Understanding the Major Security Aspects of a Cloud Technology Service Provider, SOC 2

The Security Series

4 minute read

With the rise in IoT solutions providers in the Multifamily market, clients have every right to know and ask about an organization’s security practices and procedures. These companies’ technologies inherently touch sensitive user data surrounding the daily lives of Residents, Property Managers, and other stakeholders. 

This series of articles concerning security will delve into understanding the major security aspects of a cloud technology service provider and includes questions to ask when choosing the right solutions provider for your organization.

To start, an easy ‘litmus test’ when gauging an organization’s level of security is to ask for its SOC 2 report. There are several areas of security to discuss outside of this assessment, but for now, let’s dive into SOC 2. 

SOC 2 (pronounced as “sock two”), which stands for Service Organization Controls, is an auditing procedure developed by the American Institute of Certified Public Accountants (AICPA). This procedure makes certain that service providers are protecting and ensuring the accuracy of their clients’ information. The five areas that SOC 2 focuses on, or Trust Services Criteria, are Privacy, Security, Availability, Processing Integrity, and Confidentiality

The rigorous auditing process takes several months of engagement and measures a company’s security preparedness. The qualifications required of a SOC 2 certification are not ones that an organization could accidentally stumble into, nor are they a simple list of items to check off. STRATIS is proud to have received its SOC 2 compliance after almost half a year of extensive examination. STRATIS’ SOC 2 audit focuses on the Trust Services Criteria of Security and will be adding more Trust Services Criteria in 2019. 

As mentioned above, a security-driven organization would want the conversation to continue past, “Do you have a SOC 2 report?” Organizations that have security measures in order will typically (and readily) offer to provide SOC 2 documentation, a security overview walkthrough, penetration testing results (with redacted exact vulnerabilities), and static code review results. The questions listed in this series are a starting point to further understand the details of security processes and protections a solutions provider has in place.

To gain a deeper understanding, we recommend asking the questions outlined in the following articles. The series is divided into five broad areas of Prevention, System Change, Data Protection, Testing, and Availability. A prospective client has the right and responsibility to analyze these security considerations  to be informed as possible on the priorities of their solutions providers. 

Are you a Portfolio Owner? Contact the STRATIS Sales Team here to learn more about how STRATIS IoT can work with you to provide the highest level of security in an IoT platform.

About STRATIS

STRATIS is an Inc. 5000 “Fastest Growing Company in America” and an Entrepreneur 360 “Best Company in America.” STRATIS enables smart apartments and intelligent buildings and is the only platform of its kind built for the complexities of multifamily and student housing. Since launch, STRATIS has installed in 325,000 apartments across the U.S. and more than 18,000 internationally. To get more information visit: STRATISIoT.com.