Security and Compliance in the Hybrid Cloud Services Era

John Bilotti shares insights on Nasuni’s latest information security milestone and addresses why security and compliance are so important in the hybrid cloud services era.

August 14, 2024  |  John Bilotti

Security has always been part of our identity here at Nasuni, and I’m proud to share that we recently reached a significant information security milestone as a company, achieving both SOC 2 Type II and HIPAA/HITECH compliance. These certifications are not merely badges of honor or marketable icons. They are critical indicators of Nasuni’s dedication to security, privacy, and regulatory adherence. Along with our market momentum, investment news, and continued product innovations, these certifications are further proof of our maturation as a company. While I understand that all of our readers may not share my passion for this subject, I’d like to use this post to explain what these certifications mean for customers and why security & compliance are so important in the hybrid cloud services era.

When I walk into a reputable restaurant, I don’t search for the health inspection certificate – I expect that they have passed their health code inspection. Similarly, I assume that mature organizations have their SOC 2 Type II compliance in order. HIPAA/HITECH validation is just as critical in healthcare and other highly regulated industries, such as financial services, especially in the age of ransomware and ubiquitous cyber threats. In the past, a prospective customer with 25,000+ global employees may have been skeptical of entrusting data modernization with a growing hybrid cloud services provider like Nasuni. But now we have an array of certifications to allay any information security concerns (check out trustcenter.nasuni.com for more details), including:

  • SOC 2 Type II
  • HIPAA/HITECH
  • ISO 27001
  • ISO 27001 SoA
  • CCPA
  • CSA STAR

We’ve actually had our SOC 2 Type II certification since late last year, and we have already seen the impact with several large healthcare and financial services prospects. Collectively, these certifications show that we are mature from an information security standpoint. We are officially trustworthy and ready to work with the largest and most regulated organizations in the world.

Receiving the certification is strong validation in and of itself, but I’m particularly proud of the detailed results of our SOC 2 Type II audit. These audits, conducted by independent third parties, reveal how you fare on 400 information security inspections covering nearly every aspect of your company, from security protocols to HR processes. During the audit, you receive an initial report with either a pass or fail for each inspection. Then you are given a chance to remediate. Our auditor, Align, the largest SOC 2 certifier in the world, handed us a very, very clean report. Out of the 400 inspections, they found only two minor and easily fixable areas of concern. Neither even related directly to information security.

These are best-in-class results, and as part of the certification, we are required to make them available under NDA. I encourage any procurement officers, security teams, or other evaluators within organizations considering Nasuni to visit our trust center and examine the audit yourselves. Please, look under the hood.

The results of this 400-point audit aren’t merely a reflection of a company’s information security processes. The auditors analyze everything from your data management processes to what you’re doing to train your people. Ultimately, it’s an audit on your entire organization, and it does not stop with the certification. Both SOC2 Type II and HIPAA demand ongoing efforts to maintain compliance. This involves regular staff training, updates to security policies, and continuous system monitoring. This proactive approach ensures that Nasuni will stay ahead of emerging threats and regulatory changes.

In this age of ransomware, information security is arguably more important than ever. When you evaluate a hybrid cloud services provider, you need to ensure that they adhere to the highest standards. At Nasuni, achieving SOC2 Type II and HIPAA compliance not only underscores our commitment to security and regulatory excellence, but to our customers, and demonstrates that we are ready to be the hybrid cloud services provider of choice for any organization in every major industry.

Ready to dive deeper into a new approach to data infrastructure?