudneeti helps companies to achieve and maintain SOC2 compliance.

  1. Accelerate SOC2 compliance: Companies shorten the total time and effort to achieve SOC 2 compliance by at least 50%. Cloudneeti product drastically reduces the time to collect and report compliance evidence information. The customer’s organization (e.g. CISO, Information Security and AppDev teams) works with a clear list of cloud security best practices to set their security posture baseline, prioritize risks and remediate any deviations from baseline prior to the SOC 2 audit.
  2. Remain compliant: Companies gain continuous visibility into their security posture and enforcement of baseline. Businesses are undergoing digital transformation and increasing the speed of their software releases. Cloudneeti can track compliance of every cloud deployment and at least once a day for any minor updates. Using various Cloudneeti features like daily trend reporting, daily change notifications customers can easily keep up with ongoing changes and maintain their compliance.

What does Cloudneeti cover?

Cloudneeti provides continuous cloud security and compliance assurance for cloud workloads on Microsoft Azure and Amazon Web Services addressing the customer’s part of the shared responsibility in the following areas for SOC2 – AICPA TSC 2017 controls.

Continuous monitoring for SOC2 controls are now available for the following control categories

  • A1.2 – Additional Criteria for Availability
  • CC5.2 – Control Activities
  • CC6.1 – Logical and Physical Access Controls
  • CC6.1 & 6.5 – Logical and Physical Access Controls
  • CC6.1 & 6.6 – Logical and Physical Access Controls
  • CC6.1 & 6.7 – Logical and Physical Access Controls
  • CC6.1 & 6.8 – Logical and Physical Access Controls
  • CC7.1 & 7.2 – System Operations
  • CC8.1 – Change Management

Request a trial of the Cloudneeti product and get your SOC 2 compliance posture within minutes.

Reach out to us

Request for Trial/Information