We are proud to announce the successful completion of a SOC 2 Type II audit for our cloud service. An independent third party has issued an attestation report for MarkLogic® Data Hub Service on all five SOC 2 Type II principles: Security, Availability, Processing Integrity, Confidentiality and Privacy.
Providing a safe and secure platform to manage enterprise data is paramount to our vision of simplifying complex data integration. MarkLogic was already the most secure modern database with the most granular security, most advanced encryption capabilities and the only modern database to carry a Common Criteria security certification. The SOC 2 Type II report speaks to MarkLogic’s continued “security-first” mentality as it applies to cloud services and financial services use cases in particular.
SOC stands for “Service Organization Controls,” and SOC II focuses on an organization’s internal controls that are related to compliance and operations, wrapped around five trust principles:
The end result is a report that helps organizations evaluate the security of service providers (which includes almost all cloud technology vendors). The audit reporting requirements are governed by the American Institute of CPAs or AICPA.
In cybersecurity, a “security control” has a relatively broad definition and refers to the safeguards or countermeasures used to avoid, detect, counteract or minimize security risks to both information and actual physical hardware.
In the context of SOC II and what an auditor looks at, a common example is ensuring that information assets (i.e., data and code) can only be accessed by the right people (i.e., authorization and authentication). This means not only designing the systems to be secure, but also ensuring that the right policies and procedures are in place and that they are followed.
There are two types of SOC 2 reports: Type I and Type II. Both are completed by an independent third-party and cover similar areas of security, but the Type II report is newer and has more stringent requirements. The main difference is that Type I looks at security controls at a specific point in time and Type II evaluates the operational effectiveness of controls over a period of time—the minimum of which is six months—to determine if the controls are operating as described.
At a broad level, security is becoming more and more important as breaches grow in number and severity and the cost of a breach increases. At the same time, organizations are moving faster than ever to deploy and maintain new IT systems, particularly in the cloud. And yet, in an article from consulting firm, McKinsey, “despite the benefits of public-cloud platforms, persistent concerns about cybersecurity for the public cloud have deterred companies from accelerating the migration of their workloads to the cloud.”
With SOC 2 Type II, MarkLogic’s cloud service has independent third-party validation that MarkLogic is a trusted cloud provider for handling mission-critical data. This helps alleviate concerns about cybersecurity so that organizations can accelerate cloud adoption with MarkLogic.
The SOC 2 Type II report is not public, but we are able to share it under a non-disclosure agreement. If you would like a copy of the report, please contact us and one of our security experts will get in touch.
View all posts from Tom Thomassen on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites