Across the globe, organizations of all shapes and sizes are faced with unprecedented challenges. The current situation has caused us all to react quickly and decisively. Even during challenging times, one area that shouldn't be overlooked is data security.
I have to confess that for much of my career, I considered data security to be someone else’s responsibility. Sure I took the annual training, used password precautions, reported suspicious emails, and the like. But my mindset was that as a marketer, my job was to gather as much data as possible and use it to convert prospects into leads. Keeping data safe was someone else’s problem.
Today, we live in a different world (and I’m happy to report my stance on data security has evolved). Cyber criminals are far more sophisticated, insider threats are pervasive, and consumers are, rightly so, much more concerned about how companies secure their privacy. Meanwhile, government and industry regulations like GDPR, CCPA, HIPAA, SEC 17a-4 and hundreds others were enacted to ensure companies adhere to strict security and privacy procedures.
A common theme in these regulations is that no matter where data resides, the liability for protecting it from unauthorized access or disclosure does not transfer from the owner of the data to its vendors. Whether the data is on a laptop, a local server, on its journey to the cloud, or in the cloud, the company that owns the data is responsible for ensuring its security.
Of course, that doesn’t mean your cloud partners are off the hook. Quite the opposite: it magnifies the importance of only entrusting your data to vendors with industry leading security and privacy controls in place.
And that’s where Own comes in. From inception, Own was designed to help Salesforce customers mitigate the risk of backing up, recovering, and archiving large amounts of highly sensitive data. Our comprehensive security controls are our commitment to protecting Own clients and their data.
If you’re currently one of our customers, thank you (and rest easy). Your data is in good hands. If you’re evaluating your options, we invite you to ask us--and strongly encourage you to ask others vying for your business--some tough questions:
Cloud Storage and Data Access
- What cloud storage service providers do you use?
- Will my data ever leave your production environment?
- Who has access to my data?
- How do you monitor who has access to my data?
SSAE-18 SOC2
- Are you SSAE-18 SOC2 compliant?
- Do you undergo annual SOC2 Type II audits to verify that information security practices, policies, procedures, and operations meet or surpasses the rigorous SOC2 standards for the following Trust Services Criteria: Security, Availability, Confidentiality, and Processing Integrity?
Web-Application Security Controls
- How do you ensure the confidentiality, integrity, and authenticity of transmitted data between the end-user and the application and between your service and Salesforce?
- Do you offer Role-Based Access Controls (RBAC)?
- What audit controls are available and do you offer full audit trails in the application?
- Can I restrict access by Source IP?
- Do you support Single-Sign-On (SSO)?
- Can I customize my password policy?
Encryption
- How do you encrypt data?
- Is data encrypted in transit and at rest?
- Do you offer additional layers of security for key management?
- Can I use my own key management system?
- Do you support FIPS 140-2 approved encryption?
Monitoring and Incident Response
- How do you monitor for security incidents, system health, network abnormalities, and availability?
- Describe your incident response team and defined incident policy?
- What credentials does your security team have?
Protect the security and privacy of your Salesforce data backups and meet government and industry regulations with state-of-the-art data encryption and key management services.
Own has committed to helping our communities through difficult times. We understand that this is a challenging situation and there are lots of things you may be concerned about. At Own, we are doing everything possible to make sure your Salesforce data isn’t one of them.