01 Jun Is your business data safe with cloud based security?
In this article we explore some of the common concerns and potential gains of moving to “The Cloud”. Contractors and construction-related companies move to cloud based computing for many reasons. They may want to shorten implementation projects, reduce capital and maintenance costs for their IT infrastructure, gain flexibility or enhance disaster recovery strategies.
Some companies, have reasons for resisting the trend. Most often, their reluctance is based on fears that cloud based computing could result in either loss of control or greater security risks.
When an organization manages all of its systems in-house, it has total ownership and control of all aspects of their software and data management. Migrating applications and data to the cloud means handing off much of that control to their cloud host and their software-as-a-service providers.
The resulting shifts in accountability creates opportunities for companies to refocus their resources—with more emphasis on planning, innovation and less on fighting the daily “fires.”
Cloud skeptics should recognize that many of the same security risks exist wherever their systems and data reside—in the cloud or in-house servers. Even with rigid security measures, every company is vulnerable to cyberattacks. In 2021, Colonial Pipeline had to pay $4.4 million to a hacker group to restore pipeline operations after a ransomware attack on Colonial’s in-house servers.
Benefits of Cloud Based Data Management?
- Tap the wisdom of security experts staffed by your application partner. These experts have fought diverse threats from all sorts of bad actors—malware, spyware, phishing schemes, man-in-the-middle attacks, denial of service attacks, and many more.
- Scale your cloud capabilities with the growth of your business.
- Flexibility to deploy resources more adeptly—that’s a big gain of control, not a loss of it!
How can you gain confidence in cloud security?
If you are considering construction management software, our consultants can help demystify cloud based services and security. We are experts in Viewpoint’s comprehensive suite of construction management systems. If you decide to move to cloud computing, be assured that top-notch data security won’t be left behind.
For its cloud-based services, Viewpoint has embarked on an ambitious certification program to back up its deep commitment to data security. They are one of the few construction management software providers to prove it has the necessary controls and procedures to protect customer data in the cloud.
Independent auditors awarded the SOC 2, Type II (Security Principle) certification to Spectrum’s cloud based product and five other products. Over a period of many months, auditors thoroughly reviewed the control mechanisms, procedures, and documentation of security practices for Spectrum.
The seven products included in the SOC 2 certification are: Vista, Spectrum, Viewpoint Team, Viewpoint Field View, Viewpoint for Projects, and Jobpac Connect. For SOC 1, Vista and Spectrum were in scope.
What does the SOC 2, Type II certification mean?
Achieving SOC (System and Organization Controls) 2, Type II certification is not required for any industry. Providers of cloud data services can opt to be certified in any of five categories, called “Trust Service Principles.” For the coveted Security Principle, the designation verifies that a provider is managing data securely to protect its customers.
Because the auditing process is so rigorous, few service vendors pursue certification for the Security Principle. Those that do earn the certification demonstrate to clients that their service complies with the “gold standard” for data security in the cloud.
Protecting data is important to companies selecting a cloud solution partner. Cano Consulting is proud to be associated with Viewpoint, where customer security is always a top priority. Earning this high-level certification was a significant effort that required extensive preparation and collaboration at Viewpoint.
Viewpoint plans to continue on the SOC certification journey and will evaluate other AICPA Trust Services Principles to include in future audits.
Resources and Links:
- Colonial Pipeline Security Lessons Article: https://www.reuters.com/business/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-hack-2021-06-08/
- Viewpoint Blog: https://www.viewpoint.com/blog/viewpoint-earns-additional-soc-certifications