We take security very seriously, focusing on protecting our customers and ourselves. In a constantly shifting landscape, we map out security threats and risks to plan current and future dangers. As the next step in our security journey, we’ve joined the Cloud Security Alliance (CSA), where we will be actively participating in an organization that raises awareness for cloud security best practices globally. With our membership, we will help and participate in cloud security-specific research, education, certification, events, and products.
Making the Procurement Process Transparent
Sometimes the procurement process can be a challenge for customers because each cloud vendor displays its security procedures differently, making comparisons between vendors time-consuming. CSA helps with this process.
Cloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging. - Cloud Security Alliance
Many cloud vendors see the value of being listed in CSA’s Security, Trust, Assurance, and Risk (STAR) Registry, even if they never join the CSA as members. The STAR Registry provides a standardized security questionnaire based on the Cloud Controls Matrix (CCM). The questionnaire lets vendors, like ourselves, describe how we fulfill standard security controls.
To confirm how vendors secure their cloud platforms, everyone can easily access the responses different vendors have made to the comprehensive security questionnaire. Additionally, they can compare these descriptions between vendors. This transparency helps customers to easily see which solutions would best fit their company and significantly speed up the procurement processes.
Ardoq has been listed in the STAR Registry since early 2021, and we have now taken the additional step of becoming a full member of the Cloud Security Alliance to recognize and participate in the valuable work being done.
“Security is a high priority for us. With CSA, we’ll collaborate with our peers through the security lines to ensure that we address security as part of a cloud-native business model.” - Nick Murison, Chief Information Security Officer
Working Together With Cloud Security Alliance Members
The CSA has set up working groups where industry peers can discuss challenging areas and develop standard agreed-upon solutions and guidance. Working groups cover a plethora of current and evolving domains, including Data Protection & Privacy, Internet-of-Things, and more. There’s even a working group for Enterprise Architecture, which is naturally very close to our hearts.
Beyond CSA Membership
Building a cloud-native platform that our customers can trust with their data requires us to take a multi-faceted approach to security. Several of our many security measures include: aligning our information security program with ISO 27001 and undergoing annual SOC 2 audits. Additionally, we nurture a collaborative engineering culture internally that works cross-functionally to address security risks while building new and useful features for our users. Finally, our bug bounty program lets us work with external security researchers to identify areas where we can do even better.
We believe that participating in industry groups like Cloud Security Alliance benefits our company and our customers. There is much we can still learn from the CSA and our fellow members, and we now have the opportunity to participate in critical conversations with our peers. We’re happy to be part of the Cloud Security Alliance and look forward to lending our expertise in working groups.
October was Cybersecurity Awareness month, so we’ve gone into several key areas and some common challenges in our Cybersecurity series:
- 🔐 Aligning & empowering teams in cybersecurity risk management
- 🔐 Five cybersecurity mistakes your organization can avoid
- 🔐 How to assess cybersecurity risk
- 🔐 Our SOC 2 audit & certification
You can read more about our new membership in the press release.
Interested in learning about how Ardoq can help your Cloud Security?
