Almost every enterprise needs to entrust a variety of third-party vendors with their data, whether it be for storage, analysis or end-user consumption. While there’s tremendous upside in working with vendors who can help to extract value from your data, there’s also an inherent information security risk that comes with it. Companies that don’t take the proper precautions are often subject to costly data breaches that both expose sensitive information and cause lasting brand damage.
As an organization, we’ve made it a priority to be compliant with the highest standards for securing enterprise data so that our customers can build impactful solutions without introducing unnecessary risk. That’s why we’re excited to announce that our security strategy and in-platform controls have been SOC 2 certified by an independent third-party auditor—validating our efforts to maintain industry best practices for managing and securing data.
What is SOC 2?
SOC 2 is an independent auditing procedure that’s designed to test providers’ efficacy when it comes to handling customer data across five “trust service principles”—Privacy, Availability, Confidentiality, Processing Integrity, and Security.
What makes SOC 2 unique is that it’s not a rigid set of rules that govern exactly how a vendor should manage customer data—it’s an evaluation of that vendor’s ability to establish protocols that align with the trust service principles and execute against those protocols.
Let’s take a quick look at each principle.
Privacy
As it relates to SOC 2, Privacy is defined by an organization’s ability to align the way it collects and uses customer information with its own privacy policy, as well as with broader regulations like GDPR and CCPA. Put simply, the privacy principle of SOC 2 assesses a vendor’s process for collecting, using, storing, and disposing of any personal information that could be used to identify an individual—names, addresses, and so on.
Availability
Availability helps to determine whether the product or service that you’re paying for is as accessible as you expect it to be. This SOC 2 principle tests for a vendor’s ability to meet the threshold for accessibility that you jointly agree to via contract or service level agreement (SLA). For software vendors, this means evaluating whether a system is resilient and fault-tolerant.
Confidentiality
Any data that should only be accessed by a defined set of people or groups is considered confidential. A good example of this is information that’s restricted for internal company use, but wouldn’t be shared outside your organization without explicit consent. For SOC 2 purposes, auditors are looking for safeguards like data encryption and firewalls.
Processing Integrity
Processing Integrity is defined by system processing that is complete, valid, accurate, and authorized to meet customer objectives. This principle stipulates that data remains accurate and is in the right place at the right time, and also assesses a vendor’s protocols for monitoring and quality assurance.
Security
The Security principle refers to a provider’s ability to protect data against unauthorized access and handling. This can span technical controls like access management and detailed change management, as well as administrative controls like thorough security training. A strong security framework will give your admins the ability to govern which data specific employees within your organization can see, and also rely on proven techniques for authorizing their identities such as two-factor authentication (2FA).
What This Certification Means for RapidMiner Customers
Any organization that wants to maximize the value of its data needs to establish a secure process for working with it. This includes thoroughly evaluating any vendor that will be required to store and manage data, whether that’s for data hosting, business intelligence, or more advanced analysis.
RapidMiner’s SOC 2 certification for security is a validation of our ongoing efforts to ensure that customers always have full control over which users can access their data, and also have the ability to verify users’ identities every time they sign into our platform. Detailed access management protocols along with proven authentication techniques like Single Sign-On (SSO) and Two-Factor Authentication (2FA) provide a secure foundation that enterprises can rely on as they aim to make the best use of their data.
To Wrap Up
As we mentioned above, a SOC 2 certification is unique because it evaluates a vendor’s ability to develop protocols that align with established trust principles and execute on those protocols.
Beyond digging into the security track record of the vendors that you’re considering sharing your data with, looking for SOC 2 compliance is a great way to determine whether they’re up to the task of properly managing sensitive and proprietary information.
Want to learn more about how RapidMiner protects our customers? Check out our Platform Security Overview to see all the key features we’ve employed to meet security and compliance standards.
