Druva Completes SOC-2 Type II Audit

Druva Completes SOC-2 Type II Audit

As the migration of business-critical workloads and corporate data to the cloud has accelerated to a frenzied pace, there are two fundamental operational imperatives that organizations must always have in place: security and trust. It’s one thing for organizations to make bold security claims about their products, services, and internal controls; however, it’s something entirely different to actually deliver on those promises. This is why “trust” is the cornerstone of Druva’s security and compliance strategy. It’s not enough for Druva to make security claims about our products, which is why we always support all of those claims with trusted third-party validation.

Over the past few months, Druva security claims have been validated by our FedRAMP “In Process” status, among many other completed certifications. I am also very proud to announce that Druva has completed its SOC-2 Type II audit. This audit program was developed by the American Institute of Certified Public Accountants (AICPA) and is the most widely recognized authoritative method that organizations can use for disclosing independently assessed information about the design and operation of internal controls related to their services.

Druva Cloud Certifications SuitePicture7-1As organizations look to move to consume SaaS applications on their journey to the cloud, it’s important to understand the delineation of security controls between the SaaS providers like Druva and IaaS/PaaS providers like AWS and Azure. AWS and Azure are only responsible for providing security for the infrastructure and platforms they provide. Any applications placed on top of that infrastructure are the responsibility of the SaaS provider. This delineation is important to note, as many products offerings that start as on-premises products and get “ported” to the cloud end up trying to claim the audits and certifications of CSPs like AWS and Azure as their own. Ultimately, this results in those platforms providing absolutely no validation of any security whatsoever. In many cases, Druva has exactly the same certifications and attestations as AWS/Azure so that customers can be assured of continuity of the security throughout the cloud infrastructure.

AWS and Azure are only responsible for providing security for the infrastructure and platforms they provide. Any applications placed on top of that infrastructure are the responsibility of the SaaS provider

With Druva’s comprehensive third-party validation, our customers can rest assured that Druva has the capabilities to protect critical business data on-demand and at-scale in the public cloud. Our SOC-2 Type II audit was conducted by KPMG, a global professional services firm that specializes in audit, tax, and advisory services. This audit provides Druva customers and prospects with the necessary third-party validation of our internal security controls for our endpoint, cloud application, and cloud server data protection offerings as represented by our inSync and Phoenix SaaS solutions.

To learn more about Druva’s security and compliance capabilities, please visit: www.druva.com/security

Recommended Reading:

White Paper: Druva Security Overview
White Paper: Preparing for The New World of Data Privacy
Dummies Guide: Cloud Information Management For Dummies

Andrew Nielsen

Andrew (a.k.a. Drew) has over 15 years of experience delivering security solutions. Spending many years as a customer in government and financial services before moving into product management/marketing gives Drew a unique perspective when it comes to understanding customer security requirements. At Druva, Drew is responsible for the security posture and strategy of its products and works closely with internal teams and external customers leading product direction and strategy for the company's flagship offering. Prior to Druva, Drew has held various security leadership positions at companies like Raytheon, Silicon Valley Bank, Hitachi Data Systems, and FireEye.


Leave a reply

Your email address will not be published. Required fields are marked *