Backupify to Achieve SOC 2 Type II Compliance

Backupify, Inc., provider of cloud-to-cloud backup and recovery solutions for Software as a Service (SaaS) applications, announced the company completed a Service Organization Control Type II (SOC 2) audit.

Administered by an independent audit firm, the SOC 2 report reviewing Backupify’s backup and recovery system concluded that controls were suitably designed to provide assurance that the applicable trust services criteria were in place. SOC 2 compliance ensures that Backupify is meeting information security standards.

Backing up more than 1.5PB of data, Backupify upholds stringent data security standards for thousands of customers. SOC 2 compliance is a security standard for enterprise organizations or companies in regulated industries and it’s becoming part of the de facto security criteria for any company evaluating cloud applications. Audited against a Web Trust Standard, SOC 2 compliance means that companies implementing Backupify have additional protection and security for their data.

“Our customers trust Backupify with their critical data and in turn we hold ourselves to the highest security standards,” said Ben Thomas, VP of security, Backupify. “There’s some industry confusion around SOC 1/SSAE 16 versus SOC 2 compliance and what it comes down to is that being SOC 2 compliant is crucial for any cloud service provider. For enterprise organizations evaluating cloud applications, SOC 2 compliance from the vendor they’re assessing should be mandatory.“

The SOC 2 Type II audit included a full assessment of Backupify’s infrastructure, software, people, procedures, and data.

The completion of the SOC 2 Type II audit can be added
to Backupify’s security policies and procedures which include:

• Safe Harbor: It is self-certified in compliance with the US Department of Commerce Safe Harbor program. The company maintains and enforces privacy practices that comply with the EU Privacy Directive on the protection of customer data.
• External Penetration Testing: It subjects itself to external penetration tests by industry firms to ensure that risks are identified and mitigated.
• Built-in Encryption: It goes beyond merely using Amazon’s built-in bucket-level encryption and every account backed up receives a unique AES 256-bit encryption key. All the data written for an account is encrypted with that key prior to storage.

Additionally, Backupify is a member of the Cloud Security Alliance, a non-profit committed to the advancement and education of cloud computing security.

According to an August 2013 Forrester Research, Inc. report, Security’s cloud Revolution is Upon Us by Ed Ferrara and Andres Cser, “A perceived lack of security has been one of the more prominent reasons organizations cite for not adopting cloud services. However, this attitude is changing rapidly as cloud service providers begin to offer comprehensive security capabilities.“

“The goal of the IT team at Evernote is to enable a productive workplace, which means giving our employees confidence in all the tools and technologies that they use,” said Bil Castine, IT director, Evernote Corporation. “We work with Backupify because of their focus on security and reliability in protecting our Google Apps data, which is critical to our IT infrastructure.“