Ancero is proud to announce the renewal of the System and Organization Controls (SOC) 2 Type II certification, which applies to all Ancero facilities, business processes, and cloud services. SOC 2 Type II certification validates Ancero’s compliance with strict data security and privacy standards established by the American Institute of Certified Public Accountants (AICPA).
SOC 2 Type II certification renewal is a long, arduous process that involves months of compiling and submitting data, as well as a comprehensive audit and intense questioning by an independent, third-party provider. In other words, we’re required to demonstrate the standardization of our information security policies with an additional layer of outside accountability.
This process reflects the modern approach to data security, compliance, and data protection. Rather than having the IT manager go through a checklist once per year to validate security capabilities, security must be engrained in day-to-day operations and a shared responsibility across the organization.
Managed IT Services Providers Are Under Attack
Fewer than 10% of all IT service providers maintain the SOC 2 Type II certification. However, CRN recently reported a dramatic increase in the targeting of managed IT services providers (MSPs) by cybercriminals.
The logic here is fairly simple – breach one environment to gain access to many. If you’re able to infiltrate the network and systems of the MSP, you can use this as an entry point to access the networks and systems of the MSP’s clients. Much of this activity involves precisely targeted email phishing campaigns and ransomware attacks.
For example, new information related to a massive data breach involving the SolarWinds Orion network monitoring platform continues to emerge. In addition to private businesses, major government agencies were compromised in the breach, including the U.S. Treasury and Department of Commerce.
Microsoft disclosed that 44 percent of organizations compromised in this data breach are in the IT sector, including software and security firms, IT services providers, and equipment vendors.
IT security analysts are calling it one of the largest, most far-reaching data breaches in history.
The lesson here is that no organization is immune to hacking, even MSPs that organizations trust to monitor their IT environments. Partnering with an MSP like Ancero with SOC 2 Type II certification dramatically reduces the risk of a data breach.
Know the Risk and Plan for It
Trust is the foundation of the MSP-client relationship. Our clients rely on us to keep their networks and data safe. The level of access our clients provide to their IT environment and assets is a reflection of the trust they place in our tools, our team, and our organization as a whole.
There’s no getting around the fact that Ancero, like other MSPs, is a high-value target for cybercrime. We acknowledge that risk so we can better plan for it. We use recent news about the targeting of MSPs not as an excuse for failure, but as motivation to live up to the trust our clients have placed in us.
We constantly evaluate business processes and procedures as technology and cybercrime evolve to minimize vulnerabilities. Maintaining our SOC 2 Type II certification is perhaps the greatest example of these efforts.
As a small to midsize business seeking managed IT services, you also have a responsibility to minimize risk. This begins with seeking out an MSP that has the SOC 2 Type II certification and the seven essential qualities of an MSP.
We put in the work to maintain this certification because it has a direct impact on the quality of services we deliver as an MSP. If you’d like to learn more about the SOC 2 Type II certification and how you can benefit from managed IT services and the cloud, contact us today to schedule a consultation.