SOC 2: Data Security for Cloud-Based Observability

Russell Foster
Russell Foster
3 min read

As more companies adopt SaaS services over on-premise delivery models, there is a natural concern around data security and platform availability. Words on a vendor’s website can provide insights to prospective customers on the process and policies that companies have in place to alleviate these concerns. However, the old adage of “actions speak louder than words” does apply. Trust in a website’s words only goes so far. Providing officially recognized proof of adherence to these processes and policies goes significantly further.

This is where SOC 2 comes into play. These three letters provide assurance to you that a company has made a significant investment in protecting your data. System and Organization Controls 2 (SOC 2) are criteria developed by the American Institute of CPAs (AICPA). The criteria define how to manage customer data based on five trust service principles, which translate into organizational controls around security, availability, processing integrity, confidentiality and privacy. They are the internal rules that a company follows to make sure that it is delivering services in a secure and customer-focused manner. By gaining SOC 2 certification, you can rest assured that a company is looking after your data.

Why did StackState get SOC 2 certified?

We have SaaS-ified our observability solution. As part of our SaaS observability offering, we know customers and their auditors do not want just peace of mind when it comes to their data - they require it. Due to Stackstate’s deep integration with your environment, your data security concerns are natural. By StackState achieving SOC 2 certification, you know that we have taken steps to protect your data, make sure that our cloud environment is secure and that our internal processes reflect this.

For example, we allow only a very small group of trusted individuals to access the secure machines that are hosting your SaaS instance. All connections are also secure, via multi-factor authentication.

SOC 2 extends past this and through all the processes that StackState follows. No code is added to our product without multiple people seeing it and verifying it. Rigorous security training and standards are mandatory for all members of the organization to make sure that all employees are aware of our roles and responsibilities.

Every major process within the company has a defined policy, from hiring, software testing, release procedures, as well as how to respond to an incident. By being deeply engaged in the company culture, security and customer success is built into everything the company does.

Proving ourselves

We are audited every year by a third-party to make sure that we are following our processes and procedures. Further, they document that our processes and procedures are updated to reflect changing market conditions, as well as to ensure we are undergoing continuous improvement in security. At the end of this yearly process, a report is created that we will share with new and existing customers.

We can provide you a SOC 2 or SOC 3 report. SOC 2 provides a detailed overview of our internal processes and controls, which you can request from your sales representative after signing an NDA. To get a SOC 3 report, you can readily download it from our website.

Should you have any additional questions, please reach out.