As more organizations move towards utilizing cloud-based tools and storing data within the cloud, it is important to have the necessary precautions established to ensure that your organization can be prepared for any potential security threats. According to RiskIQ research, cyber-crime costs organizations $2.9 million every minute, and businesses lose $25 per minute as a result of data breaches. In order to be proactive about protecting your companies data, it is important to find a partner who understands the importance of cloud security. At Dooap, we have committed ourselves to provide our customers the utmost cloud security protection – that’s why we went the extra mile and became a certified Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Provider.
We sat down with our head of product operations, Henri Rove, to ask a few questions about security and the Cloud Security Alliance:
Q: Why is cloud solution security important to all organizations?
Research indicates business operations continue their fast-paced movement towards cloud platforms, such as Amazon Web Services, Microsoft Azure, and Google Cloud. Although highly secure by nature, CIOs, CFOs, and managers involved in IT and accounting have to adapt to this change, by securing the way these tools are operated.
Truth be told, most organizations have become experts at this by providing periodic training, arranging audits, and closely monitoring devices and identities. However, directly ensuring security on the system and application layer may sometimes be overlooked for practical reasons, which in the worst case may cause a weak link in the chain.
At Dooap, we have resolved this gap by achieving the CSA STAR Certification. This allows us to publicly disclose, with full transparency, the actions we take to consistently meet the cloud security commitments made on behalf of our AP Automation Solution. Dooap meets the objectives on 254 out of the 257 applicable security best practices covered by the certificate.
Q: What is the CSA STAR Certification?
Cloud Security Alliance (CSA) is the world’s leading nonprofit organization dedicated to defining and raising awareness of cloud computing security best practices.
Security, Trust, Assurance, and Risk (STAR) registry offers participating cloud solution providers a way to communicate their security and privacy controls.
Service providers pursue the certification by submitting a standardized Cloud Control Matrix covering fundamental security principles to the STAR registry. The purpose is to offer a transparent and comparable way for evaluating and documenting the security controls and help cloud customers assess and compare the overall security risk of a solution.
Q: Why did Dooap go for the CSA STAR Certification?
Dooap AP Automation Solution is localized for many of the commonly spoken languages and offered to multiple regions and industries globally. Consequently, there’s a need for meeting a range of cloud data security requirements stemming from customers’ local legislation, and security standards.
"While the prevalent security standards may differ even within an organization, the need for providing secure cloud computing is constant."
By structuring our security controls around CSA’s generalized best practices, Dooap can meet a wide range of customers’ data security requirements with ease. Furthermore, remaining compliant with globally recognized audit standards, such as AICPA Trust Services Criteria (SOC2), can be accomplished with minimal effort, as the objectives are closely aligned.
Q: How can customers benefit from Dooap’s STAR registry entry?
Customers gain solid assurance that their business operations and data remain secure across the board, firstly by implementing secure operating procedures internally and secondly by ensuring that contracted cloud solution providers commit to high-security standards.
Dooap’s Cloud Control Matrix, publicly available through the CSA STAR Registry, may be utilized as stand-alone documentation of our security controls and provide full transparency to our current and prospective clients.
Additionally, ready-made mappings are provided alongside the Cloud Control Matrix, which allows directly assessing Dooap’s commitment against known security standards, such as AICPA Trust Services Criteria (SOC2), PCI DSS, and variants of the ISO/IEC 27001.