Cloud Security 101: All the Basics You Need to Know

Prophix ImageProphix Feb 22, 2022, 3:25:00 AM
It’s easy to be intimidated by the sheer volume of acronyms that exist in the security and compliance space. These acronyms make it hard to know what to look for when choosing a software-as-a-service (SaaS) Cloud provider. At the end of the day, you want to have peace of mind that your data is secure and protected. That’s why we’d like to demystify the evaluation process and explain what to look for when comparing and evaluating SaaS Cloud vendors. In this blog, we’ll outline compliance standards and how they impact Cloud security.

What Are Compliance Standards?

Some of the most common acronyms you may come across are Security Operations Center (SOC) and Trust Service Principles (TSPs). A Security Operations Center’s (SOC’s) responsibility is to monitor and analyze an organization’s security posture on an ongoing basis. SOC reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. There are multiple reports that prove an organization is in good standing. Namely, SOC 1 and SOC 2 compliances – it’s important that both Type 1 and Type 2 reports are complete for these SOCs.
  • Type 1 Report - Demonstrates a company’s internal controls are properly designed to meet relevant Trust Principles. This report does not confirm the efficacy of controls over a period.
  • Type 2 Report - Further demonstrates that your controls operate effectively over a period.
Did you know? To claim compliance with SOC, vendors only need to have a SOC 1 Type 1 report completed, not the full SOC compliance that includes a Type 2 report. It is important to ask a vendor whether their SOC compliance includes a Type 2 report. Only then are you assured that the controls have been tested over a period of time.

Differences Between SOC 1 & SOC 2 Compliances

So, now that we’ve outlined what the most common compliance standards are (SOCs), let’s look at the differences between SOC 1 and SOC 2. SOC 1 – A SOC 1 report gives assurance that your financial information is being handled safely and securely. The international version of the SOC 1 report is commonly referred to as ISAE 3402. Typically, when a vendor says they are SOC 1 compliant, the implication is that they have completed both Type 1 and Type 2 reports. SOC 2 – This report gives assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. Here is where Trust Service Principles (TSPs) come into play. SOC 2 reports evaluate an organization’s compliance against five criteria, which are commonly referred to as Trust Service Principles (TSPs). The five Trust Service Principles are:
  1. Security – Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems.
  2. Availability – Information and systems are available for operation and use.
  3. Processing Integrity – System processing is complete, valid, accurate, timely, and authorized.
  4. Confidentiality – Information designated as confidential is protected.
  5. Privacy – Personal information is collected, used, retained, disclosed, and disposed of.
Did you know? To claim compliance with SOC 2 Type 2 report, vendors only need to meet at least one of the five TSPs. It is important to ask a vendor what Trust Service Principals are being met for a SOC 2 Type 2 report. Make sure to ask vendors if they have met all five TSPs as part of their SOC 2 compliance.

Prophix’s Cloud Security & Compliance

Understanding the differences between SOC 1, SOC 2, and Type 1 & 2 reports will help you make an informed choice when choosing a SaaS Cloud vendor. However, there are several other aspects of security and compliance you should consider, including the frequency of audits, what frameworks the vendor is certified in, who provides the underlying cloud technology, and how streamlined end-user authentication is. To learn more about how to navigate cloud vendors on the market today, read our Security and Compliance whitepaper. Prophix is certified in both SOC 1 Type 1 & 2 and SOC 2 Type 1 & 2 compliances, which means we are compliant with all five Trust Principles. For more information on Prophix Cloud, visit https://trust.prophix.com/.
Prophix Image

Prophix

Ambitious finance leaders engage with Prophix to drive progress and do their best work. Leveraging Prophix One, a Financial Performance Platform, to improve the speed and accuracy of decision-making within a harmonized user experience, global finance teams are empowered to step into the next generation of finance with no reservation. 

 Crush complexity, reduce uncertainty, and illuminate data with access to best-in-class automated insights and planning, budgeting, forecasting, reporting, and consolidation functionalities. Prophix is a private company, backed by Hg Capital, a leading investor in software and services businesses. More than 3,000 active customers across the globe rely on Prophix to achieve organizational success.

View all

You may also like

A padlock symbolizing data protection. Shielded by a shield, it represents safeguarding data from cyberattacks.

What No One Tells You About Data Security

The past decade has seen unprecedented adoption of cloud computing. While its in

Prophix Image Prophix Jul 20, 2022, 2:25:00 AM
A group of business people sitting at a table, engaged in a meeting and discussing important matters.

Why Analyst Reports Are Key to Choosing a CPM Vendor

Unpacking BPM Partners 2022 Vendor Landscape Matrix Analyst reports are a great

Prophix Image Prophix Jul 12, 2022, 2:25:00 AM