Service Organization Control (SOC) 2 is an auditing procedure that ensures service providers are securely managing data to protect the interests of their customers, their customers’ customers and so on. This stringent independent audit seeks to determine the suitability of the design and operating effectiveness of controls that a SaaS vendor implements for its services.
As we continue to bolster and enhance our best-in-breed Privileged Access Management (PAM) as a Service portfolio, we are proud to announce that CyberArk recently attained SOC 2 Type 2 compliance for both Endpoint Privilege Manager and CyberArk Privilege Cloud.
This is a momentous accomplishment and here’s why. The audit tests over 30 unique controls, principles and criteria. These include, but are not limited to, overall commitment to organizational integrity, ethical values and, of course, specificity into how data is controlled and secured. SOC 2 is a comprehensive audit that signifies to the market that complying organizations take the data privacy of their “as a Service” offerings seriously.
Other market solutions that fall back on major cloud hosting providers like AWS, Azure and more to claim SOC 2 compliance are not as mature or secure as services that have obtained these certifications independently. CyberArk has always been committed to providing customers with the most secure solutions to fit their needs and achieving SOC 2 Type 2 compliance is another proof point for that mission.
Part of the CyberArk PAM as a Service portfolio, Endpoint Privilege Manager (EPM) helps organizations reduce the risk of unmanaged administrative access on Windows and Mac endpoints. It provides the right tools to implement the principle of least privilege and helps to effectively reduce the attack surface and transparently mitigate the risk of a data breach without impacting productivity. EPM combines privilege management, privilege threat protection and numerous integrations to reduce the risk of malware infection and lateral movement without having adverse impacts on IT and security teams.
CyberArk Privilege Cloud is built to protect, control and monitor privileged access across cloud and hybrid environments. Based on CyberArk’s extensive experience protecting privileged access, the solution helps organizations efficiently manage privileged account credentials and access rights, proactively monitor and control privileged account activity and quickly respond to threats – all without the need to manage additional on-premises infrastructure. This modern, cloud-based service accelerates time-to-value and leverages cloud economics to efficiently and effectively address customers’ privileged access management needs.
The recent SOC 2 audit indicates that organizations can leverage CyberArk services’ controls and design to operate effectively. The audit also confirms that these two services operate effectively and have the requisite service commitments and system requirements based on the “applicable trust services criteria” — making them viable options for any organization looking to use CyberArk as a Service offerings. As organizations continue to trend towards SaaS applications and security solutions, SOC 2 compliance for specific services can be a starting point in evaluating SaaS providers.