Understanding the Major Security Aspects of a Cloud Technology Service Provider, SOC 2

The Security Series

4 minute read

Diagram of different areas of security for a cloud technology service provider including physical networks and devices, network, application layer, and policies, procedures, and operations

With the rise in cloud technology service providers in the Multifamily market, clients have every right to know and ask about an organization’s security practices and procedures. These companies’ technologies inherently touch sensitive user data surrounding the daily lives of Residents, Property Managers, and other stakeholders. 

This series of articles concerning security will delve into understanding the major security aspects of a cloud technology service provider and includes questions to ask when choosing the right solutions provider for your organization.

To start, an easy ‘litmus test’ when gauging an organization’s level of security is to ask for its SOC 2 report. There are several areas of security to discuss outside of this assessment, but for now, let’s dive into SOC 2. 

AICPA's logo for SOC 2, which is a blue circle

SOC 2 (pronounced as “sock two”), which stands for Service Organization Controls, is an auditing procedure developed by the American Institute of Certified Public Accountants (AICPA). This procedure makes certain that service providers are protecting and ensuring the accuracy of their clients’ information. The five areas that SOC 2 focuses on, or Trust Services Criteria, are Privacy, Security, Availability, Processing Integrity, and Confidentiality

The rigorous auditing process takes several months of engagement and measures a company’s security preparedness. The qualifications required of a SOC 2 certification are not ones that an organization could accidentally stumble into, nor are they a simple list of items to check off. STRATIS is proud to have received its SOC 2 compliance after almost half a year of extensive examination. STRATIS’ SOC 2 audit focuses on the Trust Services Criteria of Security and will be adding more Trust Services Criteria in 2019. 

As mentioned above, a security-driven organization would want the conversation to continue past, “Do you have a SOC 2 report?” Organizations that have security measures in order will typically (and readily) offer to provide SOC 2 documentation, a security overview walkthrough, penetration testing results (with redacted exact vulnerabilities), and static code review results. The questions listed in this series are a starting point to further understand the details of security processes and protections a solutions provider has in place.

To gain a deeper understanding, we recommend asking the questions outlined in the following articles. The series is divided into five broad areas of Prevention, System Change, Data Protection, Testing, and Availability. A prospective client has the right and responsibility to analyze these security considerations  to be informed as possible on the priorities of their solutions providers. 

Are you a Portfolio Owner? Contact the STRATIS Sales Team here to learn more about how STRATIS IoT can work with you to provide the highest level of security in an IoT platform.


STRATIS enables smart apartments and intelligent buildings and is the only platform of its kind built for the complexities of multifamily and student housing. Since launch, STRATIS has installed in 350,000 apartments across the U.S. and more than 30,000 internationally. STRATIS is an Inc. 5000 “Fastest Growing Company in America” and an Entrepreneur 360 “Best Company in America.” To get more information visit: STRATISIoT.com.