Nasuni Strengthens Its Commitment to Customer Data With Strong Third-Party Security Validation

Nasuni Corporation, a leading provider of file data services, recently announced the successful completion of its SOC 2 Type 1, CSA STAR Level 2, and HIPAA audits for 2022, providing enterprise customers with strong third-party validation of its security and compliance systems as it enables their digital transformation and use of the cloud.

Nasuni also had its ISO/IEC 27001:2013 certified provider status renewed for the current year. Unstructured file data contains the most sensitive enterprise intellectual property, and legacy storage and data protection technologies fail to provide adequate protection for this data. Cloud file services leverage the durability of the public cloud to deliver unmatched protection.

Established by the American Institute of Certified Public Accountants (AICPA), the SOC 2 Type 1 examination is designed for organizations of any size, regardless of industry and scope, to ensure the personal assets of their potential and existing customers are protected. SOC 2 Type 1 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures, and operations have been formally reviewed. Nasuni plans to undergo another audit later this year to achieve SOC 2 Type 2, which assesses how effective these controls are over time by observing operations for a specified period.

“A SOC 2 audit is a statement about an organization’s commitment to protecting their information,” said Stephanie Oyler-Rankin, SOC Practice Lead at A-LIGN. “As a trusted third-party assessment firm, A-LIGN independently evaluates client data processes and procedures, governance on internal controls, and security posture. Nasuni’s SOC 2 report validates its commitment to data security and protection, as well as compliance with critical standards to mitigate cybersecurity threats.”

The HIPAA (Health Insurance Portability and Accountability Act of 1996) audit illustrates that Nasuni meets the standards of the Privacy, Security, and Breach Notification Rules of HIPAA. HIPAA is a U.S. Federal law put in place to protect healthcare information as required for healthcare organizations. While Nasuni is not in the healthcare industry, this is important for customers who are, especially for those for whom Nasuni may be considered a HIPAA Business Associate.

CSA STAR (Cloud Security Alliance – Security, Trust, Assurance, and Risk) Level 2 demonstrates Nasuni’s commitment to achieve cloud security competency, and a commitment to the industry at large. It’s based on attaining ISO 27001 certification and meeting additional criteria specified in the Cloud Controls Matrix (CCM) Version 4. Nasuni proved that it conforms to the requirements of ISO 27001, has addressed issues critical to cloud security as outlined in the CCM, and has been assessed against the STAR Capability Maturity Model for the management of activities in CCM control areas.

The audits were conducted late last year by leading compliance assessor A-LIGN, a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks.

“Ensuring that the most effective and comprehensive security measures are in place for both Nasuni and its customers is our top priority,” said John Bilotti, Chief Information Officer/Chief Information Security Officer at Nasuni. “These successful audits demonstrate Nasuni’s commitment to providing its customers with the highest security standards, at all stages, as they leverage the cloud to gain advanced access, collaborate, scale, and improve economics over legacy solutions.”

Compliance with internationally recognized standards like SOC 2 confirms that Nasuni’s security program follows industry best practices in the most comprehensive manner possible. This is a clear illustration that the company’s commitment to data security has been formed, implemented, and controlled in all areas as the standard requires.