Airbrake adds SOC 2 Type II Certification

Nov 29, 2018 1:27:38 PM | Airbrake adds SOC 2 Type II Certification

Airbrake is now SOC 2 Type II certified under the Security Trust Principle with Cyberguard, LLP. Check out our blog post to learn more.

SOC 2 Type 2

As part of our continued commitment to provide a the most secure platform to our customers, we are pleased to announce that Airbrake has completed a SOC 2 Type II certification under the Security Trust Principle with Cyberguard, LLP.

What is SOC 2 Type II?

Companies of all sizes are increasingly concerned about data security (with good reason). Your data is one of your most valuable assets, and keeping it secure is critical to customer trust. Privacy Shield and GDPR demand that companies take responsibility for data security and privacy.

Doing this right requires a robust, well-planned architecture and strict internal controls. Airbrake's certification under the SOC 2 Type II Security Trust Principle demonstrates our continuous commitment to strict security and data protection standards. SOC 2 Type II is the gold standard of security for software providers, and Airbrake is proud to offer this additional assurance to our thousands of customers worldwide.

Is certification important?

Many SaaS services try to punt the responsibility for SOC compliance solely to their cloud provider, saying "our data center meets the SOC 2 standard". This is certainly easier and a lot less work than certifying your SaaS service, but is a secure data center really enough? Don't the companies who build on top of the cloud have a shared responsibility to keep their customers' data secure?

Yes. Yes they do

Responsibility

Operating in the cloud is a shared responsibility model between a cloud service provider and their customers. Cloud providers are responsible for the security OF the cloudincluding the hardware, networking and data centers. But if you're running a SaaS service, the onus is on you to provide security IN the cloud. This includes client or server side encryption, configuration network access control lists and Security Groups, creating firewall rules on an instance, maintaining patch compliance, etc. And of course, it means controlling who can access the data, when, and how.

Other recent security updates

We're always building new and exciting features. But in 2018 we also focused heavily on security and compliance.

January:  Engaged Paradigm Counsel to complete our GDPR initiative and create a sound Data Processing Agreement.

February:  Attained our EU-US and US-Swiss Privacy Shield Certification.

March:  Implemented NetSparker to provide continuous vulnerability and web application security scanning.

May:  Deprecated TLS 1.0 and TLS 1.1 and went all in on TLS 1.2.

June:  Partnered with Threat Stack to provide continuous cloud compliance with their proactive Cloud Security Platform.

July-October:  SOC audit and documentation process

November: SOC 2 Type II certification issued

Ongoing:  Throughout the year we've continually updated our Information Security and Requirements Policy which establishes policies and procedures for effectively and efficiently building a SaaS platform.  We've also utilized additional AWS offerings such as GuardDuty and AWS Inspector to compliment our security initiatives.

With our SOC 2 Type 2 Certification we're hoping to raise the bar for error tracking applications in the cloud.

If you're not already securely monitoring your application sign up for a free Airbrake trial.

Written By: Patrick Humpal