It’s no secret that cloud is rapidly becoming today’s default platform. Companies around the world are using it to run their business-critical data and applications. As a long-time cloud advocate, I believe they’re making the right decision. But at the same time, I know that the move to cloud must be done right. It’s critical that the highest levels of certifications are in place from the beginning, and that those certifications meet business requirements and comply with data privacy laws like GDPR and CCPA.
We are pleased to announce Azure NetApp Files achieved highest Service Organization Controls (SOC)* designation for the Azure Cloud Environment Scope.
With these new certifications a variety of secure business goals can more easily be achieved while using of Azure NetApp Files in the Azure cloud including:
- Business demand. Protecting data from unauthorized access and theft is a priority for your business, so using services without a SOC 2 attestation (or SOC 3, which uses the same audit but whose report is designed for public consumption), could damage your business.
- Cost-effectiveness. Think audit costs are high? In 2018, a single data breach cost, on average, $3.86 million—and that figure rises every year. Using a SOC 2/SOC 3 audited service is a proactive measure to help avoid those costly security breaches.
- Competitive advantage. Having a SOC 2/3 report in hand for services in use gives your organization the edge over your competitors who cannot show compliance.
- Peace of mind.Passing a SOC 2 audit provides assurance that the systems and networks you use are secure.
- Regulatory compliance. Because SOC 2’s requirements dovetail with other frameworks including HIPAA and ISO 27001, ensuring certification of used services can speed your organization’s overall compliance efforts—especially if you use GRC software or software-as-a-service (SaaS) that provides you with that big-picture view
- A SOC 2 report provides valuable insights into your organization’s risk and security posture, vendor management, internal controls governance, regulatory oversight, and more.
*Developed by the American Institute of Certified Public Accountants (AICPA), SOC is a set of internal controls related to privacy, security, processing integrity, availability, and confidentiality. They are tested for their effectiveness by an independent third party who then publishes their results in reports that are made available in the Microsoft Service Trust Portal.
Download the full reports directly from the Microsoft Trust Center under the SOC Reports tab, and then specifically SOC 1 (Type II), SOC 2 (Type II) and SOC 3