Complimentary LUCR-3 (Scattered Spider) Threat Briefings

GET THE THREAT BRIEFING
Illustration Cloud

Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud

We're excited to announce that Permiso is now SOC 2 Type I certified. This certification signifies that an independent third-party auditor has validated the design of our security program controls against an established set of Trust Service Principles.

At Permiso, we take the security of our vendors seriously. And since we are a vendor for many of you, we strive to set an excellent example for what you should demand of all your vendors.

Vendors can say anything, and they often do. It would be best if you validated the word of your vendor that they are securing their systems (and thus your data) properly. Having a third party attest to the designs and implementation of the controls against a broadly accepted standard helps you as a potential customer of the vendor meet your security program and vendor management requirements. Instead of having to conduct those evaluations yourself for every vendor across each of the control areas, you can trust the opinion of a third-party auditor over a broad set of security controls and hopefully make your vendor management process a little easier.

Don't get us wrong; we know that Compliance != Security. As a group of cyber security veterans helping customers better protect their public cloud environments, we know the importance of maintaining a high degree of security. Security at Permiso is not a "role" or "function." It is inherent to how we operate as a company. Security is integrated into all aspects of our company from how we onboard and train our employees to how we build, deploy, validate, and monitor our systems and software. While we are proud of achieving our SOC 2 Type I certification we are even prouder that the controls covered are only a subset of the practices and policies we employ to keep our clients secure.

Now that we've completed our SOC 2 Type I certification we will be pursuing our SOC 2 Type II certification by partnering with Vanta (an excellent continuous compliance platform) and our third-party auditor Johanson Group LLP. The SOC 2 Type II will extend the current attestation to cover the operating effectiveness of the controls we've designed and implemented.

To get a copy of our SOC 2 Type I report, please hit us up at hello@permiso.io. We encourage all of our customers and prospects to get a copy. If you would like to learn more about how we keep ourselves and others secure with the Permiso platform, please get in touch with us at the same email address.

Illustration Cloud

Related Articles

Permiso Launches CloudGrappler To Help Security Teams Better Detect Threat Actors In Their Cloud Environments

Free open source tool detects activity in cloud environments related to well-known threat actors such as LUCR-3 (Scattered Spider), the group responsible for MGM and Caesars breaches last September

Permiso Offers Complimentary Cloud Identity Threat Briefings in Wake of Okta Breaches

Cloud security company has been researching and detecting attacks against the identity provider control plane for last several years and built over a hundred detections and signals based on known TTPs from advanced threat actor groups PALO ALTO,

Permiso Offers Complimentary Threat Briefings on Scattered Spider

Cloud security company has tracked the threat actor group for the past year and supported several organizations that have been targeted and impacted by recent attacks. The company's goal is to help organizations prevent breaches in cloud

View more posts