How Ardoq's Membership in the Cloud Security Alliance Ensures Best Practices

3 Nov 2021

by Nick Murison

We take security very seriously, focusing on protecting our customers and ourselves. In a constantly shifting landscape, we map out security threats and risks to plan current and future dangers. As the next step in our security journey, we’ve joined the Cloud Security Alliance (CSA), where we will be actively participating in an organization that raises awareness for cloud security best practices globally. With our membership, we will help and participate in cloud security-specific research, education, certification, events, and products. 

Making the Procurement Process Transparent 

Sometimes the procurement process can be a challenge for customers because each cloud vendor displays its security procedures differently, making comparisons between vendors time-consuming. CSA helps with this process. 

Cloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging. - Cloud Security Alliance

Many cloud vendors see the value of being listed in CSA’s Security, Trust, Assurance, and Risk (STAR) Registry, even if they never join the CSA as members. The STAR Registry provides a standardized security questionnaire based on the Cloud Controls Matrix (CCM). The questionnaire lets vendors, like ourselves, describe how we fulfill standard security controls.

To confirm how vendors secure their cloud platforms, everyone can easily access the responses different vendors have made to the comprehensive security questionnaire. Additionally, they can compare these descriptions between vendors. This transparency helps customers to easily see which solutions would best fit their company and significantly speed up the procurement processes.

Ardoq has been listed in the STAR Registry since early 2021, and we have now taken the additional step of becoming a full member of the Cloud Security Alliance to recognize and participate in the valuable work being done.

“Security is a high priority for us. With CSA, we’ll collaborate with our peers through the security lines to ensure that we address security as part of a cloud-native business model.” - Nick Murison, Chief Information Security Officer

Working Together With Cloud Security Alliance Members

The CSA has set up working groups where industry peers can discuss challenging areas and develop standard agreed-upon solutions and guidance. Working groups cover a plethora of current and evolving domains, including Data Protection & Privacy, Internet-of-Things, and more. There’s even a working group for Enterprise Architecture, which is naturally very close to our hearts.

Beyond CSA Membership

Building a cloud-native platform that our customers can trust with their data requires us to take a multi-faceted approach to security. Several of our many security measures include: aligning our information security program with ISO 27001 and undergoing annual SOC 2 audits. Additionally,  we nurture a collaborative engineering culture internally that works cross-functionally to address security risks while building new and useful features for our users. Finally, our bug bounty program lets us work with external security researchers to identify areas where we can do even better. 

cloud security alliance

We believe that participating in industry groups like Cloud Security Alliance benefits our company and our customers. There is much we can still learn from the CSA and our fellow members, and we now have the opportunity to participate in critical conversations with our peers. We’re happy to be part of the Cloud Security Alliance and look forward to lending our expertise in working groups. 


October was Cybersecurity Awareness month, so we’ve gone into several key areas and some common challenges in our Cybersecurity series: 

You can read more about our new membership in the press release


Interested in learning about how Ardoq can help your Cloud Security?

Enterprise Architecture demo

Nick Murison

Nick Murison is Ardoq’s Chief Information Security Officer. Before joining Ardoq, he spent over 15 years consulting for companies in Europe, North America, Asia, and the Middle East. Nick is passionate about enabling Ardoq to grow rapidly and meet customers’ needs in a safe and secure environment, both for his fellow Ardoqians and customers’ data.

  

Subscribe to our newsletter to get the latest news, views and opinions straight to your inbox.